无法从client-go-/ serviceaccount / token连接到kubectl：没有这样的文件

I am using golang lib client-go to connect to a running local kubrenets. To start with I took code from the example: out-of-cluster-client-configuration.

Running a code like this: $ KUBERNETES_SERVICE_HOST=localhost KUBERNETES_SERVICE_PORT=6443 go run ./main.go results in following error:

panic: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory

goroutine 1 [running]:

/var/run/secrets/kubernetes.io/serviceaccount/

I am not quite sure which part of configuration I am missing. I've researched following links :

• https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins

• https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/

But with no luck. I guess I need to either let the client-go know which token/serviceAccount to use, or configure kubectl in a way that everyone can connect to its api.

Here's status of my kubectl though some commands results:

$ kubectl config view

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://localhost:6443
  name: docker-for-desktop-cluster
contexts:
- context:
    cluster: docker-for-desktop-cluster
    user: docker-for-desktop
  name: docker-for-desktop
current-context: docker-for-desktop
kind: Config
preferences: {}
users:
- name: docker-for-desktop
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

$ kubectl get serviceAccounts

NAME        SECRETS   AGE
default     1         3d
test-user   1         1d

$ kubectl describe serviceaccount test-user

Name:                test-user
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   test-user-token-hxcsk
Tokens:              test-user-token-hxcsk
Events:              <none>

$ kubectl get secret test-user-token-hxcsk -o yaml

apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0......=
  namespace: ZGVmYXVsdA==
  token: ZXlKaGJHY2lPaUpTVXpJMU5pSX......=
kind: Secret
metadata:
  annotations:
    kubernetes.io/service-account.name: test-user
    kubernetes.io/service-account.uid: 984b359a-6bd3-11e8-8600-XXXXXXX
  creationTimestamp: 2018-06-09T10:55:17Z
  name: test-user-token-hxcsk
  namespace: default
  resourceVersion: "110618"
  selfLink: /api/v1/namespaces/default/secrets/test-user-token-hxcsk
  uid: 98550de5-6bd3-11e8-8600-XXXXXX
type: kubernetes.io/service-account-token