How do I get a Kubernetes API Access Token?

You can follow this guide to create a dedicated Service Account with read-only access and then generate a token.

• Kubectl creates the Holm Security account in your cluster, whether running on GKE, EKS, AKS, Minikube, or any other environment.
• Ensure you have pointed the kubectl to the correct cluster, and get the API URL from the command.

• Prints the control plane (Cluster API) URL:kubectl cluster-info

Your context is set correctly if you see the correct API server URL:

GKE: gcloud container clusters get-credentials ... 
EKS: aws eks update-kubeconfig --name <cluster-name> 
AKS: az aks get-credentials --resource-group <rg> --name <cluster-name> 
Minikube: kubectl config use-context minikube 
Kind: kubectl config use-context kind-<name>

• Create a Read-Only Service Account, Save the following YAML as holm-scanner-rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: scanner
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: scanner-read-only
rules:
- apiGroups: [""]
  resources: ["*"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps", "batch", "extensions", "networking.k8s.io", "rbac.authorization.k8s.io", "policy", "storage.k8s.io", "autoscaling", "coordination.k8s.io"]
  resources: ["*"]
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/healthz", "/version", "/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scanner-read-only-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: scanner-read-only
subjects:
- kind: ServiceAccount
  name: scanner
  namespace: default

• kubectl apply -f holm-scanner-rbac.yaml

• Use the following command to create a temporary token for the Service Account.

kubectl create token scanner