Beispiel #1
0
func getDetailsFromDockerConfigSecret(secretGetter client.SecretsInterface, secret string) (map[string]string, error) {
	configSecret, err := secretGetter.Get(secret)
	if err != nil {
		return nil, err
	}
	dockerConfigJSONBytes := configSecret.Data[api.DockerConfigJsonKey]
	var secretData map[string]interface{}
	if err = json.Unmarshal(dockerConfigJSONBytes, &secretData); err != nil {
		return nil, err
	}

	var authdata map[string]interface{}
	var hostname string
	for key, value := range secretData["auths"].(map[string]interface{}) {
		hostname = key
		authdata = value.(map[string]interface{})
	}
	token := authdata["auth"].(string)
	decodedToken, err := base64.StdEncoding.DecodeString(token)
	if err != nil {
		return nil, err
	}
	parts := strings.SplitN(string(decodedToken), ":", 2)
	if len(parts) != 2 {
		return nil, errors.New("Invalid token in docker config secret")
	}
	user := parts[0]
	password := parts[1]
	regDetails := make(map[string]string)
	regDetails["DEIS_REGISTRY_USERNAME"] = user
	regDetails["DEIS_REGISTRY_PASSWORD"] = password
	regDetails["DEIS_REGISTRY_HOSTNAME"] = hostname
	return regDetails, nil
}
Beispiel #2
0
func main() {
	var ingClient client.IngressInterface
	var secretsClient client.SecretsInterface
	/* Anon http client
	config := client.Config{
		Host:     "http://localhost:8080",
		Username: "******",
		Password: "******",
	}
	kubeClient, err := client.New(&config)
	*/
	kubeClient, err := client.NewInCluster()
	if err != nil {
		log.Fatalf("Failed to create client: %v.", err)
	} else {
		ingClient = kubeClient.Extensions().Ingress(api.NamespaceAll)
		secretsClient = kubeClient.Secrets(api.NamespaceAll)
	}
	tmpl := template.New("nginx.tmpl").Funcs(template.FuncMap{"hasprefix": hasPrefix, "hassuffix": hasSuffix})
	if _, err := tmpl.ParseFiles("./nginx.tmpl"); err != nil {
		log.Fatalf("Failed to parse template %v", err)
	}

	rateLimiter := util.NewTokenBucketRateLimiter(0.1, 1)
	known := &extensions.IngressList{}
	known_secrets := &api.SecretList{}

	// Controller loop
	shellOut("nginx")
	for {
		rateLimiter.Accept()
		ingresses, err := ingClient.List(api.ListOptions{})
		if err != nil {
			log.Printf("Error retrieving ingresses: %v", err)
			continue
		}
		secrets, err := secretsClient.List(api.ListOptions{})
		if err != nil {
			log.Printf("Error retrieving secrets: %v", err)
			continue
		}
		if reflect.DeepEqual(ingresses.Items, known.Items) && reflect.DeepEqual(secrets.Items, known_secrets.Items) {
			continue
		}
		// Process SSL context
		// old values
		known = ingresses
		known_secrets = secrets
		// context variable
		context := &Context{Ingress: ingresses, Secrets: secrets}
		if w, err := os.Create("/etc/nginx/nginx.conf"); err != nil {
			log.Fatalf("Failed to open %v: %v", err)
		} else if err := tmpl.Execute(w, context); err != nil {
			log.Fatalf("Failed to write template %v", err)
		}
		shellOut("nginx -s reload")
	}
}
Beispiel #3
0
func getDetailsFromRegistrySecret(secretGetter client.SecretsInterface, secret string) (map[string]string, error) {
	regSecret, err := secretGetter.Get(secret)
	if err != nil {
		return nil, err
	}
	regDetails := make(map[string]string)
	for key, value := range regSecret.Data {
		regDetails[key] = string(value)
	}
	return regDetails, nil
}
Beispiel #4
0
// waitForToken uses `cmd.Until` to wait for the service account controller to fulfill the token request
func waitForToken(token *api.Secret, serviceAccount *api.ServiceAccount, timeout time.Duration, client unversioned.SecretsInterface) (*api.Secret, error) {
	// there is no provided rounding function, so we use Round(x) === Floor(x + 0.5)
	timeoutSeconds := int64(math.Floor(timeout.Seconds() + 0.5))

	options := api.ListOptions{
		FieldSelector:   fields.SelectorFromSet(fields.Set(map[string]string{"metadata.name": token.Name})),
		Watch:           true,
		ResourceVersion: token.ResourceVersion,
		TimeoutSeconds:  &timeoutSeconds,
	}

	watcher, err := client.Watch(options)
	if err != nil {
		return nil, fmt.Errorf("could not begin watch for token: %v", err)
	}

	event, err := cmd.Until(timeout, watcher, func(event watch.Event) (bool, error) {
		if event.Type == watch.Error {
			return false, fmt.Errorf("encountered error while watching for token: %v", event.Object)
		}

		eventToken, ok := event.Object.(*api.Secret)
		if !ok {
			return false, nil
		}

		if eventToken.Name != token.Name {
			return false, nil
		}

		switch event.Type {
		case watch.Modified:
			if serviceaccounts.IsValidServiceAccountToken(serviceAccount, eventToken) {
				return true, nil
			}
		case watch.Deleted:
			return false, errors.New("token was deleted before fulfillment by service account token controller")
		case watch.Added:
			return false, errors.New("unxepected action: token was added after initial creation")
		}
		return false, nil
	})
	if err != nil {
		return nil, err
	}

	return event.Object.(*api.Secret), nil
}
Beispiel #5
0
func createAppEnvConfigSecret(secretsClient client.SecretsInterface, secretName string, env map[string]interface{}) error {
	newSecret := new(api.Secret)
	newSecret.Name = secretName
	newSecret.Type = api.SecretTypeOpaque
	newSecret.Data = make(map[string][]byte)
	for k, v := range env {
		newSecret.Data[k] = []byte(fmt.Sprintf("%v", v))
	}
	if _, err := secretsClient.Create(newSecret); err != nil {
		if apierrors.IsAlreadyExists(err) {
			if _, err = secretsClient.Update(newSecret); err != nil {
				return err
			}
			return nil
		}
		return err
	}
	return nil
}
Beispiel #6
0
func installationStarted(c kclient.PodInterface, name string, s kclient.SecretsInterface) wait.ConditionFunc {
	return func() (bool, error) {
		pod, err := c.Get(name)
		if err != nil {
			return false, err
		}
		if pod.Status.Phase == kapi.PodPending {
			return false, nil
		}
		// delete a secret named the same as the pod if it exists
		if secret, err := s.Get(name); err == nil {
			if secret.Annotations[newcmd.GeneratedForJob] == "true" &&
				secret.Annotations[newcmd.GeneratedForJobFor] == pod.Annotations[newcmd.GeneratedForJobFor] {
				if err := s.Delete(name); err != nil {
					glog.V(4).Infof("Failed to delete install secret %s: %v", name, err)
				}
			}
		}
		return true, nil
	}
}