Tried to find out rest api endpoint to get a bearer token for a kubernetes user.
Found the answer from the web saying kubectl config view -o json -- We have to extract password from this.
I tried finding out the rest endpoint of the above ctl command. But its loading the details from config file.
Can anyone help me on finding out rest endpoint to find out the bearer token of a particular user.
You can follow this article in documentation which shows how to authenticate against API:
# Check all possible clusters, as your .KUBECONFIG may have multiple contexts:
kubectl config view -o jsonpath='{"Cluster name\tServer\n"}{range .clusters[*]}{.name}{"\t"}{.cluster.server}{"\n"}{end}'
# Select name of cluster you want to interact with from above output:
export CLUSTER_NAME="some_server_name"
# Point to the API server referring the cluster name
APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")
# Gets the token value
TOKEN=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode)
# Explore the API with TOKEN
curl -X GET $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
In TOKEN
you can change the service account name to the one you are trying to get token for, so you can run only this command to view the token:
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode
Worth to mention that API endpoint that kubcetl is using underneath can be checked by rising the log verbosity level with most of kubectl commands (e.g -v=7), check kubectl options
for more details.