在Google Cloud Function上下文中对GKE集群的Kubernetes API进行身份验证的最佳方法是什么?在深入研究google-auth-libraryand 的源代码之后@kubernetes/client-node,我通过使用一些未公开的API提出了以下解决方案。它可以工作,但是我想知道这是否是正确的方法,以及那里是否有随时可用的东西。
https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.zones.clusters#MasterAuth还返回clientCertificate和clientKey ,这尤其奇怪。将那些用于opts.cert和opts.key代替访问令牌会导致以下错误:
Error from server (Forbidden): namespaces "footest" is forbidden: User "client" cannot delete namespaces in the namespace "footest": Unknown user "client"
Error from server (Forbidden): namespaces "footest" is forbidden: User "client" cannot delete namespaces in the namespace "footest": Unknown user "client"