Closed ReddyArunreddy closed 10 months ago
Refer to https://github.com/kubernetes-client/c/issues/154#issuecomment-1284862113 please.
Option 1 or 2 is what you need.
Actually I'm using the c API's from within the pod.
Use load_incluster_config
instead of load_kube_config
if your program works within a pod.
int rc = load_incluster_config(&basePath, &sslConfig, &apiKeys);
You don't need to copy the kube config as the c client library will authenticate for you by getting
/var/run/secrets/kubernetes.io/serviceaccount/token
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
in the pod.
Hi ,
I tried to run in cluster example but getting return value as 403.
root@ubuntu-test-6684b56c59-stdwv:~/c/examples/list_pod_incluster# make gcc main.c -g -I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api -I../../kubernetes/config -L../../kubernetes/build -lkubernetes -lyaml -lwebsockets -L/usr/local/lib -o list_pod_incluster_bin root@ubuntu-test-6684b56c59-stdwv:~/c/examples/list_pod_incluster# ./list_pod_incluster_bin The return code of HTTP request=403 Cannot get any pod. root@ubuntu-test-6684b56c59-stdwv:~/c/examples/list_pod_incluster#
Regards, Arunreddy.
Can you try to debug the function load_incluster_config
in your environment ?
Let's see what's wrong with it.
How to enable debugging: https://github.com/kubernetes-client/c/blob/5ac5ff25e9809a92a48111b1f77574b6d040b711/README.md?plain=1#L46-L47
Hi,
checked with debug enabled. load_incluster_config API returning 0 only, curl request returned 403 .
RBAC seems to restrict the access to the API server in the pod. You can check to see if your service account has permissions.
See more details on service account RBAC here: https://kubernetes.io/docs/concepts/security/service-accounts/#how-to-use
Using RBAC I'm able a list pods and update pod labels. using the load_incluster_config() API. Thanks @ityuhui @brendandburns
Hi,
load_kube_config(&basePath, &sslConfig, &apiKeys, NULL); / NULL means loading configuration from $HOME/.kube/config /
Here how can I connect to API sever without copying .kube/config file from the kubernetes master node.
Regards, Arunreddy.