How does kubernetes work from within a docker container

5/21/2019

How does a Kubernetes run (kubectl get no) from within a docker container?

I know that it has to talk with the API server, but nowhere can I find a config file containing details of this (like .kube/config file found under my user)

I've done an env to check out what variables are set. I've gone to the home directory which has a .kube directory but no config file.

-- mac
docker
kubernetes
linux

1 Answer

6/12/2019

As per documentation:

The recommended way to authenticate to the apiserver is with a service account credential. By kube-system, a pod is associated with a service account, and a credential (token) for that service account is placed into the filesystem tree of each container in that pod, at /var/run/secrets/kubernetes.io/serviceaccount/token

When kubectl is connecting with api using serviceaccount - token is placed in /var/run/secrets/kubernetes.io/serviceaccount/token

When you create a pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace

When you perform "config operation" with kubectl like:

kubectl config set-context test

.kube/config will be created automatically.

You can pass also different serviceAccountName into your pod and auto mount token like:

spec:
  serviceAccountName: <your_service_account>
  automountServiceAccountToken: true

You can find more information about Configure Service Accounts for Pods here.

Hope this help.

-- Hanx
Source: StackOverflow