in pkg/provider/gke/gke.go [538:589]
func (c *GKE) NewK8sProvider(*kingpin.ParseContext) error {
// Get the authentication certificate for the cluster using the GKE client.
req := &containerpb.GetClusterRequest{
ProjectId: c.DeploymentVars["GKE_PROJECT_ID"],
Zone: c.DeploymentVars["ZONE"],
ClusterId: c.DeploymentVars["CLUSTER_NAME"],
}
rep, err := c.clientGKE.GetCluster(c.ctx, req)
if err != nil {
log.Fatalf("failed to get cluster details: %v", err)
}
// The master auth retrieved from GCP it is base64 encoded so it must be decoded first.
caCert, err := base64.StdEncoding.DecodeString(rep.MasterAuth.GetClusterCaCertificate())
if err != nil {
log.Fatalf("failed to decode certificate: %v", err.Error())
}
cluster := clientcmdapi.NewCluster()
cluster.CertificateAuthorityData = []byte(caCert)
cluster.Server = fmt.Sprintf("https://%v", rep.Endpoint)
context := clientcmdapi.NewContext()
context.Cluster = rep.Name
//nolint:staticcheck // SA1019 - Ignore "Do not use.".
context.AuthInfo = rep.Zone
authInfo := clientcmdapi.NewAuthInfo()
authInfo.AuthProvider = &clientcmdapi.AuthProviderConfig{
Name: "gcp",
Config: map[string]string{
"cmd-args": "config config-helper --format=json",
"expiry-key": "{.credential.token_expiry}",
"token-key": "{.credential.access_token}",
},
}
config := clientcmdapi.NewConfig()
config.Clusters[rep.Name] = cluster
//nolint:staticcheck // SA1019 - Ignore "Do not use.".
config.Contexts[rep.Zone] = context
//nolint:staticcheck // SA1019 - Ignore "Do not use.".
config.AuthInfos[rep.Zone] = authInfo
//nolint:staticcheck // SA1019 - Ignore "Do not use.".
config.CurrentContext = rep.Zone
c.k8sProvider, err = k8sProvider.New(c.ctx, config)
if err != nil {
log.Fatal("k8s provider error", err)
}
return nil
}