Search code examples
kubernetescontainerskubernetes-podkube-apiserver

kubernetes get endpint in the containers

on kubernetes vm Im running for example : kubectl get endpoints how can I get the same output inside the pod , what should I run within a pod? I understood there is a kubeapi but Im new to kubernetes can someone explain how can I use it

this is my clusterrolebinding:

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: {{ template "elasticsearch.fullname" . }}
  labels:
    app: {{ template "elasticsearch.name" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
subjects:
- kind: ServiceAccount
  name: {{ template "elasticsearch.serviceAccountName.client" . }}
  namespace: {{ .Release.Namespace }}
roleRef:
  kind: ClusterRole
  name: {{ template "elasticsearch.fullname" . }}
  apiGroup: rbac.authorization.k8s.io

clusterrole.yaml:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name:  {{ template "elasticsearch.fullname" . }}
  labels:
    app: {{ template "elasticsearch.name" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
rules:
#
# Give here only the privileges you need
#
- apiGroups: [""]
  resources:
  - pods
  - endpoints
  verbs:
  - get
  - watch
  - list

serviceaccount:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: {{ template "elasticsearch.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    component: "{{ .Values.client.name }}"
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
  name: {{ template "elasticsearch.client.fullname" . }}
Solution

  • You don't have to have kubectl installed in pod to access the Kubernetes API. You will be ableto do it with any tool that can make HTTP requests.

    The Kubernetes API is a simple HTTP REST API, and all the authentication information that you need is present in the container if it runs as a Pod in the cluster.

    To get the Endpoints object named your-service from within a container in the cluster, you can do:

    $ curl -k -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
  https://kubernetes.default.svc:443/api/v1/namespaces/{namespace}/endpoints/your-service

    Replace {namespace} with the namespace of the your-service Endpoints resource._

    To extract the IP addresses of the returned JSON pipe the output to a tool like jq:

    ... | jq -r '.subsets[].addresses[].ip'

    IMPORTANT: The Pod from which you are executing this needs read permissions for the Endpoints resource, otherwise the API request will be denied.

    You can do this by creating a ClusterRole, ClusterRoleBinding, and Service Account - set this up once:

    $ kubectl create sa endpoint-reader-sa
$ kubectl create clusterrole endpoint-reader-cr --verb=get,list --resource=endpoints
$ kubectl create clusterrolebinding endpoint-reader-crb --serviceaccount=default:endpoint-reader-sa --clusterrole=endpoint-reader-cr

    Next use created ServiceAccount - endpoint-reader-sa for the Pod from which you want to execute the above curl command by specifying it in the pod.spec.serviceAccountName field.

    Granting permissions for any different API operations works in the same way.

    Source: get-pod-ip.

    And as also @ITChap mentioned similar answer: kubectl-from-inside-the-pod.