I have a function that I use with AWS to generate tokens to access Kubernetes cluster, I want to create a version of it to work with GCP, but I am confused about the inputs and the classes to be used
Right now I created a service account, and that service account gave me a JSON file that I use it to connect to the cluster and that works just fine. I am looking for a way to generate the token with PHP and without depending on the CLI.
This is the code that I am using with AWS, what would be the equivalent to the code below.
$validator = Validator::make($paramsArray, [
'region' => 'required',
'clusterName' => 'required',
'accessKeyId' => 'required',
'secretAccessKey' => 'required'
]);
if ($validator->fails()) {
foreach($validator->errors()->all() as $error){
$this->error($error);
$this->newLine();
}
throw new \Exception('Missing required params');
}
$region = $paramsArray['region'];
$clusterName = $paramsArray['clusterName'];
$expiry = Carbon::now()->addMinutes(15);
$request = new Request('GET', "https://sts.{$region}.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15", [
'x-k8s-aws-id' => $clusterName,
]);
$signer = new SignatureV4('sts', $region, []);
$credentialsProvider = CredentialProvider::fromCredentials(new Credentials($paramsArray['accessKeyId'], $paramsArray['secretAccessKey']))()->wait();
$signature = $signer->presign($request, $credentialsProvider, $expiry);
// @see https://github.com/aws/aws-cli/commit/3ef2a3cf895cb64cf45a28284ca3291cd1c33755
$token = 'k8s-aws-v1.'.rtrim(base64_encode($signature->getUri()), '=');
I did try a similar approach with GCP, but that did not work