Connect to Kubernetes cluster without using gcloud sdk

Question

I´m new to kubernetes an created a cluster on google cloud platform. Now i´m trying to setup automated deployment from vsts an need to create a kubernetes user for this to get a kubeconfig file for authentication.

Now my question is how can i do this? Do i need to create this user with kubectl (if yes how?)? Or is there a way to create the user through gcp console?

I searched the web but found nothing that worked. Thanks for any suggestions!

Edit: I now how to connect to my cluster using this gcloud command: gcloud container clusters get-credentials. This work perfectly fine on my local dev machine. But on my vsts build agent i dont have gcloud installed (and also dont want to install it) and need to use only kubectl to connect to my cluster without the gcloud command.

I have already figured out that the gcloud command creates a kubeconfig file with the gcloud command as auth provider (so i cant just copy the created kubeconifg file casue it depends on gcloud installed). When i then run kubectl it creates an temporary access token in the kubeconfig. But this token is only valid for about 30 minutes. I need a token that is valid infinitely, so i can use this on my build server.

Answer 1

To connect to Kubernetes cluster in GCP, you can use either user or service account.

If you choose user account, run this command:

gcloud init 

or

gcloud init --console-only

This will bring up GCP authentication dialog. When you pass authentication, you'll be able to operate with permission of the authenticated user.

If you choose service account, you need to create it and generate a new key for it.

You can do it using GPC console -> IAM & admin -> IAM -> Service accounts.
Click on Create service account, select name for the account, select the appropriate role, and click Create.
You can generate the key by selecting Furnish a new private key in the account creation dialog box, or generate a new key by clicking on three dots on the right side of existed service account row and selecting Create key. Select JSON format and save the file on disk.

Then run the command:

gcloud auth activate-service-account <[email protected]>  --key-file=<previously_saved_file.json>

At this stage, you are authenticated with CGP and ready to connect to your Kubernetes cluster:

Next command will update your kubectl configuration to work with your cluster.

gcloud container clusters get-credentials <cluster_name> --zone <gcp_availability_zone> --project <gcp_project_name>

You can extend or decrease the account's permissions by selecting another role for it in GCP IAM management interface.

Official documentation:
gcloud auth activate-service-account
gcloud init
gcloud container clusters get-credentials