I would like to be able to access GKE (kubernetes) cluster in GCP from python kubernetes client. I cant authenticate and connect to my cluster and i dont find the reason. Here is what i tried so far.
JavaScript
x
27
27
1
from google.auth import compute_engine2
from google.cloud.container_v1 import ClusterManagerClient3
from kubernetes import client4
5
6
def test_gke(request):7
project_id = "myproject"8
zone = "myzone"9
cluster_id = "mycluster"10
11
credentials = compute_engine.Credentials()12
13
cluster_manager_client = ClusterManagerClient(credentials=credentials)14
cluster = cluster_manager_client.get_cluster(name=f'projects/{project_id}/locations/{zone}/clusters/{cluster_id}')15
16
configuration = client.Configuration()17
configuration.host = f"https://{cluster.endpoint}:443"18
configuration.verify_ssl = False19
configuration.api_key = {"authorization": "Bearer " + credentials.token}20
client.Configuration.set_default(configuration)21
22
v1 = client.CoreV1Api()23
print("Listing pods with their IPs:")24
pods = v1.list_pod_for_all_namespaces(watch=False)25
for i in pods.items:26
print("%st%st%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))27
Advertisement
Answer
I’d like to get the configuration working I have it work where, the code is running off cluster and it produces the kubectl config file for itself. (see update at end)
Original
The first solution assumes (!) you’ve the cluster configured in your local (~/.kube/config and probably adjusted by KUBE_CONFIG) config.
JavaScript
1
10
10
1
from google.cloud.container_v1 import ClusterManagerClient2
from kubernetes import client,config3
4
config.load_kube_config()5
api_instance = client.CoreV1Api()6
7
resp = api_instance.list_pod_for_all_namespaces()8
for i in resp.items:9
print(f"{i.status.pod_ip}t{i.metadata.namespace}t{i.metadata.name}")10
NOTE
- Assumes you’ve run
gcloud containers clusters get-credentialsto set the~/.kube/configfile for the current cluster (and has acurrent-contextset.- Uses your user credentials in the
~/.kube/configfile so no additional credentials are needed.
Update
Okay, I have it working. Here’s the code that will generate a kubectl config and connect to the cluster. This code uses Application Default Credentials to provide a Service Account key to the code (usually export GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json)
JavaScript
1
68
68
1
import os2
import google.auth3
import base644
5
from google.cloud.container_v1 import ClusterManagerClient6
from kubernetes import client,config7
from ruamel import yaml8
9
PROJECT = os.getenv("PROJECT")10
ZONE = os.getenv("ZONE")11
CLUSTER = os.getenv("CLUSTER")12
13
# Get Application Default Credentials14
# `project_id` is the Service Account's15
# This may differ to the cluster's `PROJECT`16
credentials, project_id = google.auth.default()17
18
# Get the cluster config from GCP19
cluster_manager_client = ClusterManagerClient(credentials=credentials)20
21
name=f"projects/{PROJECT}/locations/{ZONE}/clusters/{CLUSTER}"22
cluster = cluster_manager_client.get_cluster(name=name)23
24
SERVER = cluster.endpoint25
CERT = cluster.master_auth.cluster_ca_certificate26
27
configuration = client.Configuration()28
29
# Create's a `kubectl` config30
NAME="freddie" # arbitrary31
CONFIG=f"""32
apiVersion: v133
kind: Config34
clusters:35
- name: {NAME}36
cluster:37
certificate-authority-data: {CERT}38
server: https://{SERVER}39
contexts:40
- name: {NAME}41
context:42
cluster: {NAME}43
user: {NAME}44
current-context: {NAME}45
users:46
- name: {NAME}47
user:48
auth-provider:49
name: gcp50
config:51
scopes: https://www.googleapis.com/auth/cloud-platform52
"""53
54
# The Python SDK doesn't directly support providing a dict55
# See: https://github.com/kubernetes-client/python/issues/87056
kubeconfig = yaml.safe_load(CONFIG)57
58
loader = config.kube_config.KubeConfigLoader(kubeconfig)59
loader.load_and_set(configuration)60
61
api_client= client.ApiClient(configuration)62
api_instance = client.CoreV1Api(api_client)63
64
# Enumerate e.g. Pods65
resp = api_instance.list_pod_for_all_namespaces()66
for i in resp.items:67
print(f"{i.status.pod_ip}t{i.metadata.namespace}t{i.metadata.name}")68