search

WoozyMasta / kube-dump

Backup a Kubernetes cluster as a yaml manifest
https://kube-dump.woozymasta.ru
GNU General Public License v3.0
325 stars 67 forks source link

can't run in k8s with ServiceAccount/Rolebinding #16

Closed kgeipel-retail7 closed 3 years ago

kgeipel-retail7 commented 3 years ago

I wanted to run kube-dump directly inside a container in a k8s cluster, but I always get an authorization error on k8s API (HTTP 401)

Therefore, I created the service account and also the role binding to cluster-admin role. Executing any kubectl command inside the container works without any problems.

What I don't understand is, why are you getting the key when you are not using it in the curl command? Only using the cert is not enough for authorization.

A Better way to solve that check would be: (https://github.com/WoozyMasta/kube-dump/blob/master/kube-dump#L242)

_api_code=$(
      curl --fail --location --output /dev/null --write-out '%{http_code}\n' --cacert $kube_api_ca \
      -H "Authorization: Bearer $kube_api_token" --silent "https://$kube_api/livez"
    )

if [ $_api_code == "200" ]

With these changes it finally works