How to generate environment api token for Kubernetes 1.6

Hi, all

After upgraded to rancher 1.6.5, kubectl config authentication was changed to token instead of username and paasword, so then how to generate an environment token for kubectl? Thanks.

1 Like

I have the same, or a related question… I want to be able to generate an access token for Kubernetes automatically (i.e. have one secret for rancher, and with that indirectly get access to all kubernetes clusters managed by such cluster). But I can’t find anywhere where to generate an authentication token using the rancher API.

It’s essentially just a wrapped regular API key/authorization header.

base64encode('Basic ' + base64encode('<access key>:<secret key>'))

Example:

access_key = 5D06A82B3A6C3BF2324E
secret_key = 5hYcESwP2LUzkTCLJMqsZgbyrregXUM7dFdsf8oJ

auth_header = 'Basic ' + base64(access_key + ':' + secret_key)
# NUQwNkE4MkIzQTZDM0JGMjMyNEU6NWhZY0VTd1AyTFV6a1RDTEpNcXNaZ2J5cnJlZ1hVTTdkRmRzZjhvSg==

token = base64(auth_header)
# QmFzaWMgTlVRd05rRTRNa0l6UVRaRE0wSkdNak15TkVVNk5XaFpZMFZUZDFBeVRGVjZhMVJEVEVwTmNYTmFaMko1Y25KbFoxaFZUVGRrUm1SelpqaHZTZz09
1 Like

is there any documentation around this somewhere ? :thinking:

using a small snippet like this doesn’t seem to work:

#!/usr/bin/env python

import base64

print base64.b64encode( b'Basic ' + base64.b64encode( b'access_key:secret_key' ) ) 
~$ kubectl get po
error: You must be logged in to the server (the server has asked for the client to provide credentials (get pods))

have I missed something obvious?

@vincent @mvisonneau I tested with vincent’s comments, looks like it doesn’t work with environment secret key pair.

Yes, you need an account API key.