Documentation

InfluxDB Clustered

Bypass your identity provider

Limited availability

InfluxDB Clustered is currently only available to a limited group of InfluxData customers. If interested in being part of the limited access group, please contact the InfluxData Sales team.

InfluxDB Clustered generates a valid access token (known as the admin token) for managing databases and database tokens and stores it as a secret in your InfluxDB namespace. You can use the admin token with the influxctl CLI in lieu of configuring and using an OAuth2 identity provider.

Do not use in production

This feature is for development and testing purposes only and should not be used in a production InfluxDB cluster.

Configure influxctl to use the admin token

  1. If you haven’t already, download, install, or upgrade to influxctl v2.2.0 or newer.

  2. Use kubectl to retrieve the admin token from your cluster namespace’s secret store and copy it to a file:

    kubectl get secrets/admin-token \
  --template={{.data.token}} \
  --namespace 
    INFLUXDB_NAMESPACE
     | base64 -d > token.json

  3. Update your influxctl connection profile with a new [profile.auth.token] section.

  4. In the [profile.auth.token] section, assign the token_file setting to the location of your saved admin token file:

    [[profile]]
# ...
  [profile.auth.token]
    token_file = "/
    DIRECTORY_PATH
    /token.json"

In the examples above, replace the following:

  • INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.
  • DIRECTORY_PATH: The directory path to your admin token file, token.json.

Revoke an admin token

The admin token is a long-lived access token. The only way to revoke the token is to do the following:

  1. Delete the rsa-keys secret from your InfluxDB cluster’s context and namespace:

    kubectl delete secrets/rsa-keys --namespace 
    INFLUXDB_NAMESPACE

  2. Rerun the key-gen job:

    1. List the jobs in your InfluxDB namespace to find the key-gen job pod:

      # List jobs to find the key-gen job pod
kubectl get jobs --namespace 
      INFLUXDB_NAMESPACE

    2. Run the key-gen job and increment the job number as needed:

      kubectl create job \
  --from=job/
      KEY_GEN_JOB
       key-gen-
      001
       \
        --namespace 
      INFLUXDB_NAMESPACE

  3. Restart the token-management service:

    kubectl delete pods \
  --selector app=token-management \
  --namespace 
    INFLUXDB_NAMESPACE

In the examples above, replace the following:

  • INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.
  • KEY_GEN_JOB: The name of the key-gen job pod.
  • 001: A unique number used to increment the key-gen job.

To create a new admin token after revoking the existing one, rerun the create-admin-token job.

Was this page helpful?

Thank you for your feedback!

© 2024 InfluxData, Inc.

What is your InfluxDB cluster URL?

Enter your InfluxDB cluster URL and we’ll update code examples for you.

Enter cluster URL

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Flux is going into maintenance mode and will not be supported in InfluxDB 3.0. This was a decision based on the broad demand for SQL and the continued growth and adoption of InfluxQL. We are continuing to support Flux for users in 1.x and 2.x so you can continue using it with no changes to your code. If you are interested in transitioning to InfluxDB 3.0 and want to future-proof your code, we suggest using InfluxQL.

For information about the future of Flux, see the following: