问题
I have configured minikube in my local machine and going to use kubernetes externally. I have created a Service Account in kubernetes and using it's secret I can get the access token using below command.
kubectl get secret <service-account-secret> -o yaml -n mynamespace
My question is how can I do this using fabric8 java client in runtime ? What I want is to obtain the access token by giving the secret of the Service account as a parameter.
I am initiating the config as bellow.
Config config = new ConfigBuilder().withMasterUrl(masterURL)
.withClientCertFile(certFile).withOauthToken(serviceAccountAccessToken).build();
Can I know how to get the serviceAccountAccessToken as described above using fabric8 java client ?
回答1:
From within a Pod, the service account token is volume-mounted as /var/run/secrets/kubernetes.io/serviceaccount/token as seen here. The fact that the path is hard-coded in (at least v2.6.2 of) the fabric8 Client leads me to believe that perhaps if one merely omits the withOauthToken() call that the Client may Just Work™
It's slightly unclear whether the code snippet you provided is expected to run outside of the cluster, but if so then you have a small chicken-and-egg problem of providing auth to the API so you can acquire the Secret
回答2:
The client already does that for you.
If you just create an empty Config object:
Config config = new ConfigBuilder().build();
or create the client, like:
KubernetesClient client = new DefaultKubernetesClient();
from within a pod, it will automatically read the token for you.
If you need to pass it elsewhere, you can just:
String token = config.getOauthToken();
or
String token = client.getConfiguration().getOauthToken();
来源:https://stackoverflow.com/questions/46046871/how-to-get-kubernetes-service-account-access-token-using-fabric8-java-client