Hi when running pulumi through gitlab ci i get a ``` kuberne Pulumi Community #getting-started

Hi, when running pulumi through gitlab ci, i get a...

hundreds-airport-37168

09/23/2021, 6:09 PM

Hi, when running pulumi through gitlab ci, i get a

Copy code

kubernetes:core/v1:Namespace testtest creating error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

However running it locally it works fine. I use a google service account both locally and on gitlab ci by exporting

GOOGLE_CREDENTIALS

env variable

billowy-army-68599

09/23/2021, 6:10 PM

are you setting a

provider

on your Kubernetes resources? if not, you'll need to set a

KUBECONFIG

to talk to your kubernetes cluster

hundreds-airport-37168

09/23/2021, 6:11 PM

yes, using

Copy code

import { clusterProvider } from '../../gcp/gke';

const tn = "testtest";
export const t = new k8s.core.v1.Namespace(tn, {
  metadata: {
      name: tn,
  }
}, {
  provider: clusterProvider,
});

hundreds-airport-37168

09/23/2021, 6:12 PM

and the clusterProvider is created by

Copy code

export const kubeconfig = pulumi
  .all([cluster.name, cluster.endpoint, cluster.masterAuth])
  .apply(([name, endpoint, masterAuth]) => {
    const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
  });

export const clusterProvider = new k8s.Provider(clusterName, {
    kubeconfig: kubeconfig,
});

hundreds-airport-37168

09/23/2021, 6:14 PM

I guess the diff between local and gitlab ci is that i have gcloud setup locally and in gitlab ci its just using the pulumi image as base

billowy-army-68599

09/23/2021, 6:25 PM

the kubeconfig will need to have a token etc, if that isn't valid (it may be your google creds arent valid for the cluster?) it'll error like it is

hundreds-airport-37168

09/23/2021, 6:35 PM

but its setting the token from the above code snippet? I just followed the gcp tutorial you guys provide

billowy-army-68599

09/23/2021, 6:42 PM

how are you setting in gitlab? does a

gcloud

command work correctly before your

pulumi up

hundreds-airport-37168

09/23/2021, 6:44 PM

i highly doubt it because its just using a plain pulumi image, but i can try

Copy code

image:
  name: pulumi/pulumi
  entrypoint:
    - '/usr/bin/env'
    - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

stages:
  - infrastructure-update

pulumi:
  stage: infrastructure-update
  variables:
    PULUMI_STACK: nickjn92/pulumi-fleet/lab
  script:
    - npm ci
    - pulumi stack select $PULUMI_STACK
    - pulumi up --yes
  only:
  - main

billowy-army-68599

09/23/2021, 6:45 PM

where are you setting

GOOGLE_CREDENTIALS

hundreds-airport-37168

09/23/2021, 6:46 PM

gitlab CI/CD variable

hundreds-airport-37168

09/23/2021, 6:46 PM

i verified that its there by just doing an echo before the pulumi cmd

billowy-army-68599

09/23/2021, 6:57 PM

it's been a long while since I've used gitlab I'm afraid, but essentially my best guess is that the kubeconfig isn't getting the right creds

hundreds-airport-37168

09/23/2021, 6:58 PM

Thanks for all the help, it was as you hinted a gcloud issue. Just doing

Copy code

script:
    - npm ci
    - echo $GOOGLE_CREDENTIALS > /tmp/creds.json
    - gcloud auth activate-service-account --key-file=/tmp/creds.json
    - pulumi stack select $PULUMI_STACK
    - pulumi up --yes

Got it to work 🙂 Thanks again 👍

32 Views

Open in Slack

Previous Next