Extend kubernetes config lease

November 8, 2018 139 views
Kubernetes

Currently, the only way to access Kubernetes is by downloading the config file on the dashboard: https://cloud.digitalocean.com/kubernetes/clusters/mycluster , and adding it into ~/.kube/config . By default, this config file lives a few days at most.

Is there a way to either get extended lease on this config, or generate a permanent authorization config for development?

2 Answers

I noticed that from time-to time our pipeline fails because of conf becomes invalid? is it documented somewhere?

  • I haven't seen any docs on this anywhere, but can vouch for observation: both CI & local dev is breaking upon cert expiry, which happens every few days

I think it's in the known issues here: https://www.digitalocean.com/docs/kubernetes/overview/

The Certificate Authority, Client Certificate, and Client Key data in the kubeconfig.yaml file are rotated weekly.

I understand why. I just wish it was easy to generate one restricted to a namespace, or to retrieve the config somehow via an api using an API token. My CI builds fail every week because of this.

Have another answer? Share your knowledge.