Closed matti closed 6 years ago
Kubeclient gem instructs people this way: https://github.com/abonas/kubeclient#googles-application-default-credentials. So based on that, something like this might work:
require 'googleauth'
def token
scopes = ['https://www.googleapis.com/auth/cloud-platform']
authorization = Google::Auth.get_application_default(scopes)
authorization.apply({})
authorization.access_token
end
client = K8s::Client.config(K8s::Config.load_file('~/.kube/config'),
auth_token: token
)
Thanks, I'll try
So that solves the first part of this, but I have no idea how to gcloud container clusters get-credentials asdf
to get the actual credentials to the cluster -- maybe with https://github.com/googleapis/google-cloud-ruby/tree/master/google-cloud-container but I already went with gcloud/kubectl & popen3.
^-- that might not make much sense - I think somebody should figure out the best workflow for k8s-client
on GKE at somepoint. I'm too busy to do that now.
and that gem provides no (?) way to export the credentials in a way that would work with k8s-client
Fixed in #52
https://github.com/kontena/mortar/issues/71#issuecomment-434034921
@jakolehm reopen?
I think we need a new issue, https://github.com/kontena/mortar/issues/71#issuecomment-434034921 is not GKE specific.
whatever, it still does not work in GKE
GKE kubeconfig has calls to gcloud CLI. And token is somehow mangled inside a service account.
So either implement GKE support or have documentation on how to get the required token and steps.