Configuring continuous deployment on Google Compute Engine running Kubernetes
I am trying to set up continuous deployment from CircleCI to a Google Container Engine instance based on a tutorial on the CircleCI website.
However, I am now stumbling across how to set up authentication so that I can perform a rolling update:
KUBE_CMD=${KUBERNETES_ROOT:-~/kubernetes}/cluster/kubectl.sh
$KUBE_CMD rolling-update my-controller \
-f my-controller.yml --server="https://xxx.xxx.xxx.xxx"
Google seems to support OAuth and I can't find any documentation for setting up non-interactive authentication. Passing basic auth parameters kubectl
doesn't work.
Any advice on this or where can I look?
source to share
Apiserver running on your container cluster does not use Google OAuth; instead, it uses cluster authentication. If you run
$ gcloud alpha container clusters describe <cluster-name>
You will then get a username and password that can be used as basic basic HTTP credentials to access the apirusver of the cluster (you can also access the server using bearer token or TLS client certificates, but basic auth is the easiest way to get started work with).
To check, run
$ curl --insecure --user <username>:<password> https://<endpoint>
and you should see a successful response.
Now that you understand how the cluster apirusver authenticates clients, you need to configure kubectl on the CircleCI machine to provide correct authentication. The easiest way to do this is to use gcloud to create the "kubeconfig" file by running
$ gcloud alpha container get-credentials --cluster=<cluster-name>
which will generate the file locally. Then you can copy the file to the CircleCI field. kubectl looks for a file by ~/.kube/config
default (you can specify a different location using an environment variable or using a command line flag --kubeconfig
).
source to share