Configuring Token-based Authentication for Kubernetes Clusters
You can configure a Kubernetes cluster to use token-based authentication, by using Platform9 Clarity UI.
In order to access a Kubernetes cluster managed through Platform9 Managed Kubernetes, you must authenticate with OpenStack Keystone. Authentication to the Kubernetes cluster can be done with a password or by using token-based authentication. The token or password, as the case may be, is stored in and retrieved from the
You can specify the authentication method to use while downloading the
kubeconfig file through Platform9 Managed Kubernetes. Once the method is specified, the respective value is retrieved from Keystone for authentication and stored in the
Token-based authentication is a more secure way of authentication.
Once generated, a token is valid for a 24-hour duration, as compared to a username-password combination that is valid as long as the password is valid.
When you use token-based authentication, the token must be regenerated every 24 hours by downloading the
kubeconfig file through the Platform9 Clarity UI. While downloading the
kubeconfig file, you must select the desired authentication method as token, instead of password.
Follow the steps given below to download the
kubeconfig file with a token.
- Click Kubernetes>API Access.
Click the Download Config link for the desired cluster from the cluster list.
- Select Token as the Authentication Method and click Download Config.
The token field in the
kubeconfig file is populated with the Keystone token for the user. The
kubeconfig file is downloaded to the default download folder.
You can view the
kubeconfig file content for the cluster by selecting the option for the respective cluster on Platform9 Clarity UI.