Google Container Engine - Cannot Initialize Federated Cluster

Question

I'm attempting to deploy a federated cluster on GKE but I'm running into an error when I attempt to create it using this command:

./kubefed init kfed \
>   --host-cluster-context=america \
>   --dns-zone-name=${DNS_ZONE} \
>   --dns-provider="google-clouddns"
error: no configuration has been provided

I'm following the tutorial found here and everything has been good up to this point. Unfortunately, I don't see a switch to get some more verbose information about the error. Has anyone come across this before?

Here's are all the steps that I've taken:

# Let's export some variables to call below
export PROJECT=final-project
export DNS_ZONE=my.domain.co.

# Let's Create two new clusters
gcloud container clusters create webapp-america --zone us-west1-a --num-nodes=3 --scopes cloud-platform,storage-ro,logging-write,monitoring-write,service-control,service-management,https://www.googleapis.com/auth/ndev.clouddns.readwrite
gcloud container clusters create webapp-europe --zone europe-west1-c --num-nodes=3 --scopes cloud-platform,storage-ro,logging-write,monitoring-write,service-control,service-management,https://www.googleapis.com/auth/ndev.clouddns.readwrite

# Let's extract their creds
gcloud config set container/use_client_certificate True
export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=True

# Let's create 2 new contexts for easier reference
kubectl config set-context america --cluster=gke_${PROJECT}_us-west1-a_webapp-america --user=gke_${PROJECT}_us-west1-a_algolia-america
kubectl config set-context europe --cluster=gke_${PROJECT}_europe-west1-c_webapp-europe --user=gke_${PROJECT}_europe-west1-c_algolia-europe

# Let's delete the old context references
kubectl config delete-context gke_${PROJECT}_us-west1-a_webapp-america
kubectl config delete-context gke_${PROJECT}_europe-west1-c_webapp-europe

# Let's initialize the cluster
kubefed init kfed \
  --host-cluster-context=america \
  --dns-zone-name=${DNS_ZONE} \
  --dns-provider="google-clouddns"

Update - I've decided to start from a fresh and clean project, and I'm moving past this step. I'll keep the project up though, and will continue to troubleshoot

Answer 1

I don't think this series of commands actually fetch the credentials required to access the GKE cluster. Concretely, running:

# Let's extract their creds
gcloud config set container/use_client_certificate True
export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=True

tells gcloud that when it fetches the credentials for GKE clusters it must fetch the TLS key pair that could be used to authenticate against GKE clusters. But it doesn't actually fetch anything.

And then when you run:

# Let's create 2 new contexts for easier reference
kubectl config set-context america --cluster=gke_${PROJECT}_us-west1-a_webapp-america --user=gke_${PROJECT}_us-west1-a_algolia-america
kubectl config set-context europe --cluster=gke_${PROJECT}_europe-west1-c_webapp-europe --user=gke_${PROJECT}_europe-west1-c_algolia-europe

you are just creating empty contexts with no content in them. You can confirm this by peeking at your default kubeconfig file (cat $HOME/.kube/config in Linux).

You can fix this problem by running:

gcloud container clusters get-credentials webapp-america --zone us-west1-a
gcloud container clusters get-credentials webapp-europe --zone europe-west1-c

After running the gcloud config set ... command, but before running kubectl config set-context ... commands.

Also on a semi-related note, you need a real domain name programmable via Google Cloud DNS for federated services to work if you are using gcloud-dns as your DNS provider.

EDIT: The second gcloud get-credentials command was calling gcloud create instead of gcloud get-credentials. It's fixed now.