View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions What is the linode secret in k8s?
Log in to Ask a Question

What is the linode secret in k8s?

csi documentation

Following the PersistentVolumeClaim guide in the docs you're told to create a secret named linode with an API token to access the Linode Volumes API for creating a PVC.

I did just that but when I deployed this manifest yaml file it said there was already a secret named linode. And this secret holds what appears to be an API token but not any of mine.

I've created a token with an expiry period that I plan to renew.

Am I supposed to use this pre-created token? Is it safe?

It clearly works because when I applied the pvc.yaml manifest, without changing the original linode secret, it did create a PVC as requested.

Maybe the guide needs to be updated and I also want clarification whether this pre-made linode token is safe, where it comes from. It seems to be as old as my newly created cluster.

P.S.
You're also told to apply the CSI manifest but I could see that CSI was already installed. So I suspect the docs are lagging behind a bit.

1 Reply

Linode Staff

I'd be happy to give you some clarification on what's going on here. I want to make sure that I cover all of your questions, so, I've answered them in-line below.

You're also told to apply the CSI manifest but I could see that CSI was already installed. So I suspect the docs are lagging behind a bit.

If you've used the Linode Kubernetes Engine or created your cluster using the Kubernetes Terraform installer for Linode the CSI driver will already be installed. This is mentioned in the Before you Begin section of the guide you linked. Because of this, you should skip the section for installing the driver and go directly to the Create a Persistent Volume Claim.

Am I supposed to use this pre-created token?

Yes. This secret gives the master node access so that it can modify the cluster based on the customer's specific Kubernetes configuration, like creating a PVC. This token is used to handle request sent using the kubectl command via the kube-apiserver.

Is it safe?

Yes. This token is not shared and is tied to your LKE cluster's master node.

where it comes from

This token is automatically created during deployment of the LKE cluster. This is what makes LKE a managed container orchestration engine. This would also explain why the creation date matches that of the cluster's creation date.

I can totally understand how this is not clear from the documentation you've linked, and I am passing this information along to our Documentation team to see if we can get more clarification on this in that guide.

Let us know if you have any other questions!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct