I’ve a config map which I need to read from K8S via api
I Created a cluster role
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: zrole
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list"]and cluster role binding
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: z-role-binding
subjects:
- kind: Group
name: system:serviceaccounts
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: zroleConfig Map
apiVersion: v1
kind: ConfigMap
metadata:
name: z-config
namespace: fdrs
data:
avr: client1
fuss: xurbzThe code is used like
clientSet.CoreV1().ConfigMaps(uNamespcae)
when I run the code locally (and provide to the the GO api the kubeconfig) I was able to get the config map data, However when I run the code inside the cluster I got error: invalid token , any idea what am I missing here?
Check automountServiceAccountToken in the pod spec. By default it's set to true, but maybe you have it disabled.
Use the official GO client. It reads the correct configuration and tokens by default. https://github.com/kubernetes/client-go/blob/master/examples/in-cluster-client-configuration/main.go
If you don't use it, then use the correct configuration: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api-1
Check the token in the pod: /var/run/secrets/kubernetes.io/serviceaccount/token and use the kubernetes service.