I am running a node.js service in a Kubernetes container. My service uses the token inside the service account to make calls to the API server from inside the POD. My code is like this
var fs = require('fs');
var tokenFile ='/var/run/secrets/kubernetes.io/serviceaccount/token';
var restCall = function(serviceUrl,reqMethod,callback){
var token = "";
fs.readFile(tokenFile, 'utf8', function(err, data) {
if (err) throw err;
token ='Bearer '+data;
});
var serviceUrl = https://<clusterName>/api/v1/nodes
var options = {
url: serviceUrl,
headers: {
'Content-Type': 'application/json',
'Authorization': token
},
method: reqMethod
};I am receiving this error in response
self signed certificate in certificate chain.
I am able to make calls using the token through rest client, when I deployed to container it was returning socket connection error
missed to pass this environment variable node_tls_unauthorized=0 which results in authentication issue
Try using CA certificate, you will get it in following path
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Radek Pieczonka mentions this in his answer,
You call the api with an https protocol, where most likely the certificate is not signed by external CA. This is normal. You should make sure you trust that CA before you make a call to service secured by certificate it issued. Most kube provisioners provide you back with CA certificate so you can add it to your trusted certs or provide to the client in some param.
On the other side, when you makethe call to api within your kube cluster an url like http://kubernetes.default/api/v1/nodes should be reachable.