How to get kubernetes service account access token using fabric8 java client?

9/5/2017

I have configured minikube in my local machine and going to use kubernetes externally. I have created a Service Account in kubernetes and using it's secret I can get the access token using below command.

kubectl get secret <service-account-secret> -o yaml -n mynamespace

My question is how can I do this using fabric8 java client in runtime ? What I want is to obtain the access token by giving the secret of the Service account as a parameter.

I am initiating the config as bellow.

Config config = new ConfigBuilder().withMasterUrl(masterURL)
                .withClientCertFile(certFile).withOauthToken(serviceAccountAccessToken).build();

Can I know how to get the serviceAccountAccessToken as described above using fabric8 java client ?

-- Chamalee De Silva
fabric8
java
kubernetes
openshift
openshift-origin

2 Answers

9/6/2017

From within a Pod, the service account token is volume-mounted as /var/run/secrets/kubernetes.io/serviceaccount/token as seen here. The fact that the path is hard-coded in (at least v2.6.2 of) the fabric8 Client leads me to believe that perhaps if one merely omits the withOauthToken() call that the Client may Just Work™

It's slightly unclear whether the code snippet you provided is expected to run outside of the cluster, but if so then you have a small chicken-and-egg problem of providing auth to the API so you can acquire the Secret

-- mdaniel
Source: StackOverflow

9/14/2017

The client already does that for you.

If you just create an empty Config object:

Config config = new ConfigBuilder().build();

or create the client, like:

KubernetesClient client = new DefaultKubernetesClient();

from within a pod, it will automatically read the token for you.

If you need to pass it elsewhere, you can just:

String token = config.getOauthToken();

or

String token = client.getConfiguration().getOauthToken();
-- iocanel
Source: StackOverflow