https://pulumi.com logo
Title
i

incalculable-potato-82285

02/21/2023, 3:25 PM
Hi, we´re currently running into the following error when trying a pulumi up with github actions:
Diagnostics:
    kubernetes:core/v1:ConfigMap (log4j):
      error: failed to initialize discovery client: The gcp auth plugin has been removed.
      Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
      See <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke> for further details
We already tried, adding:
env:
          USE_GKE_GCLOUD_AUTH_PLUGIN: true
with
run: gcloud container clusters get-credentials <CLUSTER_NAME>
and:
name: 'Set up Cloud SDK'
        uses: 'google-github-actions/setup-gcloud@v0'
        with:
          install_components: 'gke-gcloud-auth-plugin'
We also tried using different version of "setup-gcloud". Does anybody has an idea what we could try next?
b

billowy-army-68599

02/21/2023, 4:02 PM
Are you installing components into the cluster with Pulumi?
d

dry-keyboard-94795

02/21/2023, 4:24 PM
it'd be
USE_GKE_GCLOUD_AUTH_PLUGIN: 'false'
(for old auth) Intereting that
install_components
didn't work (this is what we're doing). Maybe it's the version. The current is
v1.1.0
- uses: 'google-github-actions/setup-gcloud@v1.1.0'
      name: Setup gcloud SDK
      with:
        install_components: 'gke-gcloud-auth-plugin'
b

billowy-army-68599

02/21/2023, 4:25 PM
sorry no, are using the kubernetes provider with pulumi?
d

dry-keyboard-94795

02/21/2023, 4:25 PM
Yes
Went through the process of getting gke auth working already when GH Runners updated gcloud a couple of months ago
b

billowy-army-68599

02/21/2023, 4:32 PM
how do you build your gke provider?
d

dry-keyboard-94795

02/21/2023, 4:32 PM
2 stacks, one uses a generated kubeconfig with the new gke-auth-plugin explicitly based off the cluster being made. The other uses get-credentials, with gke-auth-plugin being implicit.
b

billowy-army-68599

02/21/2023, 4:36 PM
okay, have you run a successful update since you made those chances? The issue here is that the provider itself is stored in state., This error:
Diagnostics:
    kubernetes:core/v1:ConfigMap (log4j):
      error: failed to initialize discovery client: The gcp auth plugin has been removed.
      Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
      See <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke> for further details
is being returned by the Kubernetes API when you try use the cluster. Setting env vars isn’t going to work around that.
it’s difficult to prescribe a fix here because i don’t have code to look at, but essentially you’ll need to make sure your provider instantiation is correct and is using the correct plugin
i

incalculable-potato-82285

02/21/2023, 4:39 PM
Yes, we‘re installing components. So the fix would be to update the kubernetes provider with correct plugin?
b

billowy-army-68599

02/21/2023, 4:48 PM
yes, when i saw provider, i mean the provider code.
i

incalculable-potato-82285

02/21/2023, 4:56 PM
Okay I‘ll check the code and will provide more information tomorrow
So basically we`re generating the kubernetes provider like this:
export function GetK8sProvider(): k8s.Provider {

	const k8sStackName= config.require("k8s-stack");

	const k8sStack = new pulumi.StackReference(k8sStackName);
	const kubeconfig = k8sStack.getOutput("kubeconfig");

	const k8sProvider = new k8s.Provider("provider", {
		kubeconfig: kubeconfig,
	});

	return k8sProvider;
}
Interessting thing is, if we do a "pulumi up" on the local machine, everything works fine - just in GitHub Action we run into the above Error
https://github.com/pulumi/examples/blob/d11f2289a3418ad905ee43fa5dfc0104267ac1c9/gcp-ts-gke/cluster.ts#L75 i think i found the solution here - we`re not passing the command: gke-gcloud-auth-plugin to the kubeconfig
@billowy-army-68599 Thanks a lot again! You´re Hint helped a lot and we got the action running again!