diff --git a/examples/in-cluster-client-configuration/Dockerfile b/examples/in-cluster-client-configuration/Dockerfile
new file mode 100644
index 0000000..3bc113d
--- /dev/null
+++ b/examples/in-cluster-client-configuration/Dockerfile
@@ -0,0 +1,17 @@
+# Copyright 2018 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM debian
+COPY ./app /app
+ENTRYPOINT /app
diff --git a/examples/in-cluster-client-configuration/README.md b/examples/in-cluster-client-configuration/README.md
new file mode 100644
index 0000000..811b750
--- /dev/null
+++ b/examples/in-cluster-client-configuration/README.md
@@ -0,0 +1,50 @@
+# Authenticating inside the cluster
+
+This example shows you how to configure a client with client-go to authenticate
+to the Kubernetes API from an application running inside the Kubernetes cluster.
+
+client-go uses the [Service Account token][sa] mounted inside the Pod at the
+`/var/run/secrets/kubernetes.io/serviceaccount` path when the
+`rest.InClusterConfig()` is used.
+
+## Running this example
+
+First compile the application for Linux:
+
+    cd in-cluster-client-configuration
+    GOOS=linux go build -o ./app .
+
+Then package it to a docker image using the provided Dockerfile to run it on
+Kubernetes.
+
+If you are running a [Minikube][mk] cluster, you can build this image directly
+on the Docker engine of the Minikube node without pushing it to a registry. To
+build the image on Minikube:
+
+    eval $(minikube docker-env)
+    docker build -t in-cluster .
+
+If you are not using Minikube, you should build this image and push it to a registry
+that your Kubernetes cluster can pull from.
+
+Then, run the image in a Pod with a single instance Deployment:
+
+    $ kubectl run --rm -i demo --image=in-cluster --image-pull-policy=Never
+
+    There are 4 pods in the cluster
+    There are 4 pods in the cluster
+    There are 4 pods in the cluster
+    ...
+
+The example now runs on Kubernetes API and successfully queries the number of
+pods in the cluster every 10 seconds.
+
+### Clean up
+
+To stop this example and clean up the pod, press <kbd>Ctrl</kbd>+<kbd>C</kbd> on
+the `kubectl run` command and then run:
+
+    kubectl delete deployment demo
+
+[sa]: https://kubernetes.io/docs/admin/authentication/#service-account-tokens
+[mk]: https://kubernetes.io/docs/getting-started-guides/minikube/
diff --git a/examples/in-cluster-client-configuration/main.go b/examples/in-cluster-client-configuration/main.go
new file mode 100644
index 0000000..6d4fa39
--- /dev/null
+++ b/examples/in-cluster-client-configuration/main.go
@@ -0,0 +1,46 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Note: the example only works with the code within the same release/branch.
+package main
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"k8s.io/client/kubernetes/client"
+	"k8s.io/client/kubernetes/config"
+)
+
+func main() {
+	// creates the in-cluster config
+	config, err := config.InClusterConfig()
+	if err != nil {
+		panic(err.Error())
+	}
+	// creates the clientset
+	c := client.NewAPIClient(config)
+	for {
+		pods, _, err := c.CoreV1Api.ListPodForAllNamespaces(context.Background(), nil)
+		if err != nil {
+			panic(err.Error())
+		}
+		fmt.Printf("There are %d pods in the cluster\n", len(pods.Items))
+
+		time.Sleep(10 * time.Second)
+	}
+}
diff --git a/examples/out-of-cluster-client-configuration/README.md b/examples/out-of-cluster-client-configuration/README.md
new file mode 100644
index 0000000..80da4a1
--- /dev/null
+++ b/examples/out-of-cluster-client-configuration/README.md
@@ -0,0 +1,35 @@
+# Authenticating outside the cluster
+
+This example shows you how to configure a client with client-go to authenticate
+to the Kubernetes API from an application running outside the Kubernetes
+cluster.
+
+You can use your kubeconfig file that contains the context information
+of your cluster to initialize a client. The kubeconfig file is also used
+by the `kubectl` command to authenticate to the clusters.
+
+## Running this example
+
+Make sure your `kubectl` is configured and pointed to a cluster. Run
+`kubectl get nodes` to confirm.
+
+Run this application with:
+
+    cd out-of-cluster-client-configuration
+    go build -o app .
+    ./app
+
+Running this application will use the kubeconfig file and then authenticate to the
+cluster, and print the number of nodes in the cluster every 10 seconds:
+
+    $ ./app
+    There are 3 pods in the cluster
+    There are 3 pods in the cluster
+    There are 3 pods in the cluster
+    ...
+
+Press <kbd>Ctrl</kbd>+<kbd>C</kbd> to quit this application.
+
+> **Note:** You can use the `-kubeconfig` option to use a different config file. By default
+this program picks up the default file used by kubectl (when `KUBECONFIG`
+environment variable is not set).
diff --git a/examples/out-of-cluster-client-configuration/main.go b/examples/out-of-cluster-client-configuration/main.go
new file mode 100644
index 0000000..35eb080
--- /dev/null
+++ b/examples/out-of-cluster-client-configuration/main.go
@@ -0,0 +1,47 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Note: the example only works with the code within the same release/branch.
+package main
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"k8s.io/client/kubernetes/client"
+	"k8s.io/client/kubernetes/config"
+	// Uncomment the following line to load the gcp plugin (only required to authenticate against GKE clusters).
+	// _ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
+)
+
+func main() {
+	c, err := config.LoadKubeConfig()
+	if err != nil {
+		panic(err.Error())
+	}
+
+	// create the clientset
+	clientset := client.NewAPIClient(c)
+	for {
+		pods, _, err := clientset.CoreV1Api.ListPodForAllNamespaces(context.Background(), nil)
+		if err != nil {
+			panic(err.Error())
+		}
+		fmt.Printf("There are %d pods in the cluster\n", len(pods.Items))
+		time.Sleep(10 * time.Second)
+	}
+}