Skip to content

Instantly share code, notes, and snippets.

@jwhitlark

jwhitlark/k8s-client.clj

Created April 30, 2019 01:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jwhitlark/8e42baadbd86147547d1cdb08c81191c to your computer and use it in GitHub Desktop.
Save jwhitlark/8e42baadbd86147547d1cdb08c81191c to your computer and use it in GitHub Desktop.
Download ZIP
Access Kubernetes API from inside a pod with clojure, clj-http, and a custom ca.crt, with help from aphyr's less-awful-ssl
Raw
k8s-client.clj
;; less-awful-ssl {:mvn/version "1.0.4"}
;; clj-http {:mvn/version "3.9.1"}
(let [trust-store (less.awful.ssl/trust-store (clojure.java.io/file "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"))
bearer-token (format "Bearer %s" (slurp "/var/run/secrets/kubernetes.io/serviceaccount/token"))
kube-api-host (System/getenv "")
kube-api-port (System/getenv "")]
(clj-http.client/get
(format "https://%s:%s/apis/<something-protected>" kube-api-host kube-api-port)
{:trust-store trust-store
:headers {:authorization bearer-token}})
@jwhitlark
Copy link
Author

oops, forgot
KUBERNETES_SERVICE_HOST
KUBERNETES_SERVICE_PORT

@jwhitlark
Copy link
Author

More detail at dakrone/clj-http#486 and associated PR(s)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment