Description
Hi, guys.
Follow the k8s official doc. The recommended way to authenticate to the apiserver from a pod is with a service account credential.
But in the notebook server’s pod, I can’t access the API server by kubectl get pod
Here are the steps:
kubectl exec -it jupyter-my-username -- /bin/bash
kubectl get pod
# The connection to the server localhost:8080 was refused - did you specify the right host or port?
But when I apply a pod with the same image and run:
kubectl exec -it pod-name -- /bin/bash
kubectl get pod
# Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:jupyterhub:default" cannot list resource "pods" in API group "" in the namespace "jupyterhub"
Some extra information:
# inside nb server pod
cat /var/run/secrets/kubernetes.io/serviceaccount/namespace
# cat: /var/run/secrets/kubernetes.io/serviceaccount/namespace: No such file or directory
# but inside other's pod
cat /var/run/secrets/kubernetes.io/serviceaccount/namespace
$ jupyterhub (jupyterhub is the name of namespace)
Expected behaviour
I want to know if there are some ways I can access to the K8S API service inside the notebook server pod ?
Thanks very much.