To access the Kubernetes API from a Pod one of the solution is to run kubectl proxy in a so-called sidecar container within the Pod. To do this, you need to package kubectl in a container. It is useful when service accounts are being used for accessing the API and the old no-auth KUBERNETES_RO service is not available. Since all containers in a Pod share the same network namespace, containers will be able to reach the API on localhost.
This example contains a Dockerfile and Makefile for packaging up kubectl into
a container and pushing the resulting container image on the Google Container Registry. You can modify the Makefile to push to a different registry if needed.
Assuming that you have checked out the Kubernetes source code and setup your environment to be able to build it. The typical build step of this kubectl container will be:
$ cd examples/kubectl-container
$ make kubectl
$ make tag
$ make container
$ make push
It is not currently automated as part of a release process, so for the moment
this is an example of what to do if you want to package kubectl into a
container and use it within a pod.
In the future, we may release consistently versioned groups of containers when we cut a release, in which case the source of gcr.io/google_containers/kubectl would become that automated process.
pod.json is provided as an example of running kubectl as a sidecar
container in a Pod, and to help you verify that kubectl works correctly in
this configuration. To launch this Pod, you will need a configured Kubernetes endpoint and kubectl installed locally, then simply create the Pod:
$ kubectl create -f pod.json