Connecting to Kubernetes API from pod

Question

I'm trying to use Kubernetes API from inside a pod. Going to list/watch pods and custom defined resources.

Construct url as "https://KUBERNETES_SERVICE_HOST:KUBERNETES_SERVICE_PORT_HTTPS" Authorization header = "Bearer /var/run/secrets/kubernetes.io/serviceaccount/token" CaCert = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

When running inside minikube, the request fails with "Error: connect ETIMEDOUT 10.96.0.1:443" Same code running in GCP fails with: "Error: unable to verify the first certificate"

stackoverflow.com/questions/30690186/… This link has a few solutions you can try. — Colwin
Possible duplicate of How do I access the Kubernetes api from within a pod container? — Colwin
While the question in those posts have similar title, the actual problems are different. In case of minikube I'm not able to connect to the api server. when running in GCP there are some problems with the certificate. — rubenhak
I've also tried this tutorial, but am getting the same behaviour. medium.com/@pczarkowski/… — rubenhak

Sam Sam · Accepted Answer · 2019-09-11T12:38:28

If you are using curl, you can skip certificate checks with the -k flag.

Try

curl -k  https://10.96.0.1:443/api/v1/namespaces -H "Authorization: Bearer <content of /var/run/secrets/kubernetes.io/serviceaccount/token here>"

Connecting to Kubernetes API from pod

1 Answers