Kubernetes version: 1.19
Cloud being used: DigitalOcean
Installation method: provider
Host OS: Linux
CNI and version: default
CRI and version: default
Hi there, inside my cluster, I have a Node.js container that configures and starts Jobs using “@kubernetes/client-node” These jobs run for 30-180 minutes, are crashy, and need restarting/observation.
const job = await batchV1Api.createNamespacedJob('default', kubeSpec.job)
const ext = await coreV1Api.createNamespacedService('default', kubeSpec.externalService)
const int = await coreV1Api.createNamespacedService('default', kubeSpec.internalService)
...
await batchV1Api.deleteNamespacedJob(kubeSpec.job.metadata.name, 'default')
await coreV1Api.deleteNamespacedService(kubeSpec.internalService.metadata.name, 'default')
await coreV1Api.deleteNamespacedService(kubeSpec.externalService.metadata.name, 'default')
I think the k8s client is using my default .kube/config to auth with the cluster. In development, this is my local machine, but I need a kubeconfig for production on Digital Ocean.
Digital Ocean’s website provisioned me a kubeconfig for kubectl, but its maximum privilege, and fear gives me pause to put it inside the cluster.
How can I create a new kubeconfig with minimum privilege?
Can you recommend an example to build from?
Thank you! Michael