Hi Brett, If your'e using "gcloud auth activate-service-account" I am assuming you have a JSON key file. So in your Docker image, if you have gcloud and use "activate-service-account" the JSON file contains information about what account it belongs to. This does not require opening a browser (it's a headless operation).
After that, you should be able to run "get-credentials" and use kubectl right away. As for multiple clusters, every time you run "get-credentials", your default Kubernetes context is set to the latest cluster you specified. Alternatively you can use "kubectl config get-contexts/use-context" to switch between clusters as well. Does this answer your question? On Thu, Mar 2, 2017 at 12:04 PM, bg <[email protected]> wrote: > I have a docker image that installs kubectl and scripts that will run > various kubectl commands. > > When I run it locally, everything works great. But when I deploy it on > another machine I get authentication errors. > > I'd like to better understand how I have have a service like this > authenticate with GCP (but ideally it could authenticate with a Kubernetes > cluster regardless of what platform it is running on). > > I have the cluster ca cert, username, and password. > > Locally, the code works because I ran this command: > > gcloud container clusters get-credentials <cluster-name> --zone > <cluster-zone> --project <project-id> > > And before that, I did this: > > gcloud auth login > gcloud auth activate-service-account > > So, my next thought is perhaps I need to install gcloud on this same > Docker image. However, I don't know what google account to authenticate > with, or how (requires opening browser and logging in). > > Lastly, I'd like this service to be able to authenticate with multiple > clusters (so different projects and zones). I have all the metadata for > each cluster, I just don't understand how to authenticate kubectl with each > cluster. > > Thanks for any help! > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
