credentials
Creates, updates, deletes, gets or lists a credentials resource.
Overview
| Name | credentials |
| Type | Resource |
| Id | digitalocean.kubernetes.credentials |
Fields
The following fields are returned by SELECT queries:
- kubernetes_get_credentials
A JSON object containing credentials for a cluster.
| Name | Datatype | Description |
|---|---|---|
certificate_authority_data | string (byte) | A base64 encoding of bytes representing the certificate authority data for accessing the cluster. (example: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lDQm5Vd0RRWUpLb1pJaHZjTkFRRUxCUUF3TXpFVk1CTUdBMVVFQ2hNTVJHbG4KYVhSaGJFOWpaV0Z1TVJvd0dBWURWUVFERXhGck9ITmhZWE1nUTJ4MWMzUmxjaUJEUVRBZUZ3MHlNREE0TURNeApOVEkxTWpoYUZ3MDBNREE0TURNeE5USTFNamhhTURNeEZUQVRCZ05WQkFvVERFUnBaMmwwWVd4UFkyVmhiakVhCk1CZ0dBMVVFQXhNUmF6aHpZV0Z6SUVOc2RYTjBaWElnUTBFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDc21oa2JrSEpUcGhZQlN0R05VVE1ORVZTd2N3bmRtajArelQvcUZaNGsrOVNxUnYrSgpBd0lCaGpBU0JnTlZIUk1CQWY4RUNEQUdBUUgvQWdFQU1CMEdBMVVkRGdRV0JCUlRzazhhZ1hCUnFyZXdlTXJxClhwa3E1NXg5dVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQXB6V2F6bXNqYWxXTEx3ZjVpbWdDblNINDlKcGkKYWkvbzFMdEJvVEpleGdqZzE1ZVppaG5BMUJMc0lWNE9BZGM3UEFsL040L0hlbENrTDVxandjamRnNVdaYnMzYwozcFVUQ0g5bVVwMFg1SVdhT1VKV292Q1hGUlM1R2VKYXlkSDVPUXhqTURzR2N2UlNvZGQrVnQ2MXE3aWdFZ2I1CjBOZ1l5RnRnc2p0MHpJN3hURzZFNnlsOVYvUmFoS3lIQks2eExlM1RnUGU4SXhWa2RwT3QzR0FhSDRaK0pLR3gKYisyMVZia1NnRE1QQTlyR0VKNVZwVXlBV0FEVXZDRVFHV0hmNGpQN2ZGZlc3T050S0JWY3h3YWFjcVBVdUhzWApwRG5DZVR3V1NuUVp6L05xNmQxWUtsMFdtbkwzTEowemJzRVFGbEQ4MkkwL09MY2dZSDVxMklOZHhBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=) |
client_certificate_data | string (byte) | A base64 encoding of bytes representing the x509 client certificate data for access the cluster. This is only returned for clusters without support for token-based authentication. Newly created Kubernetes clusters do not return credentials using certificate-based authentication. For additional information, see here. |
client_key_data | string (byte) | A base64 encoding of bytes representing the x509 client key data for access the cluster. This is only returned for clusters without support for token-based authentication. Newly created Kubernetes clusters do not return credentials using certificate-based authentication. For additional information, see here. |
expires_at | string (date-time) | A time value given in ISO8601 combined date and time format that represents when the access token expires. (example: 2019-11-09T11:50:28.889080521Z) |
server | string (uri) | The URL used to access the cluster API server. (example: https://bd5f5959-5e1e-4205-a714-a914373942af.k8s.ondigitalocean.com) |
token | string | An access token used to authenticate with the cluster. This is only returned for clusters with support for token-based authentication. (example: $DIGITALOCEAN_TOKEN) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
kubernetes_get_credentials | select | cluster_id | expiry_seconds | This endpoint returns a JSON object . It can be used to programmatically construct Kubernetes clients which cannot parse kubeconfig files. The resulting JSON object contains token-based authentication for clusters supporting it, and certificate-based authentication otherwise. For a list of supported versions and more information, see "How to Connect to a DigitalOcean Kubernetes Cluster". To retrieve credentials for accessing a Kubernetes cluster, send a GET request to /v2/kubernetes/clusters/$K8S_CLUSTER_ID/credentials.Clusters supporting token-based authentication may define an expiration by passing a duration in seconds as a query parameter to /v2/kubernetes/clusters/$K8S_CLUSTER_ID/credentials?expiry_seconds=$DURATION_IN_SECONDS.If not set or 0, then the token will have a 7 day expiry. The query parameter has no impact in certificate-based authentication. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
cluster_id | string (uuid) | A unique ID that can be used to reference a Kubernetes cluster. (example: bd5f5959-5e1e-4205-a714-a914373942af) |
expiry_seconds | integer | The duration in seconds that the returned Kubernetes credentials will be valid. If not set or 0, the credentials will have a 7 day expiry. (example: 300) |
SELECT examples
- kubernetes_get_credentials
This endpoint returns a JSON object . It can be used to programmatically
construct Kubernetes clients which cannot parse kubeconfig files.
The resulting JSON object contains token-based authentication for clusters
supporting it, and certificate-based authentication otherwise. For a list of
supported versions and more information, see "How to Connect to a DigitalOcean
Kubernetes Cluster".
To retrieve credentials for accessing a Kubernetes cluster, send a GET
request to /v2/kubernetes/clusters/$K8S_CLUSTER_ID/credentials.
Clusters supporting token-based authentication may define an expiration by
passing a duration in seconds as a query parameter to/v2/kubernetes/clusters/$K8S_CLUSTER_ID/credentials?expiry_seconds=$DURATION_IN_SECONDS.
If not set or 0, then the token will have a 7 day expiry. The query parameter
has no impact in certificate-based authentication.
SELECT
certificate_authority_data,
client_certificate_data,
client_key_data,
expires_at,
server,
token
FROM digitalocean.kubernetes.credentials
WHERE cluster_id = '{{ cluster_id }}' -- required
AND expiry_seconds = '{{ expiry_seconds }}';