witty-engineer-12406
11/30/2022, 11:52 AMapiVersion: <http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>
kind: ClusterRole
metadata:
name: dummy-cr
rules:
- nonResourceURLs: ["/healthz", "/readyz", "/livez"]
verbs: ["get"]
- apiGroups:
- ""
resources: ["pods", "pods/exec"]
verbs: ["get", "delete", "create", "exec", "list"]
- apiGroups:
- ""
resources: ["configmaps"]
verbs: ["create", "delete"]
---
apiVersion: <http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>
kind: ClusterRoleBinding
metadata:
name: dummy-crb
roleRef:
apiGroup: <http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>
kind: ClusterRole
name: dummy-cr
subjects:
- kind: ServiceAccount
name: dummy-sa
namespace: dummy-demo
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: dummy-sa
namespace: dummy-demo
import os
from kubernetes import client, config
KUBE_CONFIG_FILE = ""
if os.path.isfile(KUBE_CONFIG_FILE):
config.load_kube_config(KUBE_CONFIG_FILE)
# check if serviceaccount exits
elif os.path.exists("/run/secrets/kubernetes.io/serviceaccount"):
print("startup: try loading service account")
config.load_incluster_config()
else:
raise Exception("FAIL: cannot connect to control plain")
result = client.ApiClient().call_api(resource_path="/healthz",
method="GET",
# query_params={"verbose": "true"},
response_type=str)
/healthz
not work 🤔