verify_connectivity function (asmcli/lib/util.sh) should use kubectl to test for connectivity

[jacekszlachtass]

We have a GKE cluster with a master private endpoint. To connect to the api we tunnel to a bastion host via IAP:

gcloud compute ssh <bastion_host> \
        --tunnel-through-iap \
        --project <project_id> \
        --zone <zone> -- -L7777:127.0.0.1:8888

and use HTTPS_PROXY env variable to use the above tunnel:

export HTTPS_PROXY=localhost:7777

verify_connectivity function uses nc, which fails in our case.

https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages/blob/ff9b627ccfed3427390008845be06298d4b20d92/asmcli/lib/util.sh#L498

It would work if, for example, "kubectl version" was used instead of nc.

Also, the hard-coded port 443 does not look good to me, though I am not sure if it can be different than 443 in GKE.

[jacekszlachtass]

The only drawback I can think of is a longer timeout, it takes 30 seconds for "kubectl version" to time out, as opposed to to 10 seconds with: nc -zvw 10 "${ADDR}" 443.

❯ time kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short.  Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.1", GitCommit:"3ddd0f45aa91e2f30c70734b175631bec5b5825a", GitTreeState:"clean", BuildDate:"2022-05-24T12:26:19Z", GoVersion:"go1.18.2", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.4
Unable to connect to the server: dial tcp 10.0.0.2:443: i/o timeout
kubectl version  0.04s user 0.02s system 0% cpu 30.034 total
❯ echo $?
1