freezing-quill-32178
07/01/2022, 8:50 AMDiagnostics:
pulumi:pulumi:Stack (usermanagement-svc-deploy-usermanagement-svc-dev):
W0701 10:41:26.074241 57840 gcp.go:120] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
To learn more, consult <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>
I’m getting this warning because the GKE cluster kubeconfig is created and exported as output while back, it there a way to force Pulumi to regenerate it with the new GKE Auth plugin?
I’ve setup locally the new auth plugin and kubectl is working fine, USE_GKE_GCLOUD_AUTH_PLUGIN
is set as well but it is only for local kubectl/terminal usage.
Any idea what has to be done on Pulumi side in order not to break GKE connection to the cluster while updating/migrating to K8s v1.25?billowy-army-68599
07/01/2022, 3:47 PMfreezing-quill-32178
07/01/2022, 6:24 PM// Manufacture a GKE-style kubeconfig. Note that this is slightly "different"
// because of the way GKE requires gcloud to be in the picture for cluster
// authentication (rather than using the client cert/key directly).
export const kubeconfig = pulumi
.all([cluster.name, cluster.endpoint, cluster.masterAuth])
.apply(([name, endpoint, masterAuth]) => {
const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
return `apiVersion: v1
clusters:
- cluster:
certificate-authority-data: ${masterAuth.clusterCaCertificate}
server: https://${endpoint}
name: ${context}
contexts:
- context:
cluster: ${context}
user: ${context}
name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
user:
auth-provider:
config:
cmd-args: config config-helper --format=json
cmd-path: gcloud
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
`;
});
const k8sProvider = new k8s.Provider("propeller-api-services", {
kubeconfig: infraStack.getOutput("kubeconfig"),
});
billowy-army-68599
07/01/2022, 6:42 PMfreezing-quill-32178
07/01/2022, 6:43 PMOLD: auth-provider: gcp
user:
auth-provider:
config:
cmd-args: config config-helper --format=json
cmd-path: gcloud
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
NEW: gke-gcloud-auth-plugin
user:
exec:
apiVersion: <http://client.authentication.k8s.io/v1beta1|client.authentication.k8s.io/v1beta1>
args: null
command: gke-gcloud-auth-plugin
env: null
installHint: Install gke-gcloud-auth-plugin for use with kubectl by following
<https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>
interactiveMode: IfAvailable
provideClusterInfo: true
billowy-army-68599
07/01/2022, 6:44 PMfreezing-quill-32178
07/01/2022, 6:46 PMbillowy-army-68599
07/01/2022, 6:51 PM