GKE authentication #65
Comments
|
I knocked together a quick fix for this -- WDYT about this approach? It leaves auth to the gcloud tool, which I think is probably fine. |
|
More specifically, the auth/re-auth is handled by the command |
|
I am in favor of your approach in the PR. I commented there too. I am going to leave this open to track the feature of implementing the authentication ourself (at some point), but your change at least enables pykube to use |
|
So I just ran into this problem with a 1.3.x GKE cluster where my .kube/config only had the gcp auth-provider info. I got it working by creating a ServiceAccount and then using the Token that was created in the Secret associated with the ServiceAccount in the .kube/config for my deployment tool that uses PyKube. Works like a champ. |
|
Having the auth-provider token in kubeconfig is not enough because it expires and pykube doesn't refresh it, as opposite as kubectl that does it. I've created this #76 to address the issue |
pykube is not capable of authenticating against GKE clusters. Recent clusters on GKE use Google OAuth to authenticate. The user configuration in
~/.kube/configlooks like:Once
kubectlruns with that configuration it adds in theconfigkey with anaccess-tokenandexpiry.In my initial research, I learned that oauth2client uses httplib which is a non-starter for integrating it with pykube. However, there's hope with googleapis/oauth2client#128
The text was updated successfully, but these errors were encountered: