Kubeconfig files that are read by kubectl have a ‘clusters’ section that contains API server endpoints and CA’s, for example:
apiVersion: v1 clusters: - cluster: certificate-authority-data: dHJ1c3RtZQo= server: https://188.8.131.52:6443
That IP address is not a service IP, it’s usable by kubectl running outside of the cluster.
I’m trying to generate such kubeconfig files from a pod running within the cluster using client-go. I haven’t figured out how to discover the ‘server’ and ‘certificate-authority-data’ fields above.
Here’s what I’ve tried:
- Inspecting the result of rest.InClusterConfig: https://godoc.org/k8s.io/client-go/rest#Config. It contains some promising looking fields but unfortunately ‘Host’ contains a service IP and CertData.CAData is empty.
- Inspecting the pod environmental variables. There are some related to kube-apiserver but they all point to the service IP.
- Looking in the files mounted to /run/secrets/kubernetes.io/serviceaccount. None of the metadata in the token or the ca.crt mentions a hostname or IP address.
Is there any way to get ‘server’ and ‘certificate-authority-data’ for a kubeconfig file using the standard Go client from within the cluster, or do I need to load it in out of band?