-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathk8s.go
125 lines (109 loc) · 3.26 KB
/
k8s.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package main
import (
"fmt"
"time"
apiv1 "k8s.io/api/core/v1"
k8sErrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
wait "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes"
rest "k8s.io/client-go/rest"
)
func createApiserverClient() (*kubernetes.Clientset, error) {
cfg, err := rest.InClusterConfig()
if err != nil {
fmt.Println("could not execute due to error:", err)
return nil, err
}
cfg.QPS = defaultQPS
cfg.Burst = defaultBurst
cfg.ContentType = "application/vnd.kubernetes.protobuf"
client, err := kubernetes.NewForConfig(cfg)
if err != nil {
fmt.Println("could not execute due to error:", err)
return nil, err
}
// var v *discovery.Info
// In some environments is possible the client cannot connect the API server in the first request
// https://github.com/kubernetes/ingress-nginx/issues/1968
defaultRetry := wait.Backoff{
Steps: 10,
Duration: 1 * time.Second,
Factor: 1.5,
Jitter: 0.1,
}
var lastErr error
retries := 0
err = wait.ExponentialBackoff(defaultRetry, func() (bool, error) {
_, err = client.Discovery().ServerVersion()
if err == nil {
return true, nil
}
lastErr = err
retries++
return false, nil
})
// err is not null only if there was a timeout in the exponential backoff (ErrWaitTimeout)
if err != nil {
return nil, lastErr
}
return client, nil
}
func EnsureSecret(secret *apiv1.Secret, verbose string) (*apiv1.Secret, error) {
kubeClient, err := createApiserverClient()
s, err := kubeClient.CoreV1().Secrets(secret.Namespace).Create(secret)
if err != nil {
if k8sErrors.IsAlreadyExists(err) {
if verbose == "true" {
fmt.Println("Secret", secret.Name, " already exist in namespace ", secret.Namespace, ", updating")
}
return kubeClient.CoreV1().Secrets(secret.Namespace).Update(secret)
}
fmt.Println("could not execute due to error:", err)
return nil, err
}
if verbose == "true" {
fmt.Println("Secret", secret.Name, " created in namespace ", secret.Namespace)
}
return s, nil
}
func saveSecretMapToK8s(sh map[string]map[string][]byte, namespace string, label_name string, label_value string, verbose string) (err error) {
if verbose == "true" {
fmt.Println("Start creating secrets in Kubernetes")
}
for secret_domain := range sh {
var err_message string
if sh[secret_domain]["cert"] == nil {
err_message = "ERROR: " + secret_domain + " do not have cert file"
fmt.Println(err_message)
} else if sh[secret_domain]["key"] == nil {
err_message = "ERROR: " + secret_domain + " do not have key file"
fmt.Println(err_message)
} else {
var labels map[string]string
labels = make(map[string]string)
labels["cert_domain"] = secret_domain
labels["created_by"] = "s3sync"
if label_name != "" && label_value != "" {
labels[label_name] = label_value
}
_, err = EnsureSecret(&apiv1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secret_domain,
Namespace: namespace,
Labels: labels,
},
Data: map[string][]byte{
apiv1.TLSCertKey: sh[secret_domain]["cert"],
apiv1.TLSPrivateKeyKey: sh[secret_domain]["key"],
},
Type: apiv1.SecretType("kubernetes.io/tls"),
}, verbose)
if err != nil {
fmt.Println(err.Error())
return err
}
}
}
return nil
}