Question

kubectl with managed certificate not working

I’ve created a Kubernetes cluster and followed the instructions to install doctl and authenticate it. I already had kubectl 1.14.x installed.

doctl is working fine, but following the instructions to use automated certificate management for kubectl isn’t working. kubectl complains that it can’t initialize the api client:

~/s/doctl $ kubectl get nodes
Error: unable to initialize DigitalOcean api client: access token is required. (hint: run 'doctl auth init')
Error: unable to initialize DigitalOcean api client: access token is required. (hint: run 'doctl auth init')
Error: unable to initialize DigitalOcean api client: access token is required. (hint: run 'doctl auth init')
Error: unable to initialize DigitalOcean api client: access token is required. (hint: run 'doctl auth init')
Error: unable to initialize DigitalOcean api client: access token is required. (hint: run 'doctl auth init')
Unable to connect to the server: getting credentials: exec: exit status 1

doctl is installed via snap as per the instructions:

~ $ doctl version
doctl version 1.20.0-dev
release 1.20.0 is available, check it out! 

kubectl version is 1.14.3:

~ $ kubectl version
Error: unable to initialize DigitalOcean api client: access token is required. (hint: run 'doctl auth init')
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.3", GitCommit:"5e53fd6bc17c0dec8434817e69b04a25d8ae0ff0", GitTreeState:"clean", BuildDate:"2019-06-06T01:44:30Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: getting credentials: exec: exit status 1

Running doctl auth init does this:

~ $ doctl auth init
Using token [7aee1cbdddb5a0161f05fea33f08a167a66972096c6202ad381410f6c73bb97e]

Validating token... OK

And doctl itself is working find and can see the cluster:

~ $ kubectl config get-contexts
CURRENT   NAME               CLUSTER            AUTHINFO                 NAMESPACE
*         do-lon1-azathoth   do-lon1-azathoth   do-lon1-azathoth-admin   

EDIT Just want to add, if I download the kubeconfig from the control panel it’s fine, but obv I’d rather have the managed authentication set up:

~ $ kubectl --kubeconfig=./Downloads/azathoth-kubeconfig.yaml get nodes
NAME                  STATUS   ROLES    AGE   VERSION
pool-f9sj2mv1p-x1hz   Ready    <none>   38h   v1.14.1

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SB
DigitalOcean Employee
DigitalOcean Employee badge
June 13, 2019
Accepted Answer

Hi @n3dst4! We’re currently working to resolve a number of issues with doctl’s handling of kubeconfig files when installed as a Snap package. Due to the way Snap packages confine applications, the kubeconfig file is currently not saved to the correct location. You can follow the issue here:

https://github.com/digitalocean/doctl/issues/457

If you need to work with both kubectl and doctl, we currently advise installing doctl manually.

That said, you should be able to work around the issue if you’d like to continue using the Snap package. Re-running doctl k8s cluster config save <cluster> will print out the location where the kubeconfig file is being saves. For example:

$ doctl k8s cluster config save example-01
Notice: adding cluster credentials to kubeconfig file found in "/home/asb/snap/doctl/64/.kube/config"
Notice: setting current-context to do-nyc1-example-01

You can then point kubectl to it directly:

kubectl --kubeconfig=${HOME}/snap/doctl/64/.kube/config get nodes

Using a binary build of doctl works great. Thanks for your time @asb !

(Shout out to Hilary for updating doctl’s README with a note about snap/kuibectl :) )

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.