K8S 通过 go API 读取配置映射

Question

I've a config map which I need to read from K8S via api

I Created a cluster role

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: zrole
rules:
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get", "list"]

and cluster role binding

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: z-role-binding
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: zrole

Config Map

apiVersion: v1
kind: ConfigMap
metadata:
  name: z-config
  namespace: fdrs
data:
  avr: client1
  fuss: xurbz

The code is used like

clientSet.CoreV1().ConfigMaps(uNamespcae)

when I run the code locally (and provide to the the GO api the kubeconfig) I was able to get the config map data, However when I run the code inside the cluster I got error: invalid token , any idea what am I missing here?

Answer 1

Check automountServiceAccountToken in the pod spec. By default it's set to true , but maybe you have it disabled.

Use the official GO client. It reads the correct configuration and tokens by default. https://github.com/kubernetes/client-go/blob/master/examples/in-cluster-client-configuration/main.go

If you don't use it, then use the correct configuration: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api-1

Check the token in the pod: /var/run/secrets/kubernetes.io/serviceaccount/token and use the kubernetes service.