[Bug] K8s API authentication failing for pod

[kaiwalyakoparkar]

Project Idea: “Pod-logger” - Simple application which uses k8s api to fetch the logs from the pods in the cluster and show it on a simple ui dashboard

What I am trying to do:

Deploying podlogger as a container in a pod and trying to access k8s api through this container/pod. (So that I can get logs of any pod in cluster)

Things I tried:

Creating a sh file with all the environments and simple curl command

• Works if you exec in the container and run it manually but fails to curl if tried to run via Dockerfile Based on above, I add the environments to docker file this time and added the curl command inside the docker file args/cmd to see if it runs as the container is running.
• It fails without outputting any type of logs so I am confused if it’s running or not I created a separate service account with view access to logs and linked it to the pod, still fails to curl the k8s api - Returns the Json with status: failure

Contexts to understand the code:

https://github.com/kaiwalyakoparkar/pod-logger/blob/11f0f27c3804758596a6a3fe229c3b39ad358bdb/api/controllers/controller.go#L33 - Here I am trying to invoke the shell script using the api endpoint, still fails https://github.com/kaiwalyakoparkar/pod-logger/blob/11f0f27c3804758596a6a3fe229c3b39ad358bdb/api/controllers/controller.go#L53 - This endpoint was to see if there is an error with env loading but that doesn’t seem to be an issue, last I checked all envs I needed were loaded https://github.com/kaiwalyakoparkar/pod-logger/blob/11f0f27c3804758596a6a3fe229c3b39ad358bdb/api/controllers/controller.go#L13 - This is the curl command I am trying to run through this endpoint

[Revolyssup]

1. Dont expand env variables in exec.Command like {TOKEN}. instead:
2. This will still cause error because your TOKEN env variable is just the path and not the actual token. Read that file and pass it

    cacert := os.Getenv("CACERT")
    tokenPath := os.Getenv("TOKEN")
    apiserver := os.Getenv("APISERVER")
    tokenFile, err := os.Open(tokenPath)
    if err != nil {
        fmt.Println("could not open token file: ", err)
        return ""
    }
    tokenData, err := io.ReadAll(tokenFile)
    if err != nil {
        fmt.Println("could not read token file: ", err)
        return ""
    }
    output := string(out)
    cmd = exec.Command("curl", "--cacert", cacert, "--header", "Authorization: Bearer "+string(tokenData), apiserver+"/api")

[kaiwalyakoparkar]

1. Dont expand env variables in exec.Command like {TOKEN}. instead:
2. This will still cause error because your TOKEN env variable is just the path and not the actual token. Read that file and pass it

  cacert := os.Getenv("CACERT")
  tokenPath := os.Getenv("TOKEN")
  apiserver := os.Getenv("APISERVER")
  tokenFile, err := os.Open(tokenPath)
  if err != nil {
      fmt.Println("could not open token file: ", err)
      return ""
  }
  tokenData, err := io.ReadAll(tokenFile)
  if err != nil {
      fmt.Println("could not read token file: ", err)
      return ""
  }
  output := string(out)
  cmd = exec.Command("curl", "--cacert", cacert, "--header", "Authorization: Bearer "+string(tokenData), apiserver+"/api")

Thank you so much @Revolyssup I will try this :D