https://pulumi.com logo
#general
Title
# general
a

agreeable-computer-1409

02/14/2023, 6:27 PM
Hi, I have a question about the intended workflow for Pulumi with GKE clusters - because of the auth deprecation in 1.26, I'm now getting these errors on
pulumi up/preview
in a CI environment which was using the old auth mechanism.
Copy code
error: failed to initialize discovery client: The gcp auth plugin has been removed.
    Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
    See <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke> for further details
The fix for this seems to be to add a
gcloud container clusters get-credentials CLUSTER_NAME
step before running
pulumi up
. Up until now we'd been allowing Pulumi to generate a random suffix on all Kubernetes resources including the cluster name (and CI didn't need to know what the cluster name is), but it seems like now we will need to explicitly reference a cluster name in CI to authenticate. This seems fine once a cluster has already been created, but for newly created clusters it seems like we'd need to bring the cluster up once manually, get the name that Pulumi generates, and then update CI to reference the correct cluster name. Does that sound like the intended workflow, or is there another way to manage authentication for clusters with randomly generated names?
d

dry-keyboard-94795

02/14/2023, 7:09 PM
It's worth generating the kubeconfig as part of your stack. here's an example in typescript, showing the kubeconfig being passed to the k8s provider.
7 Views