发表新帖
发表新帖

Having problem in authenticating kubernetes python client

后端 未结
关注
2 1622
难免孤独
难免孤独 2021-01-28 11:29

my lisNamespaces.py file

from __future__ import print_function
import time
import kubernetes.client
from kubernetes.client.rest import ApiException

configuratio
相关标签:
2条回答
  • 长发绾君心
    2021-01-28 12:07

    Mistake i did was to pass data of ca.crt which i got from kubectl edit secret nameofsa-token-xyze -n default directly to configuration.ssl_ca_cert in the code.

    Instead what should be done is to decode the data using base64 --decode, which i got from above command(kubectl edit secret nameofsa-token-xyze -n default), this is how i did it.

    kubectl get secrets default-token-nqkdv -n default -o jsonpath='{.data.ca\.crt}' | base64 --decode > ca.crt.

    Then i need to pass the path of ca.crt file in the code, so final code look like below

    from __future__ import print_function
import time
import kubernetes.client
from kubernetes.client.rest import ApiException

configuration = kubernetes.client.Configuration()
configuration.ssl_ca_cert = 'ca.crt'
configuration.api_key['authorization'] = 'ZXXXXXXXXXXdw=='
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.host = 'https://aaaaaaaaaaaaaaa.gr7.us-east-1.eks.amazonaws.com'

api_instance = kubernetes.client.CoreV1Api(kubernetes.client.ApiClient(configuration))
api_response = api_instance.list_namespace()
for i in api_response.items:
    print(i.metadata.name)
    0 讨论(0)
  • 小鲜肉
    2021-01-28 12:07

    You can test the token with basic request:

    import requests

with open('/path/to/token', 'r') as token_file:
    token=token_file.read()

url = 'https://my-kubernetes-cluster'

headers = {"Authorization":"Bearer "+token}

r = requests.get(url, verify='/path/to/ca_chain.crt', headers=headers)

for line in r.iter_lines():
    print line

    If the request goes through you can test this code:

    from kubernetes import client
from kubernetes.client import Configuration, ApiClient
config = Configuration()
config.api_key = {'authorization': 'Bearer <api_key>'}
config.host = 'https://my-kubernetes-cluster'
config.ssl_ca_cert = "/path/to/ca_chain.crt"

api_client = ApiClient(configuration=config)
v1 = client.CoreV1Api(api_client)

v1.list_pod_for_all_namespaces(watch=False)

    Try and let me know if it works for you.

    0 讨论(0)
 看不清?
提交回复
热议问题