本文整理汇总了Golang中k8s/io/kubernetes/pkg/client/restclient.LoadTLSFiles函数的典型用法代码示例。如果您正苦于以下问题:Golang LoadTLSFiles函数的具体用法?Golang LoadTLSFiles怎么用?Golang LoadTLSFiles使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了LoadTLSFiles函数的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: getClientConfig
// Get kube client configuration from a file containing credentials for
// connecting to the master.
func getClientConfig(path string) (*restclient.Config, error) {
if 0 == len(path) {
return nil, fmt.Errorf("You must specify a .kubeconfig file path containing credentials for connecting to the master with --credentials")
}
rules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: path, Precedence: []string{}}
credentials, err := rules.Load()
if err != nil {
return nil, fmt.Errorf("Could not load credentials from %q: %v", path, err)
}
config, err := kclientcmd.NewDefaultClientConfig(*credentials, &kclientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return nil, fmt.Errorf("Credentials %q error: %v", path, err)
}
if err = restclient.LoadTLSFiles(config); err != nil {
return nil, fmt.Errorf("Unable to load certificate info using credentials from %q: %v", path, err)
}
return config, nil
}
示例2: RunCmdRegistry
// RunCmdRegistry contains all the necessary functionality for the OpenShift cli registry command
func (opts *RegistryOptions) RunCmdRegistry() error {
name := "docker-registry"
var clusterIP string
output := opts.Config.Action.ShouldPrint()
generate := output
if !generate {
service, err := opts.serviceClient.Services(opts.namespace).Get(name)
if err != nil {
if !errors.IsNotFound(err) && !generate {
return fmt.Errorf("can't check for existing docker-registry %q: %v", name, err)
}
if !output && opts.Config.Action.DryRun {
return fmt.Errorf("Docker registry %q service does not exist", name)
}
generate = true
} else {
clusterIP = service.Spec.ClusterIP
}
}
if !generate {
fmt.Fprintf(opts.out, "Docker registry %q service exists\n", name)
return nil
}
// create new registry
secretEnv := app.Environment{}
switch {
case len(opts.Config.ServiceAccount) == 0 && len(opts.Config.Credentials) == 0:
return fmt.Errorf("registry could not be created; a service account or the path to a .kubeconfig file must be provided")
case len(opts.Config.Credentials) > 0:
clientConfigLoadingRules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: opts.Config.Credentials}
credentials, err := clientConfigLoadingRules.Load()
if err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not be loaded: %v", opts.Config.Credentials, err)
}
config, err := kclientcmd.NewDefaultClientConfig(*credentials, &kclientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not be used: %v", opts.Config.Credentials, err)
}
if err := restclient.LoadTLSFiles(config); err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not load certificate info: %v", opts.Config.Credentials, err)
}
insecure := "false"
if config.Insecure {
insecure = "true"
} else {
if len(config.KeyData) == 0 || len(config.CertData) == 0 {
return fmt.Errorf("registry does not exist; the provided credentials %q are missing the client certificate and/or key", opts.Config.Credentials)
}
}
secretEnv = app.Environment{
"OPENSHIFT_MASTER": config.Host,
"OPENSHIFT_CA_DATA": string(config.CAData),
"OPENSHIFT_KEY_DATA": string(config.KeyData),
"OPENSHIFT_CERT_DATA": string(config.CertData),
"OPENSHIFT_INSECURE": insecure,
}
}
needServiceAccountRole := len(opts.Config.ServiceAccount) > 0 && len(opts.Config.Credentials) == 0
var servingCert, servingKey []byte
if len(opts.Config.ServingCertPath) > 0 {
data, err := ioutil.ReadFile(opts.Config.ServingCertPath)
if err != nil {
return fmt.Errorf("registry does not exist; could not load TLS certificate file %q: %v", opts.Config.ServingCertPath, err)
}
servingCert = data
}
if len(opts.Config.ServingKeyPath) > 0 {
data, err := ioutil.ReadFile(opts.Config.ServingKeyPath)
if err != nil {
return fmt.Errorf("registry does not exist; could not load TLS private key file %q: %v", opts.Config.ServingKeyPath, err)
}
servingCert = data
}
env := app.Environment{}
env.Add(secretEnv)
env["REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA"] = fmt.Sprintf("%t", opts.Config.EnforceQuota)
healthzPort := defaultPort
if len(opts.ports) > 0 {
healthzPort = int(opts.ports[0].ContainerPort)
env["REGISTRY_HTTP_ADDR"] = fmt.Sprintf(":%d", healthzPort)
env["REGISTRY_HTTP_NET"] = "tcp"
}
secrets, volumes, mounts, extraEnv, tls, err := generateSecretsConfig(opts.Config, opts.namespace, servingCert, servingKey)
if err != nil {
return err
}
env.Add(extraEnv)
livenessProbe := generateLivenessProbeConfig(healthzPort, tls)
readinessProbe := generateReadinessProbeConfig(healthzPort, tls)
//.........这里部分代码省略.........
示例3: RunCmdRegistry
// RunCmdRegistry contains all the necessary functionality for the OpenShift cli registry command
func RunCmdRegistry(f *clientcmd.Factory, cmd *cobra.Command, out io.Writer, cfg *RegistryConfig, args []string) error {
var name string
switch len(args) {
case 0:
name = "docker-registry"
default:
return kcmdutil.UsageError(cmd, "No arguments are allowed to this command")
}
ports, err := app.ContainerPortsFromString(cfg.Ports)
if err != nil {
return err
}
label := map[string]string{
"docker-registry": "default",
}
if cfg.Labels != defaultLabel {
valid, remove, err := app.LabelsFromSpec(strings.Split(cfg.Labels, ","))
if err != nil {
return err
}
if len(remove) > 0 {
return kcmdutil.UsageError(cmd, "You may not pass negative labels in %q", cfg.Labels)
}
label = valid
}
nodeSelector := map[string]string{}
if len(cfg.Selector) > 0 {
valid, remove, err := app.LabelsFromSpec(strings.Split(cfg.Selector, ","))
if err != nil {
return err
}
if len(remove) > 0 {
return kcmdutil.UsageError(cmd, "You may not pass negative labels in selector %q", cfg.Selector)
}
nodeSelector = valid
}
image := cfg.ImageTemplate.ExpandOrDie(cfg.Type)
namespace, _, err := f.OpenShiftClientConfig.Namespace()
if err != nil {
return fmt.Errorf("error getting client: %v", err)
}
_, kClient, err := f.Clients()
if err != nil {
return fmt.Errorf("error getting client: %v", err)
}
cfg.Action.Bulk.Mapper = clientcmd.ResourceMapper(f)
cfg.Action.Out, cfg.Action.ErrOut = out, cmd.Out()
cfg.Action.Bulk.Op = configcmd.Create
var clusterIP string
output := cfg.Action.ShouldPrint()
generate := output
if !generate {
service, err := kClient.Services(namespace).Get(name)
if err != nil {
if !errors.IsNotFound(err) && !generate {
return fmt.Errorf("can't check for existing docker-registry %q: %v", name, err)
}
if !output && cfg.Action.DryRun {
return fmt.Errorf("Docker registry %q service does not exist", name)
}
generate = true
} else {
clusterIP = service.Spec.ClusterIP
}
}
if !generate {
fmt.Fprintf(out, "Docker registry %q service exists\n", name)
return nil
}
// create new registry
secretEnv := app.Environment{}
switch {
case len(cfg.ServiceAccount) == 0 && len(cfg.Credentials) == 0:
return fmt.Errorf("registry could not be created; a service account or the path to a .kubeconfig file must be provided")
case len(cfg.Credentials) > 0:
clientConfigLoadingRules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: cfg.Credentials}
credentials, err := clientConfigLoadingRules.Load()
if err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not be loaded: %v", cfg.Credentials, err)
}
config, err := kclientcmd.NewDefaultClientConfig(*credentials, &kclientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not be used: %v", cfg.Credentials, err)
}
if err := restclient.LoadTLSFiles(config); err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not load certificate info: %v", cfg.Credentials, err)
}
insecure := "false"
if config.Insecure {
//.........这里部分代码省略.........
示例4: RunCmdRouter
//.........这里部分代码省略.........
if cfg.DryRun && !output {
return fmt.Errorf("router %q does not exist (no service)", name)
}
if len(cfg.ServiceAccount) == 0 {
return fmt.Errorf("you must specify a service account for the router with --service-account")
}
if err := validateServiceAccount(kClient, namespace, cfg.ServiceAccount, cfg.HostNetwork, cfg.HostPorts); err != nil {
err = fmt.Errorf("router could not be created; %v", err)
if !output {
return err
}
fmt.Fprintf(cmd.Out(), "error: %v\n", err)
defaultOutputErr = cmdutil.ErrExit
}
// create new router
secretEnv := app.Environment{}
switch {
case len(cfg.Credentials) == 0 && len(cfg.ServiceAccount) == 0:
return fmt.Errorf("router could not be created; you must specify a service account with --service-account, or a .kubeconfig file path containing credentials for connecting the router to the master with --credentials")
case len(cfg.Credentials) > 0:
clientConfigLoadingRules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: cfg.Credentials, Precedence: []string{}}
credentials, err := clientConfigLoadingRules.Load()
if err != nil {
return fmt.Errorf("router could not be created; the provided credentials %q could not be loaded: %v", cfg.Credentials, err)
}
config, err := kclientcmd.NewDefaultClientConfig(*credentials, &kclientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return fmt.Errorf("router could not be created; the provided credentials %q could not be used: %v", cfg.Credentials, err)
}
if err := restclient.LoadTLSFiles(config); err != nil {
return fmt.Errorf("router could not be created; the provided credentials %q could not load certificate info: %v", cfg.Credentials, err)
}
insecure := "false"
if config.Insecure {
insecure = "true"
}
secretEnv.Add(app.Environment{
"OPENSHIFT_MASTER": config.Host,
"OPENSHIFT_CA_DATA": string(config.CAData),
"OPENSHIFT_KEY_DATA": string(config.KeyData),
"OPENSHIFT_CERT_DATA": string(config.CertData),
"OPENSHIFT_INSECURE": insecure,
})
}
createServiceAccount := len(cfg.ServiceAccount) > 0 && len(cfg.Credentials) == 0
defaultCert, err := fileutil.LoadData(cfg.DefaultCertificate)
if err != nil {
return fmt.Errorf("router could not be created; error reading default certificate file: %v", err)
}
if len(cfg.StatsPassword) == 0 {
cfg.StatsPassword = generateStatsPassword()
if !output {
fmt.Fprintf(cmd.Out(), "info: password for stats user %s has been set to %s\n", cfg.StatsUsername, cfg.StatsPassword)
}
}
env := app.Environment{
"ROUTER_SUBDOMAIN": cfg.Subdomain,
"ROUTER_SERVICE_NAME": name,
"ROUTER_SERVICE_NAMESPACE": namespace,