kubeswitch
kubeswitch copied to clipboard
GKE Store: Generate correct kubeconfig for k8s > 1.25.0
Today, when using the kubeconfig generated by kubeswitch with kubectl > 1.22, we get the following warning
WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
Please see here for more information.
Currently, the user section of the kubeconfig is generated like so:
users:
- name: gke_dev-garden-gcp
user:
auth-provider:
config:
access-token: <token>
cmd-args: config config-helper --format=json
cmd-path: /usr/local/bin/gcloud
expiry: "2022-05-17T09:39:22Z"
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
in the future it should look like so
- note the use of the new
gke-gcloud-auth-plugin
(must be installed on the client side!) - note the absent of the ID token
users:
- name: NEW-CONFIG
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
command: gke-gcloud-auth-plugin
installHint: Install gke-gcloud-auth-plugin for use with kubectl by following
https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
provideClusterInfo: true