From 8efad6dbf069c2764b21251a22d7fe6de516cad5 Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Fri, 19 May 2017 13:41:50 -0700 Subject: [PATCH] clientgo/examples/in-cluster: add instructions to run the example This patch adds instructions for how to run the in-cluster client-go example. To make this example executable, providing a Dockerfile and build steps so that it can directly be run on minikube. This is part of the body of work improving the client library samples. Signed-off-by: Ahmet Alp Balkan Kubernetes-commit: 8604ed6d9906ebfb33206b55467db41c87e9f148 --- examples/in-cluster/Dockerfile | 17 ++++++++++++ examples/in-cluster/README.md | 50 ++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 examples/in-cluster/Dockerfile create mode 100644 examples/in-cluster/README.md diff --git a/examples/in-cluster/Dockerfile b/examples/in-cluster/Dockerfile new file mode 100644 index 00000000..d0cc281a --- /dev/null +++ b/examples/in-cluster/Dockerfile @@ -0,0 +1,17 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM debian +COPY ./app /app +ENTRYPOINT /app diff --git a/examples/in-cluster/README.md b/examples/in-cluster/README.md new file mode 100644 index 00000000..0e251d13 --- /dev/null +++ b/examples/in-cluster/README.md @@ -0,0 +1,50 @@ +# Authenticating inside the cluster + +This example shows you how you can write an application that authenticates to +the Kubernetes API while it is running on a Kubernetes cluster. + +client-go uses the [Service Account token][sa] mounted inside the Pod at the +`/var/run/secrets/kubernetes.io/serviceaccount` path when the +`rest.InClusterConfig()` is used. + +## Running this example + +First compile the application for Linux: + + cd in-cluster + GOOS=linux go build -o ./app . + +Then package it to a docker image using the provided Dockerfile to run it on +Kubernetes. + +If you are running a [Minikube][mk] cluster, you can build this image directly +on the Docker engine of the Minikube node without pushing it to a registry. To +build the image on Minikube: + + eval $(minikube docker-env) + docker build -t in-cluster . + +If you are not using Minikube, you should build this image and push it to a registry +that your Kubernetes cluster can pull from. + +Then, run the image in a Pod with a single instance Deployment: + + $ kubectl run --rm -i demo --image=in-cluster --image-pull-policy=Never + + There are 4 pods in the cluster + There are 4 pods in the cluster + There are 4 pods in the cluster + ... + +The example now runs on Kubernetes API and successfully queries the number of +pods in the cluster every 10 seconds. + +### Clean up + +To stop this example and clean up the pod, press Ctrl+C on +the `kubectl run` command and then run: + + kubectl delete deployment demo + +[sa]: https://kubernetes.io/docs/admin/authentication/#service-account-tokens +[mk]: https://kubernetes.io/docs/getting-started-guides/minikube/