A RestClient which uses a KubeConfig to talk directly to a Kubernetes endpoint. Used by code which is running within a Kubernetes pod and would like to access the local cluster's control plane using its Service Account.

Also useful for some development workflows, such as interacting with kubectl proxy or even directly in certain cases. Unfortunately Deno's fetch() is still a bit gimped for server use so this client works best for simple cases.

Deno flags to use this client: Basic KubeConfig: --allow-read=$HOME/.kube --allow-net --allow-env CA cert fix: --unstable --allow-read=$HOME/.kube --allow-net --allow-env In-cluster 1: --allow-read=/var/run/secrets/kubernetes.io --allow-net --unstable In-cluster 2: --allow-read=/var/run/secrets/kubernetes.io --allow-net --cert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt

Unstable features:

• using the cluster's CA when fetching (otherwise pass --cert to Deno)
• using client auth authentication, if configured
• inspecting permissions and prompting for further permissions (TODO)

--allow-env is purely to read the $HOME and $KUBECONFIG variables to find your kubeconfig

Note that advanced kubeconfigs will need different permissions. This client will prompt you if your config requires extra permissions. Federated auth like AWS IAM or a Google Account are the largest offenders.

Note that KUBERNETES_SERVER_HOST is not used for historical reasons. TODO: This variable could be used for an optimization, when available.