ke fails with error "no Auth Provider found for name azure"
masterphenix opened this issue · comments
Hello,
I have an AKS cluster in Azure, and I am authenticating with Azure AD. My kubeconfig looks like this :
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: xxxx
server: https://myakscluster.hcp.westeurope.azmk8s.io:443
name: myakscluster
contexts:
- context:
cluster: myakscluster
user: clusterUser_myakscluster-rg_myakscluster
name: myakscluster
current-context: myakscluster
kind: Config
preferences: {}
users:
- name: clusterUser_myakscluster-rg_myakscluster
user:
auth-provider:
config:
apiserver-id: xxxxxxxxx
client-id: xxxxxxxxxxxx
config-mode: '1'
environment: AzurePublicCloud
tenant-id: xxxxxxxx
name: azure
When I try to use kubeeye, I get the following error :
$ ke diag --kubeconfig ~/.kube/config
ERRO[0000] Error fetching api: no Auth Provider found for name "azure"
Failed to get cluster information: no Auth Provider found for name "azure"
Do you plan to support this provider in the future ?
@Forest-L Could you pls take a look at it? This issue seems also reproduced on GKE.
- Client certificates or tokens are used in kubeconfig
- If using an auth-provider, make sure that kubectl can use this kubeconfig
- refer to this docs, https://kubernetes.io/docs/reference/access-authn-authz/authentication/
This kubeconfig is generated by the following AzCLI command :
az aks get-credentials [...] -f ~/.kube/config
It is perfectly valid and works with kubectl.
@masterphenix It is OK to use Token, refer to this article aks token
I have the same problem with GKE service in GCP cloud:
$ ./ke diag
ERRO[0000] Error fetching api: no Auth Provider found for name "gcp"
Failed to get cluster information: no Auth Provider found for name "gcp"
Of source my .kube/config works with all other tools: kubectl, helm and other 3rd party tools like Lens, Terraform, etc.
/assign @ruiyaoOps
I have the same problem with GKE service in GCP cloud:
$ ./ke diag ERRO[0000] Error fetching api: no Auth Provider found for name "gcp" Failed to get cluster information: no Auth Provider found for name "gcp"
Of source my .kube/config works with all other tools: kubectl, helm and other 3rd party tools like Lens, Terraform, etc.
I have tested on my EKS ,my cluster deployed by https://aws.amazon.com/cn/quickstart/architecture/qingcloud-kubesphere/,it's ok.The command is carried out through the bastion machine.
Make sure the machine where you executed command has sufficient permissions.
@ruiyaoOps I have the same problem with gke
ERRO[0000] Error fetching api: no Auth Provider found for name "gcp"
Failed to get cluster information: no Auth Provider found for name "gcp"
I have admin permission on that cluster, this kubeconfig works great with all other services
@ruiyaoOps I have the same problem with gke
ERRO[0000] Error fetching api: no Auth Provider found for name "gcp" Failed to get cluster information: no Auth Provider found for name "gcp"
I have admin permission on that cluster, this kubeconfig works great with all other services
@oriser I'm not sure the cause of the problem , I can't reproduction , can you tell me the way you deploy the eks and the machine you manage the eks , and how to install Kubeeye.
@ruiyaoOps Open GCP account, you will have free credits so you can then deploy GKE cluster, then, when you have a cluster, install gcloud CLI and run gcloud container clusters get-credentials <cluster> --region <region> --project <project>
, then you should be able to run kubectl get pods
on the cluster.
after the kubectl works, try running kubeeye and you'll face that issue
I didn't dive into your code, but I guess it's because the way GCP and Azure access the kubernetes cluster is by running a command which then generates a short time access token to the cluster, the command is defined in the kubeconfig itself and kubectl knows how to read it and work with it.
Find it under cmd-args
and cmd-path
in the kubeconfig
@oriser After verification, Kubeeye cannot run normally on GKE. We have not found the cause of this anomaly, and we will continue to investigate in the future.
To run Kubeeye you must have access to Master and in GKE master is managed by Google so you won't have access to it. I think that GKE monitoring tools also provides similar functionality.
However, you can use Kubeeye on Google Compute Engine where you can run some VMs and create Kubeadm cluster.
We will refactor kubeeye and try to fix the problem that kubeeye can't work on the GCP.