Created
August 11, 2019 14:51
-
-
Save ryu1kn/fa4287bd25d1cae5f12f603155c1dac2 to your computer and use it in GitHub Desktop.
Access Kubernetes API server with a service account token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Accessing Kubernetes API server with a service account token | |
service_account_name := default | |
tmp_cacert_file := __cacert.pem | |
check-api: | |
$(MAKE) get-ca-cert > $(tmp_cacert_file) | |
bash -c 'curl $(shell $(MAKE) get-cluster-address)/api \ | |
--header "Authorization: Bearer $(shell $(MAKE) get-api-token)" \ | |
--cacert $(tmp_cacert_file)' | |
get-cluster-address: | |
@kubectl config view -o jsonpath='{.clusters[?(@.name == "$(shell kubectl config current-context)")].cluster.server}' | |
get-api-token: | |
@kubectl get secrets $(shell $(MAKE) get-secret-name) -o 'jsonpath={.data.token}' | base64 --decode | |
get-secret-name: | |
@kubectl get serviceaccounts $(service_account_name) -o jsonpath='{.secrets[0].name}' | |
get-ca-cert: | |
@kubectl get secrets $(shell $(MAKE) get-secret-name) -o "jsonpath={.data.ca\.crt}" | base64 --decode |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment