Open vfarcic opened 3 years ago
jbw976
commented
3 years ago Breadcrumbs to https://github.com/crossplane/provider-gcp/issues/101 and https://github.com/crossplane-contrib/provider-helm/issues/72 which appear to be related to this. This issue is rapidly becoming more important because the minimum supported version of GKE will surpass 1.18 (the last version allowing basic auth) soon.
rchrd
commented
3 years ago Any updates on this issue?
I'd like to create a PaaS offering (as shown in the videos by @jbw976 and @vfarcic) by deploying ArgoCD to the newly created cluster but that's not possible because of this kubeconfig issue.
negz
commented
3 years ago Breadcrumbs to https://github.com/crossplane/crossplane-runtime/issues/281, which is where we're currently looking into this.
negz
commented
3 years ago Unfortunately I don't think there's really a fix we can add to the GKECluster managed resource (or this provider in general) to work around this. Google's preferred auth method is to use OAuth to authenticate to GKE clusters, which requires client-side updates (e.g. in provider-helm and friends).
Creating kubeconfig from the
GKEClusterdoes not work withoutmasterAuthset. It creates kubeconfig without a user. However, whenmasterAuthis defined, creation of a GKE cluster fails with newer versions of Kubernetes since the basic authentication is removed in GKE cluster versions >= 1.19. The process of generating kubeconfig should be solved in a different way.What happened?
Created a GKE cluster with
spec.forProvider.masterAuth.username. The output ofkubectl describeis as follows.How can we reproduce it?
Create a GKECluster resource with
spec.forProvider.masterAuth.usernameandspec.forProvider.initialClusterVersionset tolatestor any k8s version equal to or higher then 1.19.What environment did it happen in?
Crossplane version:
Kubernetes version: latest available in GKECluster.