search

godaddy / kubernetes-client

Simplified Kubernetes API client for Node.js.
MIT License
960 stars 192 forks source link

Do you support Google GKE style authentication? #722

Closed eujungkim closed 3 years ago

eujungkim commented 3 years ago

Google GEK disabled authentication with a client certificate. https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication#disabling_authentication_with_a_client_certificate

Do you support Google GKE style authentication like below? I fail to find the example for this case with kubeconfig.yaml & gsa-key.json. https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication#environments-without-gcloud

apiVersion: v1
kind: Config
clusters:
- name: CLUSTER_NAME
  cluster:
    server: https://endpoint
    certificate-authority-data: masterAuth.clusterCaCertificate
users:
- name: ci-cd-pipeline-gsa
  user:
    auth-provider:
      name: gcp
contexts:
- context:
    cluster: CLUSTER_NAME
    user: ci-cd-pipeline-gsa
  name: CLUSTER_NAME-ci-cd
current-context: CLUSTER_NAME-ci-cd

For reference, upper config need GOOGLE_APPLICATION_CREDENTAILS envirionment.

export KUBECONFIG=path/to/kubeconfig.yaml
export GOOGLE_APPLICATION_CREDENTIALS=path/to/gsa-key.json
eujungkim commented 3 years ago

I solved the problem by using "Service in other environments" like below. https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication#service_in_other_environments