Closed tombh closed 4 years ago
Do you know what kind of authentication your k8s cluster uses? It's possible it's something click doesn't support yet.
If you could post your ~/.kube/config
(with anything private redacted of course) that would be helpful.
This is the basic idea:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
server: https://xxx.k8s.ondigitalocean.com
name: do-sfo2-xxx
- cluster:
...
contexts:
- context:
cluster: do-sfo2-xxx
user: do-sfo2-xxx-admin
name: do-sfo2-xxx
...
current-context: do-sfo2-xxx
kind: Config
preferences: {}
users:
- name: ci_user
user:
token: |-
Name: ci-token-2nmqd
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: ci
kubernetes.io/service-account.uid: xxxx
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1156 bytes
namespace: 7 bytes
token: xxxxx
- name: do-sfo2-xxx-admin
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- kubernetes
- cluster
- kubeconfig
- exec-credential
- --version=v1beta1
- --context=default
- xxxxx
command: doctl
env: null
...
I don't think the ci_user
is really relevant though. There are a lot more clusters, contexts and users, but I've just skipped them for clarity.
Ahh, yes, currently unfortunately click only supports exec
style authentication for gke (i.e. run another command to generate my auth token). Supporting other ones in a more generic way is high on my list, so hopefully this will be fixed soon!
this turns out to not be too hard. i have this working on EKS, but digital ocean is a pain to set up an account on, so I can't test it. If possible could you send me the output when you run:
doctl kubernetes cluster kubeconfig exec-credential --version=v1beta1 --context=default xxxxx
(with the xxx replaced of course :))
Should be something like:
{
"kind": "ExecCredential",
"apiVersion": "client.authentication.k8s.io/v1alpha1",
"spec": {},
"status": {
"expirationTimestamp": "2020-01-30T21:32:34Z",
"token": "[snip]"
}
}
but i want to be sure. thanks!
Support for this was merged in #129. It would be great if you could test master and make sure it works for you (i tested it as much as I could, but it's always good to get someone else to confirm)
It works! Thank you so much :D
Just trying out this for the first time.
kubectl
works fine on all my contexts. The full warning is:Context xxxxxxx has no client certificate and key, nor does it specify any auth method (user/pass, token, auth-provider). You will likely not be able to authenticate to this cluster. Please check your kube config.
I don't know what to do?