[英]K8S Read config map via go API
I've a config map which I need to read from K8S via api我有一个配置映射,我需要通过 api 从 K8S 读取
I Created a cluster role我创建了一个集群角色
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: zrole
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list"]
and cluster role binding和集群角色绑定
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: z-role-binding
subjects:
- kind: Group
name: system:serviceaccounts
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: zrole
Config Map配置图
apiVersion: v1
kind: ConfigMap
metadata:
name: z-config
namespace: fdrs
data:
avr: client1
fuss: xurbz
The code is used like 代码是这样使用的
clientSet.CoreV1().ConfigMaps(uNamespcae) clientSet.CoreV1().ConfigMaps(uNamespae)
when I run the code locally (and provide to the the GO api the kubeconfig) I was able to get the config map data, However when I run the code inside the cluster I got error: invalid token
, any idea what am I missing here?当我在本地运行代码(并向 GO api 提供 kubeconfig)时,我能够获取配置映射数据,但是当我在集群内运行代码时,我收到错误: invalid token
,知道我在这里遗漏了什么?
Check automountServiceAccountToken
in the pod spec.检查 pod 规范中的automountServiceAccountToken
。 By default it's set to true
, but maybe you have it disabled.默认情况下它设置为true
,但也许您已禁用它。
Use the official GO client.使用官方GO客户端。 It reads the correct configuration and tokens by default.默认情况下,它会读取正确的配置和令牌。 https://github.com/kubernetes/client-go/blob/master/examples/in-cluster-client-configuration/main.go https://github.com/kubernetes/client-go/blob/master/examples/in-cluster-client-configuration/main.go
If you don't use it, then use the correct configuration: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api-1如果不使用,则使用正确的配置: https : //kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api-1
Check the token in the pod: /var/run/secrets/kubernetes.io/serviceaccount/token
and use the kubernetes
service.检查 pod 中的令牌: /var/run/secrets/kubernetes.io/serviceaccount/token
并使用kubernetes
服务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.