← Back to Datawire Open Source Documentation

Local Connection to Kubernetes Client Libraries

Author: Guray Yildirim (@gurayyildirim)

Install Telepresence with Homebrew/apt/dnf

Intro

Kubernetes has client libraries in many different languages. It is not rare to have situations that require connecting Kubernetes API from your cluster and getting resources/creating new pods & deployments, ... While the list goes on, Kubernetes provide ServiceAccount objects in its RBAC to fill up this need. Still, development from local computers, testing, and debugging become a pain due to lack of direct access to the cluster API using token.

Using Telepresence, it becomes an easy task to access ServiceAccount token seamlessly with your libraries. Here are the links for jumping:

Java Kubernetes Client

If you are using a Kubernetes client like this one, you need to make sure the client can access service account information. This can be done with the --mount command introduced in Telepresence 0.85.

We need to add the following to the command:

  • --mount /tmp/known Tells Telepresence to mount TELEPRESENCE_ROOT to a known folder
  • -v=/tmp/known/var/run/secrets:/var/run/secrets This is another Docker mounting command to mount the known folder to /var/run/secrets in the local container. The Fabric8 Kubernetes client can find the secrets there as it would inside Kubernetes

So our telepresense.sh file would look like that

telepresence.sh

telepresence --mount /tmp/known --swap-deployment foo --docker-run --rm -v$(pwd):/build -v $HOME/.m2/repository:/m2 -v=/tmp/known/var/run/secrets:/var/run/secrets -p 8080:8080 maven-build:jdk8 mvn -Dmaven.repo.local=/m2 -f /build spring-boot:run

For more details about the mount command check the documentation

Python Kubernetes Client

If you are using a Python Kubernetes client like the officially supported one, you need to make sure the client can access service account information. This can be done with the --mount command introduced in Telepresence 0.85.

We need to add the following to the command:

  • --mount /tmp/known Tells Telepresence to mount TELEPRESENCE_ROOT to a known folder
  • -v=/tmp/known/var/run/secrets:/var/run/secrets This is another Docker mounting command to mount the known folder to /var/run/secrets in the local container. The Kubernetes Python client can find the secrets there as it would inside Kubernetes.

telepresence.sh

telepresence --mount /tmp/known --swap-deployment myapp --docker-run --rm -v$(pwd):/code -v=/tmp/known/var/run/secrets:/var/run/secrets -p 8080:8080 guray/podstatus:1.0

The example is an API which returns list of pods in the desired namespace(if serviceaccount is authorized), to try it from your laptop: curl localhost:8080/pods/default.

How it works?

The container is running on your laptop and gets serviceaccount information like it is on the Kubernetes cluster. Afterwards if authorized, get list of the pods and returns with their status as JSON.

For more details about the mount command check the documentation

results matching ""

    No results matching ""