sparse-intern-71089
07/01/2022, 8:50 AMbillowy-army-68599
billowy-army-68599
freezing-quill-32178
07/01/2022, 6:24 PM// Manufacture a GKE-style kubeconfig. Note that this is slightly "different"
// because of the way GKE requires gcloud to be in the picture for cluster
// authentication (rather than using the client cert/key directly).
export const kubeconfig = pulumi
.all([cluster.name, cluster.endpoint, cluster.masterAuth])
.apply(([name, endpoint, masterAuth]) => {
const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
return `apiVersion: v1
clusters:
- cluster:
certificate-authority-data: ${masterAuth.clusterCaCertificate}
server: https://${endpoint}
name: ${context}
contexts:
- context:
cluster: ${context}
user: ${context}
name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
user:
auth-provider:
config:
cmd-args: config config-helper --format=json
cmd-path: gcloud
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
`;
});
freezing-quill-32178
07/01/2022, 6:25 PMconst k8sProvider = new k8s.Provider("propeller-api-services", {
kubeconfig: infraStack.getOutput("kubeconfig"),
});
freezing-quill-32178
07/01/2022, 6:27 PMbillowy-army-68599
billowy-army-68599
freezing-quill-32178
07/01/2022, 6:43 PMOLD: auth-provider: gcp
user:
auth-provider:
config:
cmd-args: config config-helper --format=json
cmd-path: gcloud
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
NEW: gke-gcloud-auth-plugin
user:
exec:
apiVersion: <http://client.authentication.k8s.io/v1beta1|client.authentication.k8s.io/v1beta1>
args: null
command: gke-gcloud-auth-plugin
env: null
installHint: Install gke-gcloud-auth-plugin for use with kubectl by following
<https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>
interactiveMode: IfAvailable
provideClusterInfo: true
billowy-army-68599
freezing-quill-32178
07/01/2022, 6:46 PMbillowy-army-68599