I’ve a config map which I need to read from K8S via api
I Created a cluster role
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: zrole
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list"]
and cluster role binding
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: z-role-binding
subjects:
- kind: Group
name: system:serviceaccounts
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: zrole
Config Map
apiVersion: v1
kind: ConfigMap
metadata:
name: z-config
namespace: fdrs
data:
avr: client1
fuss: xurbz
The code is used like
clientSet.CoreV1().ConfigMaps(uNamespcae)
when I run the code locally (and provide to the the GO api the kubeconfig) I was able to get the config map data, However when I run the code inside the cluster I got error: invalid token
, any idea what am I missing here?
Check automountServiceAccountToken
in the pod spec. By default it's set to true
, but maybe you have it disabled.
Use the official GO client. It reads the correct configuration and tokens by default. https://github.com/kubernetes/client-go/blob/master/examples/in-cluster-client-configuration/main.go
If you don't use it, then use the correct configuration: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api-1
Check the token in the pod: /var/run/secrets/kubernetes.io/serviceaccount/token
and use the kubernetes
service.