First create the resources.yml
to create a service account, RBAC & bindings for it, as well as a pod that uses the downward API to get its own name...
kubectl create -f resources.yml
Now you can exec into the pod...
$ kubectl exec -it toolpod -- /bin/bash
Go ahead and get your secret token, and then query the api with it:
$ KUBE_TOKEN=$(</var/run/secrets/kubernetes.io/serviceaccount/token)
$ curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/pods/$POD_NAME | grep -i containerid
"containerID": "docker://e9914b331ef809b5f6e27b8fc57fb6477e436edee089c9df3eabb66ec422d062",
Note: You might need to also get the namespace in the downward API, and the RBAC is very very very permissive.
If the kubernetes.default.svc.cluster.local
URL isn't working for you, you might need to generate the API server URL otherwise -- do this from wherever you run kubectl
and then use it in the container:
[centos@kube-singlehost-master ~]$ APISERVER=https://$(kubectl -n default get endpoints kubernetes --no-headers | awk '{ print $2 }')
[centos@kube-singlehost-master ~]$ echo $APISERVER
https://192.168.122.144:6443