.kube/config how to make it available to a rest service deployed in kubernetes

Question

Whats the best approach to provide a .kube/config file in a rest service deployed on kubernetes?

This will enable my service to (for example) use the kuberntes client ap

Answer 1

Create service account:

kubectl create serviceaccount example-sa

Create a role:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: example-role
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

Create role binding:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: example-role-binding
  namespace: default
subjects:
  - kind: "ServiceAccount"
    name: example-sa
roleRef:
  kind: Role
  name: example-role
  apiGroup: rbac.authorization.k8s.io

create pod using example-sa

kind: Pod
apiVersion: v1
metadata:
 name: example-pod
spec:
 serviceAccountName: example-sa
 containers:
 - name: secret-access-container
   image: example-image

The most important line in pod definition is serviceAccountName: example-sa. After creating service account and adding this line to your pod's definition you will be able to access your api access token at /var/run/secrets/kubernetes.io/serviceaccount/token.

Here you can find a little bit more detailed version of the above example.