|
codebundle-builder Service Account Check¶
1 Troubleshooting Commands
Last updated 13 weeks ago 
Contributed by 
Private Configuration
Join Discussion
Troubleshooting Commands¶
Test Service Account Access to Kubernetes API Server in Namespace codebundle-builder¶
What does it do?
This command is used to set up a pod in Kubernetes that runs a curl command to make an API request, using a specified service account and namespace. It waits for the pod to be running and then cleans up after the request is made.
Command
apiserver=https://kubernetes.default.svc; namespace=codebundle-builder; context=gke_runwhen-nonprod-sandbox_us-central1_sandbox-cluster-1-cluster; resource=""; serviceaccount=default; kubectl run curl-pod --image=curlimages/curl:latest --restart=Never --overrides="{ \"spec\": { \"serviceAccountName\": \"$serviceaccount\" } }" -n $namespace --context=$context --command -- sleep infinity && echo "Waiting for the curl-pod to be running..." && kubectl wait --for=condition=Ready pod/curl-pod --timeout=20s -n $namespace --context=$context && TOKEN=$(kubectl exec curl-pod -n $namespace --context=$context -- cat /var/run/secrets/kubernetes.io/serviceaccount/token) && echo "Performing a curl request to the Kubernetes API..." && kubectl exec curl-pod -n $namespace --context=$context -- curl -s -k -H "Authorization: Bearer $TOKEN" $apiserver$resource && echo "Cleaning up..." && kubectl delete pod curl-pod -n $namespace --context=$context && echo "Done"
Copy to clipboard
Copied to clipboard
Learn more
This multi-line content is auto-generated and used for educational purposes. Copying and pasting the multi-line text might not function as expected.
# Set the variables for the API server, namespace, context, resource, and service account
apiserver=https://kubernetes.default.svc
namespace=${NAMESPACE}
context=${CONTEXT}
resource=""
serviceaccount=${SERVICE_ACCOUNT}
# Create a pod running the curl container with specified service account and wait for it to be running
kubectl run curl-pod --image=curlimages/curl:latest --restart=Never --overrides="{ \"spec\": { \"serviceAccountName\": \"$serviceaccount\" } }" -n $namespace --context=$context --command -- sleep infinity && echo "Waiting for the curl-pod to be running..." && kubectl wait --for=condition=Ready pod/curl-pod --timeout=20s -n $namespace --context=$context
# Retrieve the token from the service account and perform a curl request to the Kubernetes API
TOKEN=$(kubectl exec curl-pod -n $namespace --context=$context -- cat /var/run/secrets/kubernetes.io/serviceaccount/token) && echo "Performing a curl request to the Kubernetes API..." && kubectl exec curl-pod -n $namespace --context=$context -- curl -s -k -H "Authorization: Bearer $TOKEN" $apiserver$resource
# Clean up by deleting the curl-pod
echo "Cleaning up..." && kubectl delete pod curl-pod -n $namespace --context=$context && echo "Done"