search

subk / kube-watch

Kubernetes Watch API for node
MIT License
36 stars 6 forks source link

TLS support #8

Open jonathan-kosgei opened 7 years ago

jonathan-kosgei commented 7 years ago

Hi,

I'm trying to get this working for a production setup and I need to use TLS, however the options needed for this 

const services = new KubeWatch('services', {
  url: 'http://kube-api-server',
  request: {
    cert: fs.readFileSync(certFile),
    key: fs.readFileSync(keyFile),
    passphrase: 'password',
    ca: fs.readFileSync(caFile)
  }
});

Specifically the key and cert are not provided within any old kubernetes run container. What I can find are the cafile at /var/run/secrets/kubernetes.io/serviceaccount/ca.crt and token at /var/run/secrets/kubernetes.io/serviceaccount/token. Will the setup work with just this two?

jonathan-kosgei commented 7 years ago

I have the following code, but it's unable to get the api version 

import KubeWatch from 'kube-watch';

var fs = require('fs');

var caFile='/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
var token='/var/run/secrets/kubernetes.io/serviceaccount/token'

const pods = new KubeWatch('services', {
  url: 'https://kubernetes.default.svc',   // Kubernetes API URL
  custom_endpoint: 'git.k8s.com',
  custom_version: 'v1',
  request: {
  auth: {
    "bearer": fs.readFileSync(token)
  },
    ca: fs.readFileSync(caFile)
  }
});
pods
  .on('added', event => {
    console.log("created");
    console.log(event);
  })
  .on('modified', event => {
    // could do a deregister and register
    console.log("modified")
    console.log(event);
  })
  .on('deleted', event => {
    console.log("deleted")
    console.log(event)
  })
  .on('error', err => {
    console.error('Error %d: %s', err.code, err.message);
  });