Thanks, Ahmet. That was the answer! Simply calling auth-activate-service account pointing to a service account.json file added the necessary context to to the ~/.kube/config.
Our service then uses kubectl set-context <context> to switch between the various clusters seamlessly. Thanks! On Thursday, March 2, 2017 at 6:20:42 PM UTC-5, Ahmet Alp Balkan wrote: > Hi Brett, > > > If your'e using "gcloud auth activate-service-account" I am assuming you have > a JSON key file. So in your Docker image, if you have gcloud and use > "activate-service-account" the JSON file contains information about what > account it belongs to. This does not require opening a browser (it's a > headless operation). > > > After that, you should be able to run "get-credentials" and use kubectl right > away. > > > > As for multiple clusters, every time you run "get-credentials", your default > Kubernetes context is set to the latest cluster you specified. Alternatively > you can use "kubectl config get-contexts/use-context" to switch between > clusters as well. > > > Does this answer your question? > > > On Thu, Mar 2, 2017 at 12:04 PM, bg <[email protected]> wrote: > I have a docker image that installs kubectl and scripts that will run various > kubectl commands. > > > > When I run it locally, everything works great. But when I deploy it on > another machine I get authentication errors. > > > > I'd like to better understand how I have have a service like this > authenticate with GCP (but ideally it could authenticate with a Kubernetes > cluster regardless of what platform it is running on). > > > > I have the cluster ca cert, username, and password. > > > > Locally, the code works because I ran this command: > > > > gcloud container clusters get-credentials <cluster-name> --zone > <cluster-zone> --project <project-id> > > > > And before that, I did this: > > > > gcloud auth login > > gcloud auth activate-service-account > > > > So, my next thought is perhaps I need to install gcloud on this same Docker > image. However, I don't know what google account to authenticate with, or how > (requires opening browser and logging in). > > > > Lastly, I'd like this service to be able to authenticate with multiple > clusters (so different projects and zones). I have all the metadata for each > cluster, I just don't understand how to authenticate kubectl with each > cluster. > > > > Thanks for any help! > > > > -- > > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at https://groups.google.com/group/kubernetes-users. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
