After installing the auth plugin

gcloud components install gke-gcloud-auth-plugin

the solution for me was to first set the ENV variable

export USE_GKE_GCLOUD_AUTH_PLUGIN=True

and then get the credentials

gcloud container clusters get-credentials <YOUR_CLUSTER> --region <YOUR_REGION>

The following actions did the trick for me:

user@bastion-host:~$ echo 'export USE_GKE_GCLOUD_AUTH_PLUGIN=True' >> ~/.profile user@bastion-host:~$ source ~/.profile

user@bastion-host:~$ cp ~/.kube/config ~/.kube/config.backup && rm ~/.kube/config

user@bastion-host:~$ gcloud container clusters get-credentials cluster-name --region your-region-here --project project-id

Check to see if “kubectl get node” works now. If not, continue with the following:

user@bastion-host:~$ nano ~/.kube/config

Modify the following “users” section, like so:

preferences: {}
#users:
#- name: gke_project-id-region-here_cluster-name
#  user:
#    auth-provider:
#      config:
#        cmd-args: config config-helper --format=json
#        cmd-path: /usr/lib/google-cloud-sdk/bin/gcloud
#        expiry-key: '{.credential.token_expiry}'
#        token-key: '{.credential.access_token}'
#      name: gcp

preferences: {}
users:
- name: gke_project-id-region-here_cluster-name
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: gke-gcloud-auth-plugin
      installHint: Install gke-gcloud-auth-plugin for use with kubectl by following
        https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
      provideClusterInfo: true

I removed and re-installed all google-cloud-cli, google-cloud-cli-gke-gcloud-auth-plugin and kubectl packages. I deleted .kube configuration directory and re-imported the clusters: now it is working fine.

After installing the auth plugin

gcloud components install gke-gcloud-auth-plugin

the solution for me was to first set the ENV variable

export USE_GKE_GCLOUD_AUTH_PLUGIN=True

and then get the credentials

gcloud container clusters get-credentials <YOUR_CLUSTER> --region <YOUR_REGION>

Confirmed this solves the issue in macOS, thanks a lot @acola 👍

I have the same and the standard fix of setting export USE_GKE_GCLOUD_AUTH_PLUGIN=True does not help

https://stackoverflow.com/questions/74775557/how-to-use-gke-gcloud-auth-plugin-with-a-gcloud-service-account-key-file

This behavior started to happen after I updated the Ubuntu 22.04 server which is located on GCP cloud. I think it is something related to GKE.

When I update the .kube/config file, I’m able to run kubectl commands. But when I run the gcloud container cluster get-credentials (...), the user on .kube/config file is overwritten and the error starts to happen again.

Any of you having the same issue?

Hi,

If this happens after an update, try to do the following: echo 'export USE_GKE_GCLOUD_AUTH_PLUGIN=True' >> ~/.profile source ~/.profile cp ~/.kube/config ~/.kube/config.old rm ~/.kube/config gcloud container cluster get-credentials (...)

Since you added the variable to use the gke auth plugin, next time you get the config file via gcloud, you should get the correct format for usage with the gcloud auth plugin.

Hello, Thank you @ucsky! It worked also for me. I’ve created a bash script to do it easily. Hope it helps:

#!/bin/bash

cd ~

echo "Add BROWSER variable in profile file if not exists"
if [ -z "$(cat ~/.profile | grep BROWSER)" ]; then 
    echo 'export BROWSER="/mnt/c/Program Files/Google/Chrome/Application/chrome.exe"' >> ~/.profile
    source ~/.profile
fi

echo "Delete google-cloud-cli google-cloud-cli-gke-gcloud-auth-plugin google-cloud-sdk-gke-gcloud-auth-plugin"
sudo apt-get remove google-cloud-cli google-cloud-cli-gke-gcloud-auth-plugin google-cloud-sdk-gke-gcloud-auth-plugin -y && \
sudo apt-get purge google-cloud-cli google-cloud-cli-gke-gcloud-auth-plugin google-cloud-sdk-gke-gcloud-auth-plugin && \
sudo apt-get autoremove

echo "Clean kubectl"
if [ -d ~/.kube ]; then
    rm -rf ~/.kube
fi

kubectl_path="$(whereis kubectl | cut -d':' -f2 | cut -d' ' -f2)"
if [ -n $(echo $kubectl_path) ]; then 
    sudo rm -f $kubectl_path
fi

echo "Add gcloud repos if they don't exist"

if [ ! -f /etc/apt/sources.list.d/google-cloud-sdk.list ]; then
    echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
fi

echo "Install them, if package fail, solve it and reinstall"
sudo apt-get update && sudo apt-get install google-cloud-cli -y
if [ $? -ne 0 ]; then 
    sudo dpkg -i --force-overwrite /var/cache/apt/archives/google-cloud-cli_412.0.0-0_all.deb
    sudo apt -f install
    sudo apt-get update && sudo apt-get install google-cloud-cli -y
fi
sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin -y

echo "Reinstall kubectl"
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
if [ -z $kubectl_path ]; then
    kubectl_path=/usr/bin/kubectl
fi
sudo mv kubectl $kubectl_path
sudo chmod +x $kubectl_path
sudo chown $(whoami) $kubectl_path

echo "Add USE_GKE_GCLOUD_AUTH_PLUGIN variable in profile file if not exists"
if [ -z "$(cat ~/.profile | grep USE_GKE_GCLOUD_AUTH_PLUGIN)" ]; then 
    echo 'export USE_GKE_GCLOUD_AUTH_PLUGIN=True' >> ~/.profile
    source ~/.profile
fi


echo "Login gcloud"
myuser=$(whoami)
sudo chown -R :${myuser} ~/.config/gcloud/configurations
gcloud auth login

if [ $? -eq 0 ]; then 
    echo "It works!"
    exit 0
else
    echo "It failed... let's troubleshoot it!"
    exit 1
fi

After installing the auth plugin

gcloud components install gke-gcloud-auth-plugin

the solution for me was to first set the ENV variable

export USE_GKE_GCLOUD_AUTH_PLUGIN=True

and then get the credentials

gcloud container clusters get-credentials <YOUR_CLUSTER> --region <YOUR_REGION>

worked for me on macOS

This worked for me. Thanks.