How to connect to Google Kubernetes engine with Kubernetes Python client

10/19/2018

I'm using Kubernetes Python client to manage my local Kubernetes cluster:

from kubernetes import client, config


config = client.Configuration()
config.host = "http://local_master_node:8080"
client.Configuration.set_default(config)
print(client.CoreV1Api().v1.list_node())

Everything works fine until I need to connect to a project on Google Cloud Kubernetes Engine using the key file provided by customer owning the project from Google like:

{
    "type": "...",
    "project_id": "...",
    "private_key_id": "...",
    "private_key": "...",
    "client_email": "...",
    "client_id": "...",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/..."
}

I'm trying to load it (probably doing it in wrong way):

os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = os.path.abspath('credentials.json')
config.load_incluster_config()

But this code raises an exception kubernetes.config.config_exception.ConfigException: Service host/port is not set.

The questions are:

  1. How to provide Google credentials for Kubernetes Python client properly?
  2. If I am on the right track then where can I find the host/port for using with Google Cloud?

Some snippets will be appreciated.

-- Symon
authentication
google-cloud-platform
google-kubernetes-engine
kubernetes
python

1 Answer

10/23/2018

Finally, I myself found the solution.

First, you need to get Kubernetes configuration file. So, go to Google Cloud Platform Kubernetes Engine panel. Select cluster you want to connect and press the connect button. Select Run in Cloud Shell and after you have logged into the shell type suggested string like:

$ gcloud container clusters get-credentials ...

Then you can find in ~/.kube folder the configuration file. Save its content to a yaml-file which you should feed to kubernetes.config.load_kube_config function:

os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = os.path.abspath('credentials.json')
config.load_kube_config(os.path.abspath('config.yaml'))
-- Symon
Source: StackOverflow