GKE workloadidentity

gistfile1.go

package main

import (
	"context"
	"fmt"
	"os"

	"google.golang.org/api/compute/v1"
	container "google.golang.org/api/container/v1beta1"
	"google.golang.org/api/option"

)

func main() {
	opts := []option.ClientOption{option.WithScopes(compute.CloudPlatformScope)}
	gkeService, err := container.NewService(context.Background(), opts...)
	if err != nil {
		fmt.Println(err.Error())
		os.Exit(0)
	}
	clusterRequest := &container.CreateClusterRequest{
		Cluster: &container.Cluster{
			Name:                  "helloworld",
			InitialClusterVersion: "1.13",
			InitialNodeCount:      4,
			NodeConfig: &container.NodeConfig{
				MachineType: "n1-standard-2",
				OauthScopes: []string{"https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/trace.append"},
			},
		},
	}
	// Since Boskos can pick any project in the pool, we need to make sure the identity namespace ties
	// to the correct project id.
	project := "your-project"
	if true {
		clusterRequest.Cluster.WorkloadIdentityConfig = &container.WorkloadIdentityConfig{
			IdentityNamespace: fmt.Sprintf("%s.svc.id.goog", project),
		}
		//clusterRequest.Cluster.WorkloadIdentityConfig.IdentityNamespace =
		//		fmt.Sprintf("%s.svc.id.goog", project)
	}
	_, err = gkeService.Projects.Zones.Clusters.Create(project, "us-central1-a", clusterRequest).Context(context.Background()).Do()
	if err != nil {
		fmt.Println(err.Error())
		os.Exit(0)
	}
}