kubectl: how does it discover the incluster config?

9/11/2019

When I run kubectl inside of a pod it defaults to "in-cluster config" (defined by files in /var/run/secrets/kubernetes.io/serviceaccount). If I want to wrap kubectl inside of a call to Python subprocess with shell=False, how do I tell kubectl where to find the in-cluster config?

Since when I run shell=False none of the environment makes it into the subprocess. It seems I need to explicitly pass some environment variables or other system state to the subprocess call for kubectl to discover the in-cluster config.

How does kubectl discover this config? Are there a simple few variables to pass through?

-- Joe J
config
kubectl
kubernetes
python
subprocess

1 Answer

9/12/2019

You will have to construct a KUBECONFIG by hand, given those values, since that's more-or-less exactly what the python client does anyway. In short, either in python or via the following commands:

kubectl config set-cluster the-cluster --server="https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}" --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-credentials pod-token --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
kubectl config set-context pod-context --cluster=the-cluster --user=pod-token
kubectl config use-context pod-context

and then you're off to the races

-- mdaniel
Source: StackOverflow