Follow the k8s official doc. The recommended way to authenticate to the apiserver from a pod is with a service account credential.
But in the notebook server’s pod, I can’t access the API server by
kubectl get pod
Here are the steps:
kubectl exec -it jupyter-my-username -- /bin/bash kubectl get pod # The connection to the server localhost:8080 was refused - did you specify the right host or port?
But when I apply a pod with the same image and run:
kubectl exec -it pod-name -- /bin/bash kubectl get pod # Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:jupyterhub:default" cannot list resource "pods" in API group "" in the namespace "jupyterhub"
Some extra information:
# inside nb server pod cat /var/run/secrets/kubernetes.io/serviceaccount/namespace # cat: /var/run/secrets/kubernetes.io/serviceaccount/namespace: No such file or directory # but inside other's pod cat /var/run/secrets/kubernetes.io/serviceaccount/namespace $ jupyterhub (jupyterhub is the name of namespace)
I want to know if there are some ways I can access to the K8S API service inside the notebook server pod ?
Thanks very much.