API Server authentication
ReddyArunreddy opened this issue · comments
Hi,
load_kube_config(&basePath, &sslConfig, &apiKeys, NULL); /* NULL means loading configuration from $HOME/.kube/config */
Here how can I connect to API sever without copying .kube/config file from the kubernetes master node.
Regards,
Arunreddy.
Refer to #154 (comment) please.
Option 1 or 2 is what you need.
Actually I'm using the c API's from within the pod.
Use load_incluster_config instead of load_kube_config if your program works within a pod.
int rc = load_incluster_config(&basePath, &sslConfig, &apiKeys);You don't need to copy the kube config as the c client library will authenticate for you by getting
/var/run/secrets/kubernetes.io/serviceaccount/token
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
in the pod.
Hi ,
I tried to run in cluster example but getting return value as 403.
root@ubuntu-test-6684b56c59-stdwv:/c/examples/list_pod_incluster# make/c/examples/list_pod_incluster# ./list_pod_incluster_bin
gcc main.c -g -I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api -I../../kubernetes/config -L../../kubernetes/build -lkubernetes -lyaml -lwebsockets -L/usr/local/lib -o list_pod_incluster_bin
root@ubuntu-test-6684b56c59-stdwv:
The return code of HTTP request=403
Cannot get any pod.
root@ubuntu-test-6684b56c59-stdwv:~/c/examples/list_pod_incluster#
Regards,
Arunreddy.
Can you try to debug the function load_incluster_config in your environment ?
Let's see what's wrong with it.
How to enable debugging:
Lines 46 to 47 in 5ac5ff2
Hi,
checked with debug enabled.
load_incluster_config API returning 0 only,
curl request returned 403 .
RBAC seems to restrict the access to the API server in the pod.
You can check to see if your service account has permissions.
See more details on service account RBAC here:
https://kubernetes.io/docs/concepts/security/service-accounts/#how-to-use
Using RBAC I'm able a list pods and update pod labels.
using the load_incluster_config() API.
Thanks @ityuhui @brendandburns