Accessing Kubernetes API on Google Container Engine

Once you launch your container cluster on Google Container Engine, you will have a master running the kubernetes API on a VM in your GCP project. If you run gcloud preview container clusters list you will see the endpoint at which the kubernetes API is available as well as the http basic auth credentials needed to access it.

gcloud comes bundled with a recent version of kubectl and the ability to execute it for any container cluster you have launched with Google Container Engine. To list pods, for instance, you can run gcloud preview container kubectl list pods.

https://cloud.google.com/sdk/gcloud/reference/preview/container/kubectl describes the gcloud preview container kubectl command and what flags it accepts.

I created a blog post just for this topic. It includes a video walkthrough of the code and demo. Essentially, you can get the Kubernetes credentials from the Google Container Engine API. Here is how to do it in golang:

func newKubernetesClient(clstr *container.Cluster) (*kubernetes.Clientset, error) {
    cert, err := base64.StdEncoding.DecodeString(clstr.MasterAuth.ClientCertificate)
    if err != nil {
        return nil, err
    }
    key, err := base64.StdEncoding.DecodeString(clstr.MasterAuth.ClientKey)
    if err != nil {
        return nil, err
    }
    ca, err := base64.StdEncoding.DecodeString(clstr.MasterAuth.ClusterCaCertificate)
    if err != nil {
        return nil, err
    }
    config := &rest.Config{
        Host:            clstr.Endpoint,
        TLSClientConfig: rest.TLSClientConfig{CertData: cert, KeyData: key, CAData: ca},
        Username:        clstr.MasterAuth.Username,
        Password:        clstr.MasterAuth.Password,
        // Insecure:        true,
    }
    kbrnts, err := kubernetes.NewForConfig(config)
    if err != nil {
        return nil, err
    }
    return kbrnts, nil
}