Can you use C# Kubernetes inClusterConfig for a remote Cluster?

Question

I am having trouble authenticating my C# service for a remote cluster. Trying to use my svc gets Forbidden, so I am hoping to work around with this. I know that inClusterConfig does work properly when this service is in the Cluster, but I am trying to run local and host jobs in my remote cluster.

This is what I am trying:

Environment.SetEnvironmentVariable("KUBERNETES_SERVICE_HOST", "Value1");
Environment.SetEnvironmentVariable("KUBERNETES_SERVICE_PORT", "Value1");

KubernetesClientConfiguration config = new KubernetesClientConfiguration();
config.Host = "https://xx";
            
config = KubernetesClientConfiguration.InClusterConfig();

Not sure if this is possible. Currently getting error

Unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined

Thanks

Answer 1

In addition to the environment variables, KubernetesClientConfiguration.IsInCluster also requires a token and certificate:

if (!FileUtils.FileSystem().File.Exists(tokenPath))
{
 return false;
}

// ...
return FileUtils.FileSystem().File.Exists(certPath);

The details of authentication are explained in this answer:

When accessing the API from a Pod, the client certificate is located on /var/run/secrets/kubernetes.io/serviceaccount/ca.crt and in addition, you need to authenticate using the token located on /var/run/secrets/kubernetes.io/serviceaccount/token

Once a connection is being attempted, per this answer:

InClusterConfig uses the default service account of the namespace where you are deploying the pod. By default that service account will not have any RBAC which leads to Forbidden error.