Related

Product Managed Kubernetes on DigitalOcean Product
Will kubernetes have autoscaling by default? Question Question
Firewall blocks hostPort Question Question

Question

Extend kubernetes config lease

Posted November 8, 2018 2.8k views
Kubernetes

Currently, the only way to access Kubernetes is by downloading the config file on the dashboard: https://cloud.digitalocean.com/kubernetes/clusters/mycluster , and adding it into ~/.kube/config . By default, this config file lives a few days at most.

Is there a way to either get extended lease on this config, or generate a permanent authorization config for development?

Add a comment
sdrinf
By:
sdrinf

Related

Product Managed Kubernetes on DigitalOcean Product
Will kubernetes have autoscaling by default? Question Question
Firewall blocks hostPort Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers
azuka November 24, 2018

For anyone else who’s interested. This API is undocumented, but if you have an api token with read access, this will get you the current valid kubeconfig.

curl --request GET \
  --url https://api.digitalocean.com/v2/kubernetes/clusters/<cluster-id>/kubeconfig \
  --header 'authorization: Bearer <digitalocean-token>'

That’s all you’d need for your CI config.

Reply Report
antonkolupayev November 12, 2018

I noticed that from time-to time our pipeline fails because of conf becomes invalid? is it documented somewhere?

Reply Report
  • sdrinf November 12, 2018

    I haven’t seen any docs on this anywhere, but can vouch for observation: both CI & local dev is breaking upon cert expiry, which happens every few days

    Reply Report
azuka November 17, 2018

I think it’s in the known issues here: https://www.digitalocean.com/docs/kubernetes/overview/

The Certificate Authority, Client Certificate, and Client Key data in the kubeconfig.yaml file are rotated weekly.

I understand why. I just wish it was easy to generate one restricted to a namespace, or to retrieve the config somehow via an api using an API token. My CI builds fail every week because of this.

Reply Report
damienrch February 7, 2019
[deleted]
Reply Report

Related

Looking for something else?

Ask a new question Search for more help