Using Static Token file

Using a static token file in Minikube

Overview

A static token file can be used to ensure only authenticated users access the API server. As minikube nodes are run in VMs/containers, this adds a complication to ensuring this token file is accessible to the node. This tutorial explains how to configure a static token file.

Tutorial

This must be done before creating the minikube cluster.

# Create the folder that will be copied into the control plane.
mkdir -p ~/.minikube/files/etc/ca-certificates/

# Copy the token file into the folder.
cp token.csv ~/.minikube/files/etc/ca-certificates/token.csv

# Start minikube with the token auth file specified.
minikube start \
  --extra-config=apiserver.token-auth-file=/etc/ca-certificates/token.csv

Placing files in ~/.minikube/files/ automatically copies them to the specified path in each minikube node. This means once we call minikube start, it is able to access the token file since it is locally present in the node.

Last modified January 29, 2022: Fix typos (bc0382182)