Given access to the kubernetes cluster, but no API key, how can I programatically create a API key for rancher server?
The method described in documentation here requires a password login an a web browser. I would like to get the same outcome programatically. Given that all the state should be on etcd, it should, in theory, be possible through kubectl.
I found a way to make this work:
Create a JSON file to define the token (i.e token.json):
{
"apiVersion": "management.cattle.io/v3",
"authProvider": "local",
"current": false,
"description": <enter description>,
"expired": false,
"expiresAt": "",
"isDerived": true,
"kind": "Token",
"metadata": {
"labels": {
"authn.management.cattle.io/token-userId": <enter user id>,
"cattle.io/creator": "kubectl"
},
"name": <enter a token id>,
},
"token": <enter token>,
"ttl": 0,
"userId": <enter user id>,
}
The token ID can be any unique string to give a name of the token. For the user-id, choose a user to which this token should be long to. (see user list with kubectl get users -n cattle-system).
kubectl apply -f token.json