Closed shushenglihotmail closed 9 months ago
shushenglihotmail
commented
9 months ago Actually I figured this is a bug in rest.InClusterConfig code, it hard codes token path to be "/var/run/secrets/kubernetes.io/serviceaccount/token". However in Hosted Process Windows Container. The token path is $CONTAINER_SANDBOX_MOUNT_POINT\var\run\secrets\kubernetes.io\serviceaccount\ as describe here
liggitt
commented
9 months ago It's not a bug, the envvar path was a temporary solution while the feature was in alpha development, which we didn't add to the client libraries because there wasn't a feature-gate / conditional way to embed that logic. More details are at https://github.com/kubernetes/enhancements/pull/2865#discussion_r704941990
In beta versions, the token was expected to be at the normal path and resolvable by client-go without using the envvar prefix.
cc @marosset @jsturtevant
jsturtevant
commented
9 months ago The ablity to use the incluster config is avalible in containerd 1.7+.
Linking the initial issue related to this: https://github.com/kubernetes/kubernetes/issues/104562
I run windows container on Kubernetes, I tried to use client go to access API server from in cluster pod. But the call rest.InClusterConfig() always gives error "open /var/run/secrets/kubernetes.io/serviceaccount/token: The system cannot find the path specified". I have the service account created with an admin role bound. But always the same error. I wonder if client go works for windows container? Any idea?