Skip to content

K8s API access from pod

SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
TOKEN=$(cat ${SERVICEACCOUNT}/token)
NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
CACERT=${SERVICEACCOUNT}/ca.crt
APISERVER=https://kubernetes.local

curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/${NAMESPACE}/pods/

kubectl config set-cluster my-cluster --server=$APISERVER
kubectl config set-cluster my-cluster --certificate-authority=$CACERT
kubectl config set-credentials my-user --token=$TOKEN
kubectl config set-context my-context --cluster=my-cluster --user=my-user
kubectl config view
kubectl config use-context my-context
kubectl config view
kubectl auth can-i --list