func getDetailsFromDockerConfigSecret(secretGetter client.SecretsInterface, secret string) (map[string]string, error) {
configSecret, err := secretGetter.Get(secret)
if err != nil {
return nil, err
}
dockerConfigJSONBytes := configSecret.Data[api.DockerConfigJsonKey]
var secretData map[string]interface{}
if err = json.Unmarshal(dockerConfigJSONBytes, &secretData); err != nil {
return nil, err
}
var authdata map[string]interface{}
var hostname string
for key, value := range secretData["auths"].(map[string]interface{}) {
hostname = key
authdata = value.(map[string]interface{})
}
token := authdata["auth"].(string)
decodedToken, err := base64.StdEncoding.DecodeString(token)
if err != nil {
return nil, err
}
parts := strings.SplitN(string(decodedToken), ":", 2)
if len(parts) != 2 {
return nil, errors.New("Invalid token in docker config secret")
}
user := parts[0]
password := parts[1]
regDetails := make(map[string]string)
regDetails["DEIS_REGISTRY_USERNAME"] = user
regDetails["DEIS_REGISTRY_PASSWORD"] = password
regDetails["DEIS_REGISTRY_HOSTNAME"] = hostname
return regDetails, nil
}
func main() {
var ingClient client.IngressInterface
var secretsClient client.SecretsInterface
/* Anon http client
config := client.Config{
Host: "http://localhost:8080",
Username: "******",
Password: "******",
}
kubeClient, err := client.New(&config)
*/
kubeClient, err := client.NewInCluster()
if err != nil {
log.Fatalf("Failed to create client: %v.", err)
} else {
ingClient = kubeClient.Extensions().Ingress(api.NamespaceAll)
secretsClient = kubeClient.Secrets(api.NamespaceAll)
}
tmpl := template.New("nginx.tmpl").Funcs(template.FuncMap{"hasprefix": hasPrefix, "hassuffix": hasSuffix})
if _, err := tmpl.ParseFiles("./nginx.tmpl"); err != nil {
log.Fatalf("Failed to parse template %v", err)
}
rateLimiter := util.NewTokenBucketRateLimiter(0.1, 1)
known := &extensions.IngressList{}
known_secrets := &api.SecretList{}
// Controller loop
shellOut("nginx")
for {
rateLimiter.Accept()
ingresses, err := ingClient.List(api.ListOptions{})
if err != nil {
log.Printf("Error retrieving ingresses: %v", err)
continue
}
secrets, err := secretsClient.List(api.ListOptions{})
if err != nil {
log.Printf("Error retrieving secrets: %v", err)
continue
}
if reflect.DeepEqual(ingresses.Items, known.Items) && reflect.DeepEqual(secrets.Items, known_secrets.Items) {
continue
}
// Process SSL context
// old values
known = ingresses
known_secrets = secrets
// context variable
context := &Context{Ingress: ingresses, Secrets: secrets}
if w, err := os.Create("/etc/nginx/nginx.conf"); err != nil {
log.Fatalf("Failed to open %v: %v", err)
} else if err := tmpl.Execute(w, context); err != nil {
log.Fatalf("Failed to write template %v", err)
}
shellOut("nginx -s reload")
}
}
func getDetailsFromRegistrySecret(secretGetter client.SecretsInterface, secret string) (map[string]string, error) {
regSecret, err := secretGetter.Get(secret)
if err != nil {
return nil, err
}
regDetails := make(map[string]string)
for key, value := range regSecret.Data {
regDetails[key] = string(value)
}
return regDetails, nil
}
// waitForToken uses `cmd.Until` to wait for the service account controller to fulfill the token request
func waitForToken(token *api.Secret, serviceAccount *api.ServiceAccount, timeout time.Duration, client unversioned.SecretsInterface) (*api.Secret, error) {
// there is no provided rounding function, so we use Round(x) === Floor(x + 0.5)
timeoutSeconds := int64(math.Floor(timeout.Seconds() + 0.5))
options := api.ListOptions{
FieldSelector: fields.SelectorFromSet(fields.Set(map[string]string{"metadata.name": token.Name})),
Watch: true,
ResourceVersion: token.ResourceVersion,
TimeoutSeconds: &timeoutSeconds,
}
watcher, err := client.Watch(options)
if err != nil {
return nil, fmt.Errorf("could not begin watch for token: %v", err)
}
event, err := cmd.Until(timeout, watcher, func(event watch.Event) (bool, error) {
if event.Type == watch.Error {
return false, fmt.Errorf("encountered error while watching for token: %v", event.Object)
}
eventToken, ok := event.Object.(*api.Secret)
if !ok {
return false, nil
}
if eventToken.Name != token.Name {
return false, nil
}
switch event.Type {
case watch.Modified:
if serviceaccounts.IsValidServiceAccountToken(serviceAccount, eventToken) {
return true, nil
}
case watch.Deleted:
return false, errors.New("token was deleted before fulfillment by service account token controller")
case watch.Added:
return false, errors.New("unxepected action: token was added after initial creation")
}
return false, nil
})
if err != nil {
return nil, err
}
return event.Object.(*api.Secret), nil
}
func createAppEnvConfigSecret(secretsClient client.SecretsInterface, secretName string, env map[string]interface{}) error {
newSecret := new(api.Secret)
newSecret.Name = secretName
newSecret.Type = api.SecretTypeOpaque
newSecret.Data = make(map[string][]byte)
for k, v := range env {
newSecret.Data[k] = []byte(fmt.Sprintf("%v", v))
}
if _, err := secretsClient.Create(newSecret); err != nil {
if apierrors.IsAlreadyExists(err) {
if _, err = secretsClient.Update(newSecret); err != nil {
return err
}
return nil
}
return err
}
return nil
}
func installationStarted(c kclient.PodInterface, name string, s kclient.SecretsInterface) wait.ConditionFunc {
return func() (bool, error) {
pod, err := c.Get(name)
if err != nil {
return false, err
}
if pod.Status.Phase == kapi.PodPending {
return false, nil
}
// delete a secret named the same as the pod if it exists
if secret, err := s.Get(name); err == nil {
if secret.Annotations[newcmd.GeneratedForJob] == "true" &&
secret.Annotations[newcmd.GeneratedForJobFor] == pod.Annotations[newcmd.GeneratedForJobFor] {
if err := s.Delete(name); err != nil {
glog.V(4).Infof("Failed to delete install secret %s: %v", name, err)
}
}
}
return true, nil
}
}