kubeswitch icon indicating copy to clipboard operation
kubeswitch copied to clipboard

Published 20 hours ago verified publisher icon danielfoehrKn

GKE Store: Generate correct kubeconfig for k8s > 1.25.0

Open danielfoehrKn opened this issue 2 years ago • 0 comments

Today, when using the kubeconfig generated by kubeswitch with kubectl > 1.22, we get the following warning

WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke

Please see here for more information.

Currently, the user section of the kubeconfig is generated like so:

users:
- name: gke_dev-garden-gcp
  user:
    auth-provider:
      config:
        access-token: <token>
        cmd-args: config config-helper --format=json
        cmd-path: /usr/local/bin/gcloud
        expiry: "2022-05-17T09:39:22Z"
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp

in the future it should look like so

  • note the use of the new gke-gcloud-auth-plugin (must be installed on the client side!)
  • note the absent of the ID token
users:
- name: NEW-CONFIG
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: gke-gcloud-auth-plugin
      installHint: Install gke-gcloud-auth-plugin for use with kubectl by following
        https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
      provideClusterInfo: true

danielfoehrKn avatar May 17 '22 09:05 danielfoehrKn