Mayne0213/jovies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX(k8s): in-cluster kubeconfig access

Browse Source 
- Set KUBECONFIG env at job level for all steps
- Generate kubeconfig from ServiceAccount token
- Use tokenFile reference for automatic token renewal
- Set proper cluster CA and server URL
- Test connection after setup

This ensures kubectl works correctly inside K8s Pod runner
This commit is contained in:
Mayne0213
2025-12-28 17:38:14 +09:00
parent 37a7dbd561
commit 7b0f520e54
1 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
.gitea/workflows/build.yml
View File

@@ -18,6 +18,9 @@ jobs:
contents: write
packages: write
env:
KUBECONFIG: /tmp/kubeconfig
outputs:
image-tag: ${{ steps.meta.outputs.tags }}
image-digest: ${{ steps.build.outputs.digest }}
@@ -37,8 +40,50 @@ jobs:
- name: Setup Kubernetes access
run: |
# Running in Kubernetes Pod - use in-cluster config
echo "Running in Kubernetes - using ServiceAccount"
# Running in Kubernetes Pod - create kubeconfig from ServiceAccount
echo "Setting up in-cluster kubeconfig"
SA_PATH="/var/run/secrets/kubernetes.io/serviceaccount"
if [ ! -f "${SA_PATH}/token" ]; then
echo "❌ ServiceAccount token not found"
exit 1
fi
echo "✅ ServiceAccount token found"
# Get cluster info
KUBE_HOST="${KUBERNETES_SERVICE_HOST:-kubernetes.default.svc}"
KUBE_PORT="${KUBERNETES_SERVICE_PORT:-443}"
KUBE_URL="https://${KUBE_HOST}:${KUBE_PORT}"
echo "Kubernetes API: ${KUBE_URL}"
# Create kubeconfig
cat > ${KUBECONFIG} <<EOF
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: ${SA_PATH}/ca.crt
server: ${KUBE_URL}
name: default
contexts:
- context:
cluster: default
namespace: $(cat ${SA_PATH}/namespace)
user: default
name: default
current-context: default
users:
- name: default
user:
tokenFile: ${SA_PATH}/token
EOF
chmod 600 ${KUBECONFIG}
# Test connection
kubectl version
kubectl get nodes -o wide