Essentially, I want an explanation how the following works exactly:
There are tons of examples of authenticating by using a Kube config file, but I did not find a single complete explanation how the ClientBuilder.defaultClient() method is supposed to work.
The status quo is, that my application is using this ClientBuilder.defaultClient() and it seems to work. But now I want to overhaul the related Helm Chart, where the related ServiceAccount, etc. is in. Somehow it works, but I do not understand how exactly.
What I want to precisely know:
- What resources does the
ClientBuilder.defaultClient()need, if it is initialized from within a Deployment’s Pod? - Does it need a ServiceAccount? If yes, how does it need to look? How does the
ClientBuilder.defaultClient()know which ServiceAccount is the right one? Is assigning the ServiceAccount to the Pod enough? - Does the Deployment’s Pod need a ClusterRole?
- Does the Deployment’s Pod need a ClusterRoleBinding?
As far as my research regarding this topic goes, there is almost no information available, at all, regarding this specific feature. Everything just talks about Kubeconfig files. Therefore, I need to know exactly how the ClientBuilder.defaultClient() works, to be able to modify the related resources without breaking the Deployment and its administrative position in the cluster.