Bypass your identity provider
InfluxDB Clustered generates a valid access token (known as the admin token)
for managing databases and database tokens and stores it as a secret in your
InfluxDB namespace.
You can use the admin token with the influxctl CLI
in lieu of configuring and using an OAuth2 identity provider.
Do not use in production
This feature is for development and testing purposes only and should not be used in a production InfluxDB cluster.
Configure influxctl to use the admin token
If you haven’t already, download, install, or upgrade to
influxctlv2.2.0 or newer.Use
kubectlto retrieve the admin token from your cluster namespace’s secret store and copy it to a file:kubectl get secrets/admin-token \ --template={{.data.token}} \ --namespaceINFLUXDB_NAMESPACE| base64 -d > token.jsonUpdate your
influxctlconnection profile with a new[profile.auth.token]section.In the
[profile.auth.token]section, assign thetoken_filesetting to the location of your saved admin token file:[[profile]] # ... [profile.auth.token] token_file = "/DIRECTORY_PATH/token.json"
In the examples above, replace the following:
INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.DIRECTORY_PATH: The directory path to your admin token file,token.json.
Revoke an admin token
The admin token is a long-lived access token. The only way to revoke the token is to do the following:
Delete the
rsa-keysandadmin-tokensecrets from your InfluxDB cluster’s context and namespace:kubectl delete secret rsa-keys admin-token --namespaceINFLUXDB_NAMESPACERerun the
key-genandcreate-admin-tokenjobs:List the jobs in your InfluxDB namespace to find the key-gen job pod:
# List jobs to find the key-gen job pod kubectl get jobs --namespaceINFLUXDB_NAMESPACEDelete the key-gen and create-admin-token jobs so they it will be re-created by kubit:
kubectl delete job/KEY_GEN_JOBjob/CREATE_ADMIN_TOKEN_JOB \ --namespaceINFLUXDB_NAMESPACE
Restart the
token-managementservice:kubectl delete pods \ --selector app=token-management \ --namespaceINFLUXDB_NAMESPACE
In the examples above, replace the following:
INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.KEY_GEN_JOB: The name of the key-gen job pod.
To create a new admin token after revoking the existing one, rerun the
create-admin-token job.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB Clustered and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.