Search code examples
kubernetesrustdigital-oceankubernetes-operator

parsed kubeconfig is invalid for incluster kube-rs usage


I am trying to use kube-rs/kube from within a k8s deployment as:

    let client = Client::try_default().await?;

but get errors as it tries to process a JWT token as a kubeconfig file:

   kubeconfig: (the structure of the parsed kubeconfig is invalid: invalid type: string "XXX"

where XXX is a b64 token.

I can't find any docs explaining how to instantiate the client differently incluster vs standalone (standalone works as it finds ~/.kube/config on my dev machine).

The k8s cluster is managed k8s at Digital Ocean.

My chart creates a service account which is named in the decoded token the kube-rs call to instantiate the client is choking on as it tries to process the token as a kubeconfig file.


Solution

  • Issue was not related to kube-rs usage. My service account was improperly specified in my chart and a KUBECONFIG env var was erroneously defined telling my app to think the token file was a kubeconfig.

    Removing the KUBECONFIG env var and removing the explicit volume mounts for the service account solved this issue and the code is now smart enough to recognize when it is in incluster context.