kontena / k8s-client

Ruby Kubernetes API client
Apache License 2.0
76 stars 26 forks source link

GKE support #47

Closed matti closed 6 years ago

matti commented 6 years ago

GKE kubeconfig has calls to gcloud CLI. And token is somehow mangled inside a service account.

So either implement GKE support or have documentation on how to get the required token and steps.

nevalla commented 6 years ago

Kubeclient gem instructs people this way: https://github.com/abonas/kubeclient#googles-application-default-credentials. So based on that, something like this might work:

require 'googleauth'
def token
  scopes = ['https://www.googleapis.com/auth/cloud-platform']
  authorization = Google::Auth.get_application_default(scopes)
  authorization.apply({})
  authorization.access_token
end

client = K8s::Client.config(K8s::Config.load_file('~/.kube/config'),
  auth_token: token
)
matti commented 6 years ago

Thanks, I'll try

matti commented 6 years ago

So that solves the first part of this, but I have no idea how to gcloud container clusters get-credentials asdf to get the actual credentials to the cluster -- maybe with https://github.com/googleapis/google-cloud-ruby/tree/master/google-cloud-container but I already went with gcloud/kubectl & popen3.

^-- that might not make much sense - I think somebody should figure out the best workflow for k8s-client on GKE at somepoint. I'm too busy to do that now.

matti commented 6 years ago

and that gem provides no (?) way to export the credentials in a way that would work with k8s-client

jakolehm commented 6 years ago

Fixed in #52

matti commented 6 years ago

https://github.com/kontena/mortar/issues/71#issuecomment-434034921

@jakolehm reopen?

jakolehm commented 6 years ago

I think we need a new issue, https://github.com/kontena/mortar/issues/71#issuecomment-434034921 is not GKE specific.

matti commented 6 years ago

whatever, it still does not work in GKE