How to use this with GKE?

[rohitagarwal003]

I tried using it with a GKE cluster but couldn't set the context. Am I doing something wrong?

$ click
[none] [none] [none] > contexts
gke_project_zone_cluster
[none] [none] [none] > context gke_project_zone_cluster
[Warning] Couldn't find/load context gke_project_zone_cluster, now no current context.  Error: Failed to get config: Invalid context gke_project_zone_cluster.  Each user must have either a token, a username AND password, or a client-certificate AND a client-key.
[none] [none] [none] > exit

$ kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://A.B.C.D
  name: gke_project_zone_cluster
contexts:
- context:
    cluster: gke_project_zone_cluster
    user: gke_project_zone_cluster
  name: gke_project_zone_cluster
current-context: gke_project_zone_cluster
kind: Config
preferences: {}
users:
- name: gke_project_zone_cluster
  user:
    auth-provider:
      config:
        access-token: REDACTED
        expiry: 2018-03-26T17:06:20.285552769-07:00
      name: gcp

[huguesalary]

I am running into the same issue regarding my GKE clusters but it also refuses to load my minikube configuration:

[none] [none] [none] > contexts
gke_something_us-central1-b_autoscaling
gke_something_us-central1-b_production-b
gke_something_us-central1-c_staging
minikube
[none] [none] [none] > context gke_something_us-central1-b_production-b
[Warning] Couldn't find/load context gke_something_us-central1-b_production-b, now no current context.  Error: Failed to get config: Invalid context gke_something_us-central1-b_production-b.  Each user must have either a token, a username AND password, or a client-certificate AND a client-key.
[none] [none] [none] > context minikube
Private key data was invalid: ()
[Warning] Couldn't find/load context minikube, now no current context.  Error: Failed to get config: Can't read/convert cert or private key for minikube

[nicklan]

Thanks for the reports. I tested a bit with minikube, but haven't done so extensively. I'll see if I can reproduce this and get it fixed.

[guoshimin]

GKE kubeconfig uses the "gcp" auth plugin, which uses either the gcloud tool or application default credentials to get the auth token. Seems click doesn't support it.

[reneklacan]

same issue, kind of a dealbreaker :( ... but click looks really awesome

[ErebusBat]

Another GKE user here, would love to use click.

[ledor473]

As per https://github.com/databricks/click/issues/37#issuecomment-376968744, it's not only the gcp auth plugin that is not working, but the oidc one as well

[nicklan]

Thanks for all the input everyone. Auth is definitely one of the trickiest bits of all this to get right. I'll be looking into if/how we can support these methods in the near future.

[nicklan]

I have a branch with initial support here: https://github.com/nicklan/click/tree/gke-support-v1

If people want to test it out and leave feedback here that would be helpful, thanks

[jonbuffington]

@nicklan I can now connect to our GKE clusters using the gke-support-v1 branch. I tried several of the commands and did not run into any issues. Thanks, BTW.

[gytisgreitai]

With current master I can set the context, but nothing seems to work past that point:

Server Error: pods is forbidden: User "system:anonymous" cannot list pods in the namespace "dev": No policy matched. Unknown user "system:anonymous"

[reneklacan]

@nicklan Works great! No issues so far!

[mnannan]

I had this error with the current master branch

Hyper error: failed to lookup address information: nodename nor servname provided, or not known

Switching with gke-support-v1 solved my problem. Thanks a lot @nicklan!

[nicklan]

@gytisgreitai hrmm, that's odd. I believe I saw that when the token wasn't getting sent properly and so click doesn't authenticate. Would you mind opening a new issue where you include the relevant bits of your kube config file?