How to find API server's external endpoint from within cluster?


#1

Hi everyone,

Kubeconfig files that are read by kubectl have a ‘clusters’ section that contains API server endpoints and CA’s, for example:

apiVersion: v1
clusters:
- cluster:
  certificate-authority-data: dHJ1c3RtZQo=
  server: https://1.2.3.4:6443

That IP address is not a service IP, it’s usable by kubectl running outside of the cluster.

I’m trying to generate such kubeconfig files from a pod running within the cluster using client-go. I haven’t figured out how to discover the ‘server’ and ‘certificate-authority-data’ fields above.

Here’s what I’ve tried:

  • Inspecting the result of rest.InClusterConfig: https://godoc.org/k8s.io/client-go/rest#Config. It contains some promising looking fields but unfortunately ‘Host’ contains a service IP and CertData.CAData is empty.
  • Inspecting the pod environmental variables. There are some related to kube-apiserver but they all point to the service IP.
  • Looking in the files mounted to /run/secrets/kubernetes.io/serviceaccount. None of the metadata in the token or the ca.crt mentions a hostname or IP address.

Is there any way to get ‘server’ and ‘certificate-authority-data’ for a kubeconfig file using the standard Go client from within the cluster, or do I need to load it in out of band?

Thanks!
Anand