ke fails with error "no Auth Provider found for name azure"

Question

ke fails with error "no Auth Provider found for name azure"

masterphenix opened this issue 4 years ago · comments

Hello,
I have an AKS cluster in Azure, and I am authenticating with Azure AD. My kubeconfig looks like this :

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: xxxx
    server: https://myakscluster.hcp.westeurope.azmk8s.io:443
  name: myakscluster
contexts:
- context:
    cluster: myakscluster
    user: clusterUser_myakscluster-rg_myakscluster
  name: myakscluster
current-context: myakscluster
kind: Config
preferences: {}
users:
- name: clusterUser_myakscluster-rg_myakscluster
  user:
    auth-provider:
      config:
        apiserver-id: xxxxxxxxx
        client-id: xxxxxxxxxxxx
        config-mode: '1'
        environment: AzurePublicCloud
        tenant-id: xxxxxxxx
      name: azure

When I try to use kubeeye, I get the following error :

$ ke diag --kubeconfig ~/.kube/config
ERRO[0000] Error fetching api: no Auth Provider found for name "azure"
Failed to get cluster information: no Auth Provider found for name "azure"

Do you plan to support this provider in the future ?

Feynman Zhou · Answer 1 · Mon Mar 08 2021 22:25:41 GMT+0800 (China Standard Time)

@Forest-L Could you pls take a look at it? This issue seems also reproduced on GKE.

Forest · Answer 2 · Tue Mar 09 2021 17:11:21 GMT+0800 (China Standard Time)

@masterphenix

Client certificates or tokens are used in kubeconfig
If using an auth-provider, make sure that kubectl can use this kubeconfig
refer to this docs, https://kubernetes.io/docs/reference/access-authn-authz/authentication/

masterphenix · Answer 3 · Tue Mar 09 2021 23:26:15 GMT+0800 (China Standard Time)

This kubeconfig is generated by the following AzCLI command :

az aks get-credentials [...] -f  ~/.kube/config

It is perfectly valid and works with kubectl.

Forest · Answer 4 · Thu Mar 11 2021 15:12:58 GMT+0800 (China Standard Time)

@masterphenix It is OK to use Token, refer to this article aks token

Piotr Roszatycki · Answer 5 · Fri Mar 19 2021 16:57:51 GMT+0800 (China Standard Time)

I have the same problem with GKE service in GCP cloud:

$  ./ke diag
ERRO[0000] Error fetching api: no Auth Provider found for name "gcp"
Failed to get cluster information: no Auth Provider found for name "gcp"

Of source my .kube/config works with all other tools: kubectl, helm and other 3rd party tools like Lens, Terraform, etc.

Feynman Zhou · Answer 6 · Fri Mar 19 2021 19:08:39 GMT+0800 (China Standard Time)

/assign @ruiyaoOps

yaorui · Answer 7 · Wed Apr 07 2021 18:06:54 GMT+0800 (China Standard Time)

I have the same problem with GKE service in GCP cloud:
$  ./ke diag
ERRO[0000] Error fetching api: no Auth Provider found for name "gcp"
Failed to get cluster information: no Auth Provider found for name "gcp"
Of source my .kube/config works with all other tools: kubectl, helm and other 3rd party tools like Lens, Terraform, etc.

yaorui · Answer 8 · Wed Apr 07 2021 18:14:29 GMT+0800 (China Standard Time)

I have tested on my EKS ,my cluster deployed by https://aws.amazon.com/cn/quickstart/architecture/qingcloud-kubesphere/,it's ok.The command is carried out through the bastion machine.
Make sure the machine where you executed command has sufficient permissions.

Ori Seri · Answer 9 · Wed Apr 07 2021 20:56:20 GMT+0800 (China Standard Time)

@ruiyaoOps I have the same problem with gke

ERRO[0000] Error fetching api: no Auth Provider found for name "gcp"
Failed to get cluster information: no Auth Provider found for name "gcp"

I have admin permission on that cluster, this kubeconfig works great with all other services

yaorui · Answer 10 · Wed Apr 07 2021 21:11:55 GMT+0800 (China Standard Time)

@ruiyaoOps I have the same problem with gke
ERRO[0000] Error fetching api: no Auth Provider found for name "gcp"
Failed to get cluster information: no Auth Provider found for name "gcp"
I have admin permission on that cluster, this kubeconfig works great with all other services

@oriser I'm not sure the cause of the problem , I can't reproduction , can you tell me the way you deploy the eks and the machine you manage the eks , and how to install Kubeeye.

Ori Seri · Answer 11 · Wed Apr 07 2021 22:37:35 GMT+0800 (China Standard Time)

@ruiyaoOps Open GCP account, you will have free credits so you can then deploy GKE cluster, then, when you have a cluster, install gcloud CLI and run gcloud container clusters get-credentials <cluster> --region <region> --project <project>, then you should be able to run kubectl get pods on the cluster.
after the kubectl works, try running kubeeye and you'll face that issue

Ori Seri · Answer 12 · Wed Apr 07 2021 22:45:53 GMT+0800 (China Standard Time)

I didn't dive into your code, but I guess it's because the way GCP and Azure access the kubernetes cluster is by running a command which then generates a short time access token to the cluster, the command is defined in the kubeconfig itself and kubectl knows how to read it and work with it.
Find it under cmd-args and cmd-path in the kubeconfig

yaorui · Answer 13 · Thu Apr 08 2021 10:30:13 GMT+0800 (China Standard Time)

@oriser I will try, and reply to the result later, thx.

yaorui · Answer 14 · Mon Apr 12 2021 16:53:00 GMT+0800 (China Standard Time)

@oriser After verification, Kubeeye cannot run normally on GKE. We have not found the cause of this anomaly, and we will continue to investigate in the future.

yaorui · Answer 15 · Mon Apr 12 2021 16:53:14 GMT+0800 (China Standard Time)

To run Kubeeye you must have access to Master and in GKE master is managed by Google so you won't have access to it. I think that GKE monitoring tools also provides similar functionality.

yaorui · Answer 16 · Mon Apr 12 2021 16:53:56 GMT+0800 (China Standard Time)

However, you can use Kubeeye on Google Compute Engine where you can run some VMs and create Kubeadm cluster.

yaorui · Answer 17 · Wed Apr 21 2021 11:55:20 GMT+0800 (China Standard Time)

We will refactor kubeeye and try to fix the problem that kubeeye can't work on the GCP.