I'm trying to connect to my gke cluster using kubernetes-incubator/client-python library. I'm running just the basic query:
from kubernetes import client, config
# Configs can be set in Configuration class directly or using helper utility
config.load_kube_config()
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))And I'm getting an error:
--------------------------------------------------------------------------
RefreshError Traceback (most recent call last)
<ipython-input-1-40695f414daf> in <module>()
2
3 # Configs can be set in Configuration class directly or using helper utility
----> 4 config.load_kube_config()
5
6 v1 = client.CoreV1Api()
/usr/local/lib/python2.7/distpackages/kubernetes/config/kube_config.pyc in
load_kube_config(config_file, context, client_configuration,
persist_config)
359 config_file, active_context=context,
360 client_configuration=client_configuration,
--> 361 config_persister=config_persister).load_and_set()
362
363
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in load_and_set(self)
251
252 def load_and_set(self):
--> 253 self._load_authentication()
254 self._load_cluster_info()
255 self._set_config()
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in
_load_authentication(self)
174 if not self._user:
175 return
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _load_gcp_token(self)
194 _is_expired(provider['config']['expiry']))):
195 # token is not available or expired, refresh it
--> 196 self._refresh_gcp_token()
197
198 self.token = "Bearer %s" % provider['config']['access-token']
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _refresh_gcp_token(self)
203 self._user['auth-provider'].value['config'] = {}
204 provider = self._user['auth-provider']['config']
--> 205 credentials = self._get_google_credentials()
206 provider.value['access-token'] = credentials.token
207 provider.value['expiry'] = format_rfc3339(credentials.expiry)
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _refresh_credentials()
133 credentials, project_id = google.auth.default()
134 request = google.auth.transport.requests.Request()
--> 135 credentials.refresh(request)
136 return credentials
137
/usr/local/lib/python2.7/dist-packages/google/oauth2/service_account.pyc in refresh(self, request)
320 assertion = self._make_authorization_grant_assertion()
321 access_token, expiry, _ = _client.jwt_grant(
--> 322 request, self._token_uri, assertion)
323 self.token = access_token
324 self.expiry = expiry
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in jwt_grant(request, token_uri, assertion)
141 }
142
--> 143 response_data = _token_endpoint_request(request, token_uri, body)
144
145 try:
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in _token_endpoint_request(request, token_uri, body)
107
108 if response.status != http_client.OK:
--> 109 _handle_error_response(response_body)
110
111 response_data = json.loads(response_body)
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in _handle_error_response(response_body)
57
58 raise exceptions.RefreshError(
---> 59 error_details, response_body)
60
61
RefreshError: ('invalid_scope: Empty or missing scope not allowed.', u'{\n "error" : "invalid_scope",\n "error_description" : "Empty or missing scope not allowed."\n}')I thought there was an issue with my kube.config file. So I removed it and created the cluster again in order to recreate a new kube.config file. The issue remained. Can you help me on this please?
This is an issue with your Google Cloud Platform credentials. They're not being found and you're not able to interact with the service. Here's some instructions on how to set those up. Either point the GOOGLE_APPLICATION_CREDENTIALS environment variable to your credentials file or authenticate through the SDK.