Extend kubernetes config lease

Posted November 8, 2018 3.1k views

Currently, the only way to access Kubernetes is by downloading the config file on the dashboard: , and adding it into ~/.kube/config . By default, this config file lives a few days at most.

Is there a way to either get extended lease on this config, or generate a permanent authorization config for development?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers

For anyone else who’s interested. This API is undocumented, but if you have an api token with read access, this will get you the current valid kubeconfig.

curl --request GET \
  --url<cluster-id>/kubeconfig \
  --header 'authorization: Bearer <digitalocean-token>'

That’s all you’d need for your CI config.

I noticed that from time-to time our pipeline fails because of conf becomes invalid? is it documented somewhere?

  • I haven’t seen any docs on this anywhere, but can vouch for observation: both CI & local dev is breaking upon cert expiry, which happens every few days

I think it’s in the known issues here:

The Certificate Authority, Client Certificate, and Client Key data in the kubeconfig.yaml file are rotated weekly.

I understand why. I just wish it was easy to generate one restricted to a namespace, or to retrieve the config somehow via an api using an API token. My CI builds fail every week because of this.