Bypass your identity provider
InfluxDB Clustered generates a valid access token (known as the admin token)
for managing databases and database tokens and stores it as a secret in your
InfluxDB namespace.
You can use the admin token with the influxctl
CLI
in lieu of configuring and using an OAuth2 identity provider.
Do not use in production
This feature is for development and testing purposes only and should not be used in a production InfluxDB cluster.
Configure influxctl to use the admin token
-
If you haven’t already, download, install, or upgrade to
influxctl
v2.2.0 or newer. -
Use
kubectl
to retrieve the admin token from your cluster namespace’s secret store and copy it to a file:kubectl get secrets/admin-token \ --template={{.data.token}} \ --namespace
INFLUXDB_NAMESPACE| base64 -d > token.json -
Update your
influxctl
connection profile with a new[profile.auth.token]
section. -
In the
[profile.auth.token]
section, assign thetoken_file
setting to the location of your saved admin token file:[[profile]] # ... [profile.auth.token] token_file = "/
DIRECTORY_PATH/token.json"
In the examples above, replace the following:
INFLUXDB_NAMESPACE
: The name of your InfluxDB namespace.DIRECTORY_PATH
: The directory path to your admin token file,token.json
.
Revoke an admin token
The admin token is a long-lived access token. The only way to revoke the token is to do the following:
-
Delete the
rsa-keys
andadmin-token
secrets from your InfluxDB cluster’s context and namespace:kubectl delete secret rsa-keys admin-token --namespace
INFLUXDB_NAMESPACE -
Rerun the
key-gen
andcreate-amin-token
jobs:-
List the jobs in your InfluxDB namespace to find the key-gen job pod:
# List jobs to find the key-gen job pod kubectl get jobs --namespace
INFLUXDB_NAMESPACE -
Delete the key-gen and create-admin-token jobs so they it will be re-created by kubit:
kubectl delete job/
KEY_GEN_JOBjob/CREATE_ADMIN_TOKEN_JOB \ --namespaceINFLUXDB_NAMESPACE
-
-
Restart the
token-management
service:kubectl delete pods \ --selector app=token-management \ --namespace
INFLUXDB_NAMESPACE
In the examples above, replace the following:
INFLUXDB_NAMESPACE
: The name of your InfluxDB namespace.KEY_GEN_JOB
: The name of the key-gen job pod.
To create a new admin token after revoking the existing one, rerun the
create-admin-token
job.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.