Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Permanent Tanzu kubernetes access token

            Created by Kristaps Felzenbergs, Modified on Wed, 07 Feb 2024 at 02:29 AM by Kristaps Felzenbergs


            We create a new service account and issue a permanent access token which won't expire. The following is based on VMware official docs

            1. Create service account and cluster role binding

            kubectl create serviceaccount napp-admin -n kube-system

kubectl create clusterrolebinding napp-admin --serviceaccount=kube-system:napp-admin --clusterrole=cluster-admin

            2. Provision secret 

            Apply the kubernetes secrets manifest

            apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
   name: napp-admin
   namespace: kube-system
   annotations:
      kubernetes.io/service-account.name: "napp-admin"


            kubectl apply -f ./manifests/napp_token.yaml

            3. Generate a new kubeconfig file


            Note: in the next steps we generate a new kubeconfig file.

            • Obtain the token
            SECRET=$(kubectl get secrets napp-admin -n kube-system -ojsonpath='{.metadata.name}')

TOKEN=$(kubectl get secret $SECRET -n kube-system -ojsonpath='{.data.token}' | base64 -d)

kubectl get secrets $SECRET -n kube-system -o jsonpath='{.data.ca\.crt}' | base64 -d > ./ca.crt
            • Obtain the context and cluster attributes
            CONTEXT=$(kubectl config view -o jsonpath='{.current-context}')

CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'"$CONTEXT"'")].context.cluster}')

URL=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'"$CLUSTER"'")].cluster.server}')
            • Pull everything inside the kubeconfig file
            TO_BE_CREATED_KUBECONFIG_FILE="./tanzuconfig"
            
kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-cluster $CLUSTER --server=$URL --certificate-authority=./ca.crt --embed-certs=true

            kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-credentials napp-admin --token=$TOKEN

            kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-context $CONTEXT --cluster=$CLUSTER --user=napp-admin

            kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE use-context $CONTEXT



            Finally replace the generated kubeconfig with the one in opakube container's ~/.kube/ directory and regenrate the Grafa datasource.




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0