-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: ⚗️ ServiceAccount: Inject script to test k8s API access (curl)
Here we have a simple script injection into our Go app in order to do a CURL requisition to local K8S Api from within the Pod. This will be important to validate that if we can access it when ServiceAccount its added.
- Loading branch information
1 parent
80ada95
commit 4fcfd79
Showing
2 changed files
with
40 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: test-api-k8s-script | ||
namespace: server | ||
data: | ||
script: | | ||
#!/bin/sh | ||
# TESTING ACCESS FROM POD TO K8S APISERVER: | ||
# with this script we can check if the pod can list pods via k8s api. | ||
# We are doing this to validate the ServiceAccounts | ||
# Export the internal Kubernetes API server hostname | ||
APISERVER=https://kubernetes.default.svc | ||
# Export the path to ServiceAccount mount directory | ||
SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount | ||
# Read the ServiceAccount bearer token | ||
TOKEN=$(cat ${SERVICEACCOUNT}/token) | ||
# Reference the internal Kubernetes certificate authority (CA) | ||
CACERT=${SERVICEACCOUNT}/ca.crt | ||
# Make a call to the Kubernetes API with TOKEN | ||
echo "ACTION1: Trying to list PODS from Kubernetes Api:" | ||
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/default/pods | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters