How can I renew the kube config file expiry date?
Question
Today I faced an issue while running my jenkins job. I got this error:
Unable to connect to the server: error executing access token command
"/snap/google-cloud-sdk/234/bin/gcloud config config-helper --format=json": err=fork/exec /snap/google-cloud-sdk/234/bin/gcloud:
no such file or directory output= stderr=
After when I try to run below command the issue got resolved and jenkins job will complete successfully.
gcloud container clusters get-credentials cluster_name --region=region_name
Before run this command in my kube config file expiry date was 2022-04-25 and after running above command expiry date get changed to today (2022-05-02) only. Here my doubt if I run my jenkins job on tomorrow (2022-05-03) my job will fail with same error right because of expiry date up to tomorrow only?
So How can I fix this kube config file expiry date issue permanently not on daily run command?
kube config file:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQU0rNTRkdVFYeno4NmUxQ3h1Z1YvVW93RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa1ltTTFNVGRoT0RNdE1qTmtZUzAwWXpWakxXRXpPV1F0TlRreU9XUTBOekUyTVdJMwpNQ0FYRFRJeU1ETXdPREV3TURJMU0xb1lEekl3TlRJd01qSTVNVEV3TWpVeldqQXZNUzB3S3dZRFZRUURFeVJpCll6VXhOMkU0TXkweU0yUmhMVFJqTldNdFlUTTVaQzAxT1RJNVpEUTNNVFl4WWpjd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FDTFlCMFVQUkdpM05JR1N6djdGVmpTQ1hwNTBKUXRiakxjQWdJdQpQenlBekNNUDdraEg3UC91QU5XcXlxb1ZGeVc3UmhlajlKN0xVUnBFc0EwT1ZDUXkyeVdLd090TExSSFFWQmpCCnIzanczVHBiWWNCb083MExpUzJYcy9qTkxWQ3V2NWRPam1KTUxOeXVmZk1QZ0ZIZmRIRzZNa25qQVphV0FvZTcKeGc5QjU0VXNwZ2kremYrMFpqVjhUNnozZlNZTUpObko5UE0xZmdSeDBTYWJNV3hGT0doTEJ5cUVBdm1maVR4aAphcUkyYVEzZ3BiN2lDTzU1TlA3STZ0RFp5Z2JRRm9FNThtdllDMTBNb0c3MXJVcVg0dWVkVnlwTmNnb1lKRnNICmhaTTF0SUJSYmphU3pzK3czTzhHb01aT0Z0TTk5eDUvanJwS21kNG12YkVvZGZhVnBMd1U1SjBsQjBuM0VXNzYKV2I0QWRHQTBIcHF3T000WjdaQ0ZJUHRzczNaM3piSS9zbTl3TFhYb3JvUXJndGdhOWdRTmErTCtEQmRKUUJkQwpSdnROdHdSM0ZLRk5kaEwrRHNIUkMzQmJ4bGdTYTVMU2ZrbHhYMzNYT1BDREpiS05EZmJJMEN3OGtVVk8rQ0RBCmxYbndhV0liTjc3endrRncvMUtHSGExSE4wc0NBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRlRCOUx6c1E0M0ZHZE9uTW91QWM3cXdyY1IxTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQXlVNkxiVVM2eFdYSEs4Q1pONUJvdXd2dm5yOWR2VlVpek9xV1llNENJCm9LMXVHR2c5eG1rQm9CTU1JcndpWko4VXN5NnFvSHdIMCt3WDhIeDhCRUYvKzg4a3BiK2YwQkdlekhGWDIvZUEKaVJabEdSdmFBN01aNkpLVjMraGhtZVI0dVY5Z3FzWUsvb2JQdGRkaVRyUWo0QUdUQTNGVDcwby9XVHJiY0k2Qgp1aWo3bnZUWmRTYjhNa2VORzZxWWY4OWZGNHJwRVZ3MGk5RkFENU5WcnpsZGlKRTZ2MmFKMldoVUlMQ1FPOWtzCkFFTFFWVi9IZU1TS28xVmZ4UUN2QmtTYUg4aW1UZlBXbTVsQUM4VnplbEw3SW1pbEpKVHQ4ZTRWZ1pxV0ljZ2kKakF1bDdTeGh0MVE2T3VqUlpMNTFkaFFqOUk5bE1OV3hCVFhTcnc0d1VSNXlUTFZFMGNGVjZWT1d0T0NOa2JKTAoySDczb1RmL2R0c2E3N0JrcVFoQkFrU0NtQlY4dEpNYm96YnM3TGFjVDZPeFNVRCtkZTB2cjc4L2hhUmx2S1MwClJ4K3JVcDgvREZ2UzRmbU5reXBHWVJZbFNHT2ozczl2OXY5UGx0N3ZLTW1tdWx1d0JObTJTKytTdlpwVUVwQlAKeVd0dzdodis2M1FUQ1VMZlRjdXYrdDg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://104.198.97.158
name: gke_oenofile_us-west1-a_oenofile-dev-cluster
contexts:
- context:
cluster: gke_oenofile_us-west1-a_oenofile-dev-cluster
user: gke_oenofile_us-west1-a_oenofile-dev-cluster
name: gke_oenofile_us-west1-a_oenofile-dev-cluster
current-context: gke_oenofile_us-west1-a_oenofile-dev-cluster
kind: Config
preferences: {}
users:
- name: gke_oenofile_us-west1-a_oenofile-dev-cluster
user:
auth-provider:
config:
access-token: ya29.c.b0AXv0zTMYzxRz5DGICZ0wdd1VKT_0qkZFOZ2j69BIEMNNu3p6XDSIyH3T-eO6lJM5JBsB3vmyQ4YeVxTl8_ky3vgRupyJvaFMQRsnu8uf1LiAzC1kuYCsVAwWJNk6Y4RcQOMCue1utIEOjON_z8fO-XxQZiGrzYVIlZUBMzMrOwQn-Aq5XwpcBgqn_iciDL7-Y7IKkZ4F3Q.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
cmd-args: config config-helper --format=json
cmd-path: /snap/google-cloud-sdk/237/bin/gcloud
expiry: "2022-05-02T11:54:40Z"
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
1 answers
solution1
1 2022-05-02 16:25:17
The error appears to be clear: /snap/google-cloud-sdk/234/bin/gcloud does not exist.
You appear to be running gcloud as an (Ubuntu) Snap . This will benefit from automatic upgrades but, you should not hard code the Snap version ( 234 ) as this folder will eventually be deleted. I suspect that's what's happened. You should:
#1 Reference the binary through the current folder ie /snap/google-cloud-sdk/current/bin/gcloud .
However, since you're attempting to authenticate to the cluster using Jenkins, you should consider using a (Google Cloud Platform) Service Account (not a Kube.netes Service Account) rather than your user credentials.
#2 See Authenticating to the Kube.netes API within GCP and external to GCP .
NOTE It's possible (??) that you could use Workload Identity Federation to federate credentials of eg Azure|AWS to GCP to authenticate to the GKE cluster.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.