https://pulumi.com logo
#google-cloud
Title
# google-cloud
p

proud-pizza-80589

12/23/2020, 3:19 PM
For some weird reason i cannot get gcp authentication to work in a multi project using stack references on github actions.
Copy code
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://35.189.230.20/openapi/v2?timeout=32s>": error executing access token command "gcloud config config-helper --format=json": err=exit status 1 output= stderr=WARNING: Could not open the configuration file: [/home/runner/.config/gcloud/configurations/config_default].
ERROR: (gcloud.config.config-helper) You do not currently have an active account selected.
Please run:

  $ gcloud auth login

to obtain new credentials.

If you have already logged in with a different account:

    $ gcloud config set account ACCOUNT

to select an already authenticated account to use.
The GOOGLE_CREDENTIALS secret is loaded in the envs. It used to work in a different repo, only difference is that this “project” does not include the gcp library since we get the kubeconfig from a different project/stack. (trying that now but i have to convince typescript to allow unused imports)
Locally it works but there i’m logged in manually
d

dry-engine-17210

12/23/2020, 5:16 PM
Ok, I have some idea what this might be.
Your kube credentials file has a reference to a helper call-out for the credential rather than the credential itself. The helper is in fact gcloud.
Unfortunately I don’t have an example snippet to show you, but I think if you poke around inside the kube credential file you’ll see what I mean.
p

proud-pizza-80589

12/23/2020, 5:33 PM
I think i just figured it out, i’m not running the docker action but the action to just install pulumi and run the commands from there.
I just found this piece that that the other action does extra: https://github.com/pulumi/actions/blob/master/entrypoint.sh#L80-L90
would have saved me a day of waiting on GHA if i would have just checked it out fromt the start
d

dry-engine-17210

12/23/2020, 6:16 PM
👍
c

clever-byte-21551

12/23/2020, 9:15 PM
I’m actually generating the kubeconfig differently I’m issuing an OAuth token to google and use it in my kubeconfig instead of using the gcloud helper command
2 Views