Suppose I want to do operations on Kubernetes objects from a client-side web app. The app logs the user into Google using OAuth2 and obtains cloud-platform auth scope. Now the app can call Google Cloud APIs such as GKE APIs. The app can now enumerate the GKE clusters: https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters/list
What I do not understand is how to call Kubernetes APIs now. I need to connect to master, authenticate and use Kubernetes' REST APIs. So, I have the following questions:
1) How do I connect to the master? How do I get the address? 2) How do I authenticate with the master?
I've researched and I think I can get the master endpoint by calling the https://container.googleapis.com/v1/projects/XXX/locations/us-central1-a/clusters
API and taking the endpoint
attribute. The master authorization information seems to be in masterAuth
. I need the token thought...
I've tried to connect to the master with the known-good token, but the browser's fetch
function rejects my request with ERR_CERT_AUTHORITY_INVALID
.
// Error: net::ERR_CERT_AUTHORITY_INVALID
const response = await fetch(
"https://IP/api/v1/pods/",
{
headers: new Headers({
"Authorization": "Bearer <token>",
"Content-Type": "application/json; charset=utf-8"
}),
}
);
I'm able to get the Certificate Authority information from the MasterAuth, but I do not know how to use it to make an HTTP GET call.
So, my most pressing part of the question is: Given the master endpoint API and MasterAuth
(clusterCaCertificate
and clientCertificate
), how can I call the Kubernetes API from the browser.