Skip to main content

Hi my nkp clients are requesting me to change the nkp connection token to their cluster with kubectl from 24 hours to never changing, 

Were in a airgapped environment and they said it will help them greatly.

I didn't find any documentation on how to do it.

If you could let me know how it can be done or direct me to the relevant documents it will really help us.

Thank you very much.

In the documentation it talks about changing the settings upon creation but the cluster is production and running and I need to change on the existing one.

To change duration of token see doc : https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Kubernetes-Platform-v2_16:top-access-token-lifetime-c.html

That being said, setting the token to “never expire” is an anti-pattern as the token approach with identity providers is meant for ensuring authenticating users and granting access based on their actual status in the identity provider system.

 

Long running (never expiring) access to kubernetes clusters should only be used for integration with CD systems for example. In such case, creating a “service account” would be the correct approach.

kubernetes service accounts : https://kubernetes.io/docs/concepts/security/service-accounts/

practical example : https://github.com/nutanixdev/nkp-quickstart/blob/main/workload-clusters/create-admin-service-account.sh

note that:

  • service accounts can have cluster wide access or only namespace access.
  • they are managed locally at cluster level
     

Define your service account appropriately for the desired use case.
 

Terms & ConditionsAccessibility statement