getting credentials: exec: executable gke-gcloud-auth-plugin not found - How to pass gcloud creds?

[jayabalan1992]

`$ docker run -it --rm -v "${HOME}/.kube/config:/.kubeconfig" kubent:1.0 -k /.kubeconfig

6:07PM INF >>>Kube No Trouble kubent <<< 6:07PM INF version dev (git sha dev) 6:07PM INF Initializing collectors and retrieving data 6:07PM INF Retrieved 0 resources from collector name=Cluster 6:07PM ERR Failed to retrieve data from collector error="list: failed to list: Get \"https:///api/v1/secrets?labelSelector=owner%3Dhelm\": getting credentials: exec: executable gke-gcloud-auth-plugin not found" name="Helm v3" 6:07PM INF Loaded ruleset name=custom.rego.tmpl 6:07PM INF Loaded ruleset name=deprecated-1-16.rego 6:07PM INF Loaded ruleset name=deprecated-1-22.rego 6:07PM INF Loaded ruleset name=deprecated-1-25.rego 6:07PM INF Loaded ruleset name=deprecated-1-26.rego

6:07PM INF Loaded ruleset name=deprecated-future.rego`

Note: kubent:1.0 is the image I locally built from the Dockerfile given in this repo with platform=linux/arm64

I tried to mount the gcloud local directory ( -v "${HOME}/.config/gcloud:/root/.config/gcloud") as volume into the container but that didn't help. How can I pass gcloud auth creds inside the container?

[stepanstipl]

Thanks for raising this - this is an issue due to K8S moving auth plugins out of tree^1. We will probably want to add the gke-gcloud-auth-plugin to the image, but AFAIK gke-gcloud-auth-plugin is only distributed as part of the Python Google Cloud SDK, which has a lot of dependencies and would be a bit of PITA to add to our otherwise clean and tiny image.

One option seems to be to put back the gcp auth library (see ^2), and generate credentials with USE_GKE_GCLOUD_AUTH_PLUGIN=False.

Seems to me that none of these options are good. On one side we will have to include whole Python + Cloud SDK stack -> big image, with tons of stuff we don't need, or we would require users to regenerate their config with the above variable.

Atm. I don't see an easy way out.

[stepanstipl]

Oh - looks like a good soul has rewritten the auth plugin in Go ^1. Fix for this would then be easy - add this binary to the container. I haven't tested it, so I guess it depends on if it really is a drop-in replacement for the official plugin.

[github-actions[bot]]

This issue has not seen any activity in last 60 days, and has been marked as stale.

[github-actions[bot]]

This issue was closed because it has been stalled for 90 days with no activity.

[krisztiansala]

This should not be closed, I ran into the same error and it makes this tool unusable with GKE