Extend kubernetes config lease

November 8, 2018 340 views
Kubernetes

Currently, the only way to access Kubernetes is by downloading the config file on the dashboard: https://cloud.digitalocean.com/kubernetes/clusters/mycluster , and adding it into ~/.kube/config . By default, this config file lives a few days at most.

Is there a way to either get extended lease on this config, or generate a permanent authorization config for development?

3 Answers
azuka November 24, 2018
Accepted Answer

For anyone else who's interested. This API is undocumented, but if you have an api token with read access, this will get you the current valid kubeconfig.

curl --request GET \
  --url https://api.digitalocean.com/v2/kubernetes/clusters/<cluster-id>/kubeconfig \
  --header 'authorization: Bearer <digitalocean-token>'

That's all you'd need for your CI config.

I noticed that from time-to time our pipeline fails because of conf becomes invalid? is it documented somewhere?

  • I haven't seen any docs on this anywhere, but can vouch for observation: both CI & local dev is breaking upon cert expiry, which happens every few days

I think it's in the known issues here: https://www.digitalocean.com/docs/kubernetes/overview/

The Certificate Authority, Client Certificate, and Client Key data in the kubeconfig.yaml file are rotated weekly.

I understand why. I just wish it was easy to generate one restricted to a namespace, or to retrieve the config somehow via an api using an API token. My CI builds fail every week because of this.

Have another answer? Share your knowledge.