3

gcloud was installed using this command in windows Powershell:

(New-Object Net.WebClient).DownloadFile("https://dl.google.com/dl/cloudsdk/channels/rapid/GoogleCloudSDKInstaller.exe", "$env:Temp\GoogleCloudSDKInstaller.exe")

& $env:Temp\GoogleCloudSDKInstaller.exe

$ gcloud -v
Google Cloud SDK 398.0.0
anthos-auth 1.4.3

$ gcloud components install kubectl

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.12-dispatcher-dirty", GitCommit:"fde00375407ad0afadd681a3505054ec83f935ec", GitTreeState:"dirty", BuildDate:"2022-07-19T19:06:19Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.5-gke.1200", GitCommit:"90a16981ade07f163a0233adb631b42ac1fc53ff", GitTreeState:"clean", BuildDate:"2021-10-04T09:25:23Z", GoVersion:"go1.16.7b7", Compiler:"gc", Platform:"linux/amd64"}

Above client version tool has git commit fde00375407ad0afadd681a3505054ec83f935ec

Here is the open source repo for kubectl : https://github.com/kubernetes/kubectl

Not sure, if gcloud uses the same repo

How to find this specific Git commit from gcloud's kubectl source repo? fde00375407ad0afadd681a3505054ec83f935ec

overexchange
  • 15,768
  • 30
  • 152
  • 347
  • 1
    There doesn't appear to be a commit with that hash in that repository, so you can't. – mkrieger1 Aug 17 '22 at 22:56
  • @mkrieger1 I installed `kubectl` with `gcloud components install kubectl` – overexchange Aug 17 '22 at 23:04
  • Okay, I don't know what to do with this information though. – mkrieger1 Aug 17 '22 at 23:05
  • The release was built from that commit. That does not mean the commit is available today. – John Hanley Aug 18 '22 at 04:01
  • @JohnHanley commit history should have that commit, Isn't it? Do you mean the commit would have been deleted? – overexchange Aug 18 '22 at 04:21
  • @JohnHanley does gcloud use kubectl component built from this repo? https://github.com/kubernetes/kubectl – overexchange Aug 18 '22 at 04:24
  • 1
    I do not know that level of detail. What is your objective? – John Hanley Aug 18 '22 at 04:27
  • @JohnHanley Am unable to load oidc based config as shown [here](https://stackoverflow.com/q/73396202/3317808), so... I would like mimic, kubectl functionality, for the same – overexchange Aug 18 '22 at 04:30
  • 2
    What does OIDC have to do with a GitHub commit? – John Hanley Aug 18 '22 at 04:32
  • @JohnHanley kubectl commit(`fde00375407ad0afadd681a3505054ec83f935ec`) has the functionality to load OIDC based authentication. Would like to browse that code and mimic the functionality – overexchange Aug 18 '22 at 04:35
  • OIDC is OpenID Connect. There are zillions of examples on the Internet. I wrote a few. Google has good examples on its website. Start with OAuth and understand that. OIDC is a layer on top of OAuth. Regarding the kubectl commit, review the latest development version. – John Hanley Aug 18 '22 at 05:10
  • @JohnHanley yes there are many examples(like https://github.com/coreos/go-oidc) for OIDC authentication. Goal is to to get the state of pods(& other resources) from the cluster after successful authentication. . I could not find any example on managing the cluster, after OIDC authentication – overexchange Aug 18 '22 at 05:17
  • OAuth/OIDC are methods of authorization. Other than authorization, that has little to do with fetching the state of pods, etc. I think what you want is the GKE API: https://cloud.google.com/kubernetes-engine/docs/reference/rest You will need to understand the GKE API to read the tool source code. – John Hanley Aug 18 '22 at 05:23
  • @JohnHanley Before using GKE API, Does the api client need to authenticate using OIDC? In our environment, all kubernetes clusters accept OIDC authentication. – overexchange Aug 18 '22 at 05:34
  • There are two types of OAuth authentication in Google Cloud. OAuth Access Tokens and OIDC Identity Tokens. Which one to use depends on the API. In general, Google Cloud APIs use OAuth Access Tokens. Read the GKE API docs and it will tell you what authorization you must provide. Typically in the HTTP header `Authorization: Bearer TOKEN` However, this subject is complex/large enough that I could write a book. – John Hanley Aug 18 '22 at 05:44
  • @JohnHanley we are planning to write client library that talks to kubernetes API server(of kubernetes control plane) but not GKEngine. – overexchange Aug 18 '22 at 06:01
  • There are already many. Do not reinvent the wheel unless you have something new and important to add unless this is a learning journey. One method to master a technology is to learn its inner core and interfaces. The code for Kubernetes is public so you will have excellent resources to dig into. – John Hanley Aug 18 '22 at 06:26
  • @JohnHanley yes, we are consuming client library(https://github.com/kubernetes/client-go) to write a tool. Sorry, my bad, we are not writing library, but consuming client library, but we are getting into this [issue](https://stackoverflow.com/q/73396202/3317808). – overexchange Aug 18 '22 at 06:45
  • I tried installing `kubectl` using the gcloud components command and I got some error but it suggested to run the command `sudo apt-get install kubectl` to achieve the same result. https://imgur.com/vXri6CH Also, the kubectl component are also listed in the [apt and yum package](https://cloud.google.com/sdk/docs/components#external_package_managers) in the gcp docs – Darwin Aug 19 '22 at 01:10
  • @JohnHanley Can you share golang example with google api that performs OIDC authentication? I could see an example in java...https://developers.google.com/identity/protocols/oauth2/openid-connect#java – overexchange Aug 24 '22 at 13:50
  • Which service is the code calling that requires OIDC Identity Tokens? Most of the services have examples either online or in the SDK or both. – John Hanley Aug 24 '22 at 18:57
  • @JohnHanley code is calling service https://github.com/kubernetes/client-go – overexchange Aug 24 '22 at 21:40

0 Answers0