search

pulumi / pulumi-kubernetes

A Pulumi resource provider for Kubernetes to manage API resources and workloads in running clusters
https://www.pulumi.com/docs/reference/clouds/kubernetes/
Apache License 2.0
407 stars 117 forks source link

Unable to use KUBE_TOKEN to deploy kubernetes resources #2849

Open sangharshcs opened 8 months ago

sangharshcs commented 8 months ago

What happened?

Unlike terraform (export KUBE_TOKEN) or kubectl --token $KUBE_TOKEN get pods , I am not able to use KUBE_TOKEN environment variable with pulumi.

Example

E0227 00:20:49.008967     820 memcache.go:265] couldn't get current server API group list: Get "https://apiserver.corp.ethos501-stage-va6.ethos.adobe.net:443/api?timeout=32s": getting credentials: exec: executable kubelogin not found

It looks like you are trying to use a client-go credential plugin that is not installed.

To learn more about this feature, consult the documentation available at:
      https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
E0227 00:20:49.010894     820 memcache.go:265] couldn't get current server API group list: Get "https://apiserver.corp.ethos501-stage-va6.ethos.adobe.net:443/api?timeout=32s": getting credentials: exec: executable kubelogin not found

While I was able to successfully run kubectl with same kubeconfig

$ kubectl  --token $KUBE_TOKEN get pods
NAME                                                 READY   STATUS    RESTARTS   AGE
busybox-6f5bd4875-jvb5r   1/1     Running   0          164m

Output of pulumi about


error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://apiserver.corp.ethos501-stage-va6.ethos.adobe.net:443/openapi/v2?timeout=32s": getting credentials: exec: executable kubelogin not found

It looks like you are trying to use a client-go credential plugin that is not installed.

To learn more about this feature, consult the documentation available at:
      https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
error: update failed```

### Additional context

_No response_

### Contributing

Vote on this issue by adding a 👍 reaction. 
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
mjeffryes commented 8 months ago

Hi @sangharshcs; thanks for sharing this. I believe you're correct that we don't support reading the token from the KUBE_TOKEN environment variable today; we expect the token to be present in the kubeconfig (Eg. see https://www.pulumi.com/docs/clouds/kubernetes/guides/try-out-the-cluster/). As a workaround you should be able to copy the content of the KUBE-TOKEN into your kubeconfig file. (Eg as described in this SO post)

sangharshcs commented 8 months ago

Thanks @mjeffryes for acknowledging. Yeah I did executed workaround by running:

kubectl config set-credentials <name> --token $KUBE_TOKEN