Golang Client.Secrets Examples

Golang Client.Secrets - 24 examples found. These are the top rated real world Golang examples of k8s/io/kubernetes/pkg/client/unversioned.Client.Secrets extracted from open source projects. You can rate examples to help us improve the quality of examples.
Example #1
0
func createSecret(c *k8sclient.Client, f *cmdutil.Factory, flags *flag.FlagSet, secretDataIdentifiers string, secretType string, keysNames []string) (Result, error) {
	var secret = secret(secretDataIdentifiers, secretType, keysNames, flags)
	ns, _, err := f.DefaultNamespace()
	if err != nil {
		return Failure, err
	}
	rs, err := c.Secrets(ns).Create(&secret)
	if rs != nil {
		return Success, err
	}
	return Failure, err
}
Example #2
0
func getServiceAccountPullSecret(client *kclient.Client, ns, name string) (string, error) {
	secrets, err := client.Secrets(ns).List(labels.Everything(), fields.Everything())
	if err != nil {
		return "", err
	}
	for _, secret := range secrets.Items {
		if secret.Type == api.SecretTypeDockercfg && secret.Annotations[api.ServiceAccountNameKey] == name {
			return string(secret.Data[api.DockerConfigKey]), nil
		}
	}
	return "", nil
}
func getReferencedServiceAccountToken(c *client.Client, ns string, name string, shouldWait bool) (string, string, error) {
	tokenName := ""
	token := ""

	findToken := func() (bool, error) {
		user, err := c.ServiceAccounts(ns).Get(name)
		if errors.IsNotFound(err) {
			return false, nil
		}
		if err != nil {
			return false, err
		}

		for _, ref := range user.Secrets {
			secret, err := c.Secrets(ns).Get(ref.Name)
			if errors.IsNotFound(err) {
				continue
			}
			if err != nil {
				return false, err
			}
			if secret.Type != api.SecretTypeServiceAccountToken {
				continue
			}
			name := secret.Annotations[api.ServiceAccountNameKey]
			uid := secret.Annotations[api.ServiceAccountUIDKey]
			tokenData := secret.Data[api.ServiceAccountTokenKey]
			if name == user.Name && uid == string(user.UID) && len(tokenData) > 0 {
				tokenName = secret.Name
				token = string(tokenData)
				return true, nil
			}
		}

		return false, nil
	}

	if shouldWait {
		err := wait.Poll(time.Second, 10*time.Second, findToken)
		if err != nil {
			return "", "", err
		}
	} else {
		ok, err := findToken()
		if err != nil {
			return "", "", err
		}
		if !ok {
			return "", "", fmt.Errorf("No token found for %s/%s", ns, name)
		}
	}
	return tokenName, token, nil
}
Example #4
0
func deleteSecrets(c *k8sclient.Client, ns string, selector labels.Selector) error {
	secrets, err := c.Secrets(ns).List(api.ListOptions{LabelSelector: selector})
	if err != nil {
		return err
	}
	for _, s := range secrets.Items {
		err := c.Secrets(ns).Delete(s.Name)
		if err != nil {
			return errors.Wrap(err, fmt.Sprintf("failed to delete Secret %s", s.Name))
		}
	}
	return nil
}
Example #5
0
func generatePrivateKeySecrets(c *client.Client, ns string, hostEntries []*HostEntry, rc *api.ReplicationController, podSpec *api.PodSpec, container *api.Container) error {
	secrets := map[string]string{}
	rcName := rc.ObjectMeta.Name

	for _, hostEntry := range hostEntries {
		privateKey := hostEntry.PrivateKey
		if len(privateKey) != 0 {
			volumeMount := secrets[privateKey]
			if len(volumeMount) == 0 {
				buffer, err := ioutil.ReadFile(privateKey)
				if err != nil {
					return err
				}
				hostName := hostEntry.Name
				secretName := rcName + "-" + hostName
				keyName := "sshkey"
				secret := &api.Secret{
					ObjectMeta: api.ObjectMeta{
						Name:   secretName,
						Labels: rc.ObjectMeta.Labels,
					},
					Data: map[string][]byte{
						keyName: buffer,
					},
				}

				// lets create or update the secret
				secretClient := c.Secrets(ns)
				current, err := secretClient.Get(secretName)
				if err != nil || current == nil {
					_, err = secretClient.Create(secret)
				} else {
					_, err = secretClient.Update(secret)
				}
				if err != nil {
					return err
				}

				volumeMount = "/secrets/" + hostName
				secrets[privateKey] = volumeMount
				hostEntry.PrivateKey = volumeMount + "/" + keyName

				// lets add the volume mapping to the container
				secretVolumeName := "secret-" + hostName
				k8s.EnsurePodSpecHasSecretVolume(podSpec, secretVolumeName, secretName)
				k8s.EnsureContainerHasVolumeMount(container, secretVolumeName, volumeMount)
			}
		}
	}
	return nil
}
Example #6
0
func getSecret(kubeClient *client.Client, name string, ns string) (*api.Secret, error) {
	secretClient := kubeClient.Secrets(ns)
	secret, err := secretClient.Get(name)
	if err != nil {
		statusErr, ok := err.(*errors.StatusError)
		// If the issue is just that no such secret was found, that's ok.
		if ok && statusErr.Status().Code == 404 {
			// We'll just return nil instead of a found *api.Secret
			return nil, nil
		}
		return nil, err
	}
	return secret, nil
}