Admin Access and API Restrictions¶

The BIG-IP Next Kubernetes Cluster-Wide Controller (CWC) now includes improved security protocols that limit access to the Debug API and QKView API to only admin users. This is achieved through the use of a Admin Token, which is essential for safeguarding sensitive data such as metrics, logs, and core files.

Retrieve the Admin Token¶

The Admin Token is used to authenticate REST API calls to the Cluster Wide Controller (CWC). The Admin token is automatically generated and stored in a Kubernetes secret by default.

To retrieve the Admin token, run the following command.

kubectl get secret cwc-auth-token -n f5-utils -o jsonpath="{.data.token}" | base64 --decode; echo ""

Use the Admin Token to Authenticate REST API Request¶

The retrieved Admin token is used to authenticate API requests to the Debug API and QKView API.

For Example, to check the status of the CWC, run the following curl command. The Admin token is parsed as Bearer in -H “Authorization” parameter.

curl -X GET https://f5-spk-cwc.f5-utils:30881/status \
--cert ./client/certs/client_certificate.pem \
--key ./client/secrets/client_key.pem  \
--cacert ./ca/certs/ca_certificate.pem \
-H "Authorization: Bearer jOghNJzq3oYMWcQUtDsF70q1UE3qOdcp"

Sample Output

{
  "Status": {
    "ClusterDetails":{
       "Name":"My Cluster"
    },
     "LicenseDetails":{
        "DigitalAssetID":"f06ae970-5b16-4fc1-894e-ce419b928cc9",
        "EntitlementType":"paid",
        "LicenseExpiryDate":"2026-02-05T00:01:13Z",
        "LicenseExpiryInDays":"356"
     },
     "LicenseStatus":{
       "State":"Verification Complete"
     }
   },
     "TelemetryStatus": {
         "NextReport":{
           "StartDate":"2025-02-11 00:03:20.585513148 UTC",
           "EndDate":"2025-02-28 11:03:20 UTC",
           "State":"Telemetry In Progress"
      }
    }
}

Previous Next