1

I am having trouble authenticating my C# service for a remote cluster. Trying to use my svc gets Forbidden, so I am hoping to work around with this. I know that inClusterConfig does work properly when this service is in the Cluster, but I am trying to run local and host jobs in my remote cluster.

This is what I am trying:

Environment.SetEnvironmentVariable("KUBERNETES_SERVICE_HOST", "Value1");
Environment.SetEnvironmentVariable("KUBERNETES_SERVICE_PORT", "Value1");

KubernetesClientConfiguration config = new KubernetesClientConfiguration();
config.Host = "https://xx";
            
config = KubernetesClientConfiguration.InClusterConfig();

Not sure if this is possible. Currently getting error

Unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined

Thanks

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Chase Marino
  • 11
  • 1

1 Answers1

0

In addition to the environment variables, KubernetesClientConfiguration.IsInCluster also requires a token and certificate:

if (!FileUtils.FileSystem().File.Exists(tokenPath))
{
 return false;
}

// ...
return FileUtils.FileSystem().File.Exists(certPath);

The details of authentication are explained in this answer:

When accessing the API from a Pod, the client certificate is located on /var/run/secrets/kubernetes.io/serviceaccount/ca.crt and in addition, you need to authenticate using the token located on /var/run/secrets/kubernetes.io/serviceaccount/token

Once a connection is being attempted, per this answer:

InClusterConfig uses the default service account of the namespace where you are deploying the pod. By default that service account will not have any RBAC which leads to Forbidden error.

user423430
  • 3,654
  • 3
  • 26
  • 22