[Feature Request] Access to API in a pod
Closed this issue · 2 comments
Hi, Thank you for developing this repo!
I'm wondering can I use Kuber.jl within a pod, and access the Kubernetes API? As far as I know, both Go and Python have client that can do so, like here.
This will be a great help!
That should be possible. A pod typically uses the service account token made available to it. If the kubernetes configuration is set to mount the token, it should be available at the path /var/run/secrets/kubernetes.io/serviceaccount/token inside the container. The other pieces if information you would need to connect are the namespace and CA certificate to validate the conenction. They should also be mounted into the container. So to summarize, the mounted locations to look at are:
/var/run/secrets/kubernetes.io/serviceaccount/namespace: for namespace/var/run/secrets/kubernetes.io/serviceaccount/ca.crt: for CA certificate/var/run/secrets/kubernetes.io/serviceaccount/token: for the authentication token
Then the code to connect to the API server should look like:
ns_mount = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
cacert_mount = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
token_mount = "/var/run/secrets/kubernetes.io/serviceaccount/token"
api_server = "https://kubernetes.default.svc"
# the cluster cacert should be installed at appropriate place in the pod instead of this
# NetworkOptions.jl has instructions on how to deal with certificates
ENV["JULIA_NO_VERIFY_HOSTS"] = "kubernetes.default.svc"
using Kuber
ctx = KuberContext()
token = string(readchomp(token_mount))
ns = string(readchomp(ns_mount))
set_server(ctx, api_server; headers=Dict("Authorization" => "Bearer " * token))
Kuber.set_ns(ctx, ns)
Kuber.set_api_versions!(ctx);
# ctx is now ready to use with Kuber.jl APIs
# ensure the serviceaccount token has enough permissions to execute the APIsThank you very much! I will try it out soon. Close this issue for now; will reopen if I have further questions :) Thank you for this awesome project!