Seeking info how the plugin fetches the Kubernetes API CA data.

[larssb]

Hi @superbrothers,

Yesterday I wrote on slack

I’m really happy that I found the kubectl-view-serviceaccount-kubeconfig-plugin. We use it for, obviously, generate a kubeconfig file. But, a file to at as a template inside a in-cluster Pod that runs a custom auto scaling solution we’ve build. Where a ServiceAccount uses a projected volume injected short lived token to execute different actions - we insert this token into the template kubeconfig file that the plugin generates and the export KUBECONFIG  to it.
So thank you so much for your work on that plugin - awesome!

---

I was trying, by looking into the go code, on the GitHub repo of the plugin, to figure out how the plugin gets the certificate-authority-data.  Basically I would like to know this to determine whether or not the CA auth. data can be fetched directly … as this 
can be useful in different scenarions.

---

I’m not trying to spam this channel .. I’m starting out here to respectfully not DM 
[@superbrothers](https://kubernetes.slack.com/team/U0K18B648)
 directly and hopefully other peeps on here can learn something from the info I get.

@superbrothers you asked me to state my question here on GitHub. So here I am.

Thank you

[superbrothers]

how the plugin gets the certificate-authority-data.

In the case of secret-based tokens, the serviceaccount secret contains the certificate data and is therefore used.

https://github.com/superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin/blob/master/pkg/cmd/util.go#L74

In the case of bound tokens, the certificate data containd in the kubeconfig file used to run this plugin.

https://github.com/superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin/blob/master/pkg/cmd/view-serviceaccount-kubeconfig.go#L186-L187

---

If what you want to achieve does not work, please let me know, along with the steps you can take to reproduce the problem.