1. Docs
  2. Reference
  3. kubectl-gs CLI
  4. FAQ

Last modified November 27, 2024

Questions and answers on kubectl-gs

General

How can I create a cluster or node pool

kubectl-gs provides the template family of commands, to create manifests for clusters, node pools and more. The resulting manifests are meant to be applied by kubectl apply to actually create resources. Check the template cluster and template nodepool reference pages. You can find more information in the getting started page.

How can I install an app in a workload cluster

Check the kubectl gs template app command. It helps you create an App resource manifest, which is what you need to express the desired state “I want app X installed in cluster Y”. For more context, we provide an article to help you get started with apps.

Can kubectl-gs work without kubectl

Yes, you can execute the binary as kubectl-gs, too. However, most commands expect a kubectl configuration to be present.

Do you provide a container image for kubectl-gs

Yes, please check the installation page for details.

Why do I see “API rate limit exceeded” errors

kubectl-gs accesses the GitHub API to check whether the user is running the latest version of kubectl-gs. If the user, or someone in their network, has been executing many requests against the GitHub API already within a certain time window, the network might get blocked due to rate limiting.

To circumvent this problem, you can execute every command with the --disable-version-check flag. As an alternative, you can set the GITHUB_TOKEN environment variable to a GitHub token, and make the request count towards your personal rate limit, not the (lower) IP based one.

kubectl gs login

How can I find out my platform API endpoint

You can simply ask your Giant Swarm support contact. The endpoint is generated with the base domain plus the prefix api. For example, if your base domain is snorkel.gigantic.io, the endpoint would be api.snorkel.gigantic.io.

What does ‘Error: Token renewal failed’ mean

It means that kubectl gs login tried to get a fresh ID-token to authenticate with against the Kubernetes API, since the existing one had expired. To resolve this, please check your kubectl configuration file (typically in ~/.kube/config). Do you have several user entries for the same management cluster, using the same client-id? If yes, please edit your configuration so that there is only one.

Why does the command connect to a service called ‘athena’

The Management API uses a TLS certificate signed by a custom certificate authority (CA). In order to communicate with the API, a client (here: kubectl) must trust that CA, it must have the CA’s certificate. Athena is a public service providing that CA certificate, plus some information on the installation, to the client.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.

We empower platform teams to provide internal developer platforms that fuel innovation and fast-paced growth.   

GET IN TOUCH
General: hello@giantswarm.io

CERTIFIED SERVICE PROVIDER

RESOURCES

Webinars
Documentation
Blog
Partners
Events
Legal

COMPANY

About Us
Product
Customers
Careers
Contact Us

PLATFORMS

AWS
Azure
OpenStack
Copyright © 2024 Giant Swarm GmbH. All Rights Reserved.