FIX(k8s): in-cluster kubeconfig access
- Set KUBECONFIG env at job level for all steps - Generate kubeconfig from ServiceAccount token - Use tokenFile reference for automatic token renewal - Set proper cluster CA and server URL - Test connection after setup This ensures kubectl works correctly inside K8s Pod runner
This commit is contained in:
@@ -18,6 +18,9 @@ jobs:
|
|||||||
contents: write
|
contents: write
|
||||||
packages: write
|
packages: write
|
||||||
|
|
||||||
|
env:
|
||||||
|
KUBECONFIG: /tmp/kubeconfig
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
image-tag: ${{ steps.meta.outputs.tags }}
|
image-tag: ${{ steps.meta.outputs.tags }}
|
||||||
image-digest: ${{ steps.build.outputs.digest }}
|
image-digest: ${{ steps.build.outputs.digest }}
|
||||||
@@ -37,8 +40,50 @@ jobs:
|
|||||||
|
|
||||||
- name: Setup Kubernetes access
|
- name: Setup Kubernetes access
|
||||||
run: |
|
run: |
|
||||||
# Running in Kubernetes Pod - use in-cluster config
|
# Running in Kubernetes Pod - create kubeconfig from ServiceAccount
|
||||||
echo "Running in Kubernetes - using ServiceAccount"
|
echo "Setting up in-cluster kubeconfig"
|
||||||
|
|
||||||
|
SA_PATH="/var/run/secrets/kubernetes.io/serviceaccount"
|
||||||
|
|
||||||
|
if [ ! -f "${SA_PATH}/token" ]; then
|
||||||
|
echo "❌ ServiceAccount token not found"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ ServiceAccount token found"
|
||||||
|
|
||||||
|
# Get cluster info
|
||||||
|
KUBE_HOST="${KUBERNETES_SERVICE_HOST:-kubernetes.default.svc}"
|
||||||
|
KUBE_PORT="${KUBERNETES_SERVICE_PORT:-443}"
|
||||||
|
KUBE_URL="https://${KUBE_HOST}:${KUBE_PORT}"
|
||||||
|
|
||||||
|
echo "Kubernetes API: ${KUBE_URL}"
|
||||||
|
|
||||||
|
# Create kubeconfig
|
||||||
|
cat > ${KUBECONFIG} <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Config
|
||||||
|
clusters:
|
||||||
|
- cluster:
|
||||||
|
certificate-authority: ${SA_PATH}/ca.crt
|
||||||
|
server: ${KUBE_URL}
|
||||||
|
name: default
|
||||||
|
contexts:
|
||||||
|
- context:
|
||||||
|
cluster: default
|
||||||
|
namespace: $(cat ${SA_PATH}/namespace)
|
||||||
|
user: default
|
||||||
|
name: default
|
||||||
|
current-context: default
|
||||||
|
users:
|
||||||
|
- name: default
|
||||||
|
user:
|
||||||
|
tokenFile: ${SA_PATH}/token
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chmod 600 ${KUBECONFIG}
|
||||||
|
|
||||||
|
# Test connection
|
||||||
kubectl version
|
kubectl version
|
||||||
kubectl get nodes -o wide
|
kubectl get nodes -o wide
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user