Configuring Token-based Authentication for Kubernetes Clusters

You can configure a Kubernetes cluster to use token-based authentication, by using Platform9 Clarity UI.

In order to access a Kubernetes cluster managed through Platform9 Managed Kubernetes, you must authenticate with OpenStack Keystone. Authentication to the Kubernetes cluster can be done with a password or by using token-based authentication. The token or password, as the case may be, is stored in and retrieved from the kubeconfig file.

You can specify the authentication method to use while downloading the kubeconfig file through Platform9 Managed Kubernetes. Once the method is specified, the respective value is retrieved from Keystone for authentication and stored in the kubeconfig file.

Token-based authentication is a more secure way of authentication.

Once generated, a token is valid for a 24-hour duration, as compared to a username-password combination that is valid as long as the password is valid.

When you use token-based authentication, the token must be regenerated every 24 hours by downloading the kubeconfig file through the Platform9 Clarity UI. While downloading the kubeconfig file, you must select the desired authentication method as token, instead of password.

Follow the steps given below to download the kubeconfig file with a token.

  1. Click Kubernetes>API Access.
  2. Click the Download Config link for the desired cluster from the cluster list. Tokenbased Authentication

  3. Select Token as the Authentication Method and click Download Config.

The token field in the kubeconfig file is populated with the Keystone token for the user. The kubeconfig file is downloaded to the default download folder.

You can view the kubeconfig file content for the cluster by selecting the option for the respective cluster on Platform9 Clarity UI. View kubeconfig