K8S Read config map via go API

Question

I’ve a config map which I need to read from K8S via api

I Created a cluster role

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: zrole
rules:
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get", "list"]

and cluster role binding

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: z-role-binding
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: zrole

Config Map

apiVersion: v1
kind: ConfigMap
metadata:
  name: z-config
  namespace: fdrs
data:
  avr: client1
  fuss: xurbz

The code is used like

clientSet.CoreV1().ConfigMaps(uNamespcae)

when I run the code locally (and provide to the the GO api the kubeconfig) I was able to get the config map data, However when I run the code inside the cluster I got error: invalid token , any idea what am I missing here?

Answer 1

Check automountServiceAccountToken in the pod spec. By default it's set to true, but maybe you have it disabled.

Use the official GO client. It reads the correct configuration and tokens by default. https://github.com/kubernetes/client-go/blob/master/examples/in-cluster-client-configuration/main.go

If you don't use it, then use the correct configuration: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#directly-accessing-the-rest-api-1

Check the token in the pod: /var/run/secrets/kubernetes.io/serviceaccount/token and use the kubernetes service.