kops export kubeconfig with no diminishing TTL

Question

We create the cluster using the following command

kops create cluster --node-count=3 --node-size=c5.2xlarge --master-count=3 --master-size=c5.xlarge --zones=eu-west-1a --name=${KOPS_CLUSTER_NAME} --yes

We are using kops cluster. We export the kubeconfig using this command

$ kops export kubecfg --admin --kubeconfig ~/workspace/kubeconfig --state=s3://YOUR-S3-BUCKET-NAME"

It works fine for sometime. But after sometime we again start getting the same error as TTL expires for kubeconfig

error: You must be logged in to the server (Unauthorized) kops

Is there any way we can get rid of this annoying TTL?

Dupilicate of https://stackoverflow.com/questions/66341494/kops-1-19-reports-error-unauthorized-when-interfacing-with-aws-cluster? — Ole Markus With, Mar 18 '21 at 08:45
Thanks a lot @OleMarkusWith but i am already exporting the kubeconfig as `--admin`. It only solves the issue for sometime but i get the same error again. — codeaprendiz, Mar 18 '21 at 08:47
Ah okay. Thanks a lot. But we have daily deployments running using the exported kubeconfig, is there a way for longer validity ? I mean we can't generate a `kubeconfig` daily for sure. @OleMarkusWith — codeaprendiz, Mar 18 '21 at 10:03
The admin cert is very privileged. Your deployment systems should not use that. Consider dedicated credentials per pipeline instead. — Ole Markus With, Mar 18 '21 at 12:02
@codeaprendiz Does Ole Markus With's comment answer all your questions ? — matt_j, Mar 18 '21 at 17:42
@matt_j, the problem still remains, I want to be able to generate `kubeconfig` which does not have a diminishing TTL. — codeaprendiz, Mar 19 '21 at 18:58

score 5 · Accepted Answer · answered Mar 22 '21 at 10:16

5

After going through the docs, found that we can actually give the validity of the kubeconfig as an argument

$ kops export kubecfg --admin=87600h0m0s --kubeconfig ~/workspace/kubeconfig --state=s3://<bucket-name> --name=<cluster-name>

answered Mar 22 '21 at 10:16

codeaprendiz

2,703
1
25
49

1

Awesome that you did all the leg work and posted back. – AnthonyK May 14 '22 at 04:20
Seriously — thanks a ton for coming back to this and sharing your hard-won knowledge! – adamc Jun 01 '22 at 22:06
1

Great work for sharing the answer, however, the link you provided is returning 404, https://kops.sigs.k8s.io/cli/kops_export_kubeconfig/#examples this is a usage sample to follow – Adedapo Ajuwon Aug 30 '22 at 08:17
Yeah looks like they updated the docs link. Thank you. – codeaprendiz Aug 30 '22 at 08:43

kops export kubeconfig with no diminishing TTL

1 Answers1