本文整理匯總了Golang中k8s/io/kubernetes/pkg/client/unversioned.Client.Secrets方法的典型用法代碼示例。如果您正苦於以下問題:Golang Client.Secrets方法的具體用法?Golang Client.Secrets怎麽用?Golang Client.Secrets使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類k8s/io/kubernetes/pkg/client/unversioned.Client的用法示例。
在下文中一共展示了Client.Secrets方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: createSecret
func createSecret(c *k8sclient.Client, f *cmdutil.Factory, flags *flag.FlagSet, secretDataIdentifiers string, secretType string, keysNames []string) (Result, error) {
var secret = secret(secretDataIdentifiers, secretType, keysNames, flags)
ns, _, err := f.DefaultNamespace()
if err != nil {
return Failure, err
}
rs, err := c.Secrets(ns).Create(&secret)
if rs != nil {
return Success, err
}
return Failure, err
}示例2: getServiceAccountPullSecret
func getServiceAccountPullSecret(client *kclient.Client, ns, name string) (string, error) {
secrets, err := client.Secrets(ns).List(labels.Everything(), fields.Everything())
if err != nil {
return "", err
}
for _, secret := range secrets.Items {
if secret.Type == api.SecretTypeDockercfg && secret.Annotations[api.ServiceAccountNameKey] == name {
return string(secret.Data[api.DockerConfigKey]), nil
}
}
return "", nil
}示例3: getReferencedServiceAccountToken
func getReferencedServiceAccountToken(c *client.Client, ns string, name string, shouldWait bool) (string, string, error) {
tokenName := ""
token := ""
findToken := func() (bool, error) {
user, err := c.ServiceAccounts(ns).Get(name)
if errors.IsNotFound(err) {
return false, nil
}
if err != nil {
return false, err
}
for _, ref := range user.Secrets {
secret, err := c.Secrets(ns).Get(ref.Name)
if errors.IsNotFound(err) {
continue
}
if err != nil {
return false, err
}
if secret.Type != api.SecretTypeServiceAccountToken {
continue
}
name := secret.Annotations[api.ServiceAccountNameKey]
uid := secret.Annotations[api.ServiceAccountUIDKey]
tokenData := secret.Data[api.ServiceAccountTokenKey]
if name == user.Name && uid == string(user.UID) && len(tokenData) > 0 {
tokenName = secret.Name
token = string(tokenData)
return true, nil
}
}
return false, nil
}
if shouldWait {
err := wait.Poll(time.Second, 10*time.Second, findToken)
if err != nil {
return "", "", err
}
} else {
ok, err := findToken()
if err != nil {
return "", "", err
}
if !ok {
return "", "", fmt.Errorf("No token found for %s/%s", ns, name)
}
}
return tokenName, token, nil
}示例4: deleteSecrets
func deleteSecrets(c *k8sclient.Client, ns string, selector labels.Selector) error {
secrets, err := c.Secrets(ns).List(api.ListOptions{LabelSelector: selector})
if err != nil {
return err
}
for _, s := range secrets.Items {
err := c.Secrets(ns).Delete(s.Name)
if err != nil {
return errors.Wrap(err, fmt.Sprintf("failed to delete Secret %s", s.Name))
}
}
return nil
}示例5: generatePrivateKeySecrets
func generatePrivateKeySecrets(c *client.Client, ns string, hostEntries []*HostEntry, rc *api.ReplicationController, podSpec *api.PodSpec, container *api.Container) error {
secrets := map[string]string{}
rcName := rc.ObjectMeta.Name
for _, hostEntry := range hostEntries {
privateKey := hostEntry.PrivateKey
if len(privateKey) != 0 {
volumeMount := secrets[privateKey]
if len(volumeMount) == 0 {
buffer, err := ioutil.ReadFile(privateKey)
if err != nil {
return err
}
hostName := hostEntry.Name
secretName := rcName + "-" + hostName
keyName := "sshkey"
secret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Name: secretName,
Labels: rc.ObjectMeta.Labels,
},
Data: map[string][]byte{
keyName: buffer,
},
}
// lets create or update the secret
secretClient := c.Secrets(ns)
current, err := secretClient.Get(secretName)
if err != nil || current == nil {
_, err = secretClient.Create(secret)
} else {
_, err = secretClient.Update(secret)
}
if err != nil {
return err
}
volumeMount = "/secrets/" + hostName
secrets[privateKey] = volumeMount
hostEntry.PrivateKey = volumeMount + "/" + keyName
// lets add the volume mapping to the container
secretVolumeName := "secret-" + hostName
k8s.EnsurePodSpecHasSecretVolume(podSpec, secretVolumeName, secretName)
k8s.EnsureContainerHasVolumeMount(container, secretVolumeName, volumeMount)
}
}
}
return nil
}示例6: getSecret
func getSecret(kubeClient *client.Client, name string, ns string) (*api.Secret, error) {
secretClient := kubeClient.Secrets(ns)
secret, err := secretClient.Get(name)
if err != nil {
statusErr, ok := err.(*errors.StatusError)
// If the issue is just that no such secret was found, that's ok.
if ok && statusErr.Status().Code == 404 {
// We'll just return nil instead of a found *api.Secret
return nil, nil
}
return nil, err
}
return secret, nil
}示例7: GetClientForServiceAccount
func GetClientForServiceAccount(adminClient *kclient.Client, clientConfig kclient.Config, namespace, name string) (*client.Client, *kclient.Client, *kclient.Config, error) {
_, err := adminClient.Namespaces().Create(&kapi.Namespace{ObjectMeta: kapi.ObjectMeta{Name: namespace}})
if err != nil && !kerrs.IsAlreadyExists(err) {
return nil, nil, nil, err
}
sa, err := adminClient.ServiceAccounts(namespace).Create(&kapi.ServiceAccount{ObjectMeta: kapi.ObjectMeta{Name: name}})
if kerrs.IsAlreadyExists(err) {
sa, err = adminClient.ServiceAccounts(namespace).Get(name)
}
if err != nil {
return nil, nil, nil, err
}
token := ""
err = wait.Poll(time.Second, 30*time.Second, func() (bool, error) {
selector := fields.OneTermEqualSelector(kclient.SecretType, string(kapi.SecretTypeServiceAccountToken))
secrets, err := adminClient.Secrets(namespace).List(kapi.ListOptions{FieldSelector: selector})
if err != nil {
return false, err
}
for _, secret := range secrets.Items {
if serviceaccounts.IsValidServiceAccountToken(sa, &secret) {
token = string(secret.Data[kapi.ServiceAccountTokenKey])
return true, nil
}
}
return false, nil
})
if err != nil {
return nil, nil, nil, err
}
saClientConfig := clientcmd.AnonymousClientConfig(clientConfig)
saClientConfig.BearerToken = token
kubeClient, err := kclient.New(&saClientConfig)
if err != nil {
return nil, nil, nil, err
}
osClient, err := client.New(&saClientConfig)
if err != nil {
return nil, nil, nil, err
}
return osClient, kubeClient, &saClientConfig, nil
}示例8: checkKibanaSecret
//checkKibanaSecret confirms the secret used by kibana matches that configured in the oauth client
func checkKibanaSecret(r types.DiagnosticResult, osClient *client.Client, kClient *kclient.Client, project string, oauthclient *oauthapi.OAuthClient) {
r.Debug("AGL0100", "Checking oauthclient secrets...")
secret, err := kClient.Secrets(project).Get(kibanaProxySecretName)
if err != nil {
r.Error("AGL0105", err, fmt.Sprintf("Error retrieving the secret '%s': %s", kibanaProxySecretName, err))
return
}
decoded, err := decodeSecret(secret, oauthSecretKeyName)
if err != nil {
r.Error("AGL0110", err, fmt.Sprintf("Unable to decode Kibana Secret: %s", err))
return
}
if decoded != oauthclient.Secret {
r.Debug("AGL0120", fmt.Sprintf("OauthClient Secret: '%s'", oauthclient.Secret))
r.Debug("AGL0125", fmt.Sprintf("Decoded Kibana Secret: '%s'", decoded))
message := fmt.Sprintf("The %s OauthClient.Secret does not match the decoded oauth secret in '%s'", kibanaProxyOauthClientName, kibanaProxySecretName)
r.Error("AGL0130", errors.New(message), message)
}
}示例9: GetSecretDetail
// GetSecretDetail returns returns detailed information about a secret
func GetSecretDetail(client *client.Client, namespace, name string) (*SecretDetail, error) {
log.Printf("Getting details of %s secret in %s namespace", name, namespace)
rawSecret, err := client.Secrets(namespace).Get(name)
if err != nil {
return nil, err
}
return getSecretDetail(rawSecret), nil
}示例10: GetSecretList
// GetSecretList - return all secrets in the given namespace.
func GetSecretList(client *client.Client, namespace *common.NamespaceQuery,
dsQuery *dataselect.DataSelectQuery) (*SecretList, error) {
secretList, err := client.Secrets(namespace.ToRequestParam()).List(api.ListOptions{
LabelSelector: labels.Everything(),
FieldSelector: fields.Everything(),
})
if err != nil {
return nil, err
}
return NewSecretList(secretList.Items, dsQuery), err
}示例11: createSecret
// createSecret creates a secret containing TLS certificates for the given Ingress.
// If a secret with the same name already exists in the namespace of the
// Ingress, it's updated.
func createSecret(kubeClient *client.Client, ing *extensions.Ingress) (host string, rootCA, privKey []byte, err error) {
var k, c bytes.Buffer
tls := ing.Spec.TLS[0]
host = strings.Join(tls.Hosts, ",")
framework.Logf("Generating RSA cert for host %v", host)
if err = generateRSACerts(host, true, &k, &c); err != nil {
return
}
cert := c.Bytes()
key := k.Bytes()
secret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Name: tls.SecretName,
},
Data: map[string][]byte{
api.TLSCertKey: cert,
api.TLSPrivateKeyKey: key,
},
}
var s *api.Secret
if s, err = kubeClient.Secrets(ing.Namespace).Get(tls.SecretName); err == nil {
// TODO: Retry the update. We don't really expect anything to conflict though.
framework.Logf("Updating secret %v in ns %v with hosts %v for ingress %v", secret.Name, secret.Namespace, host, ing.Name)
s.Data = secret.Data
_, err = kubeClient.Secrets(ing.Namespace).Update(s)
} else {
framework.Logf("Creating secret %v in ns %v with hosts %v for ingress %v", secret.Name, secret.Namespace, host, ing.Name)
_, err = kubeClient.Secrets(ing.Namespace).Create(secret)
}
return host, cert, key, err
}示例12: CreateSecret
// CreateSecret - create a single secret using the cluster API client
func CreateSecret(client *client.Client, spec SecretSpec) (*Secret, error) {
namespace := spec.GetNamespace()
secret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Name: spec.GetName(),
Namespace: namespace,
},
Type: spec.GetType(),
Data: spec.GetData(),
}
_, err := client.Secrets(namespace).Create(secret)
return &Secret{Name: secret.ObjectMeta.Name}, err
}示例13: getServiceAccountToken
func getServiceAccountToken(client *kclient.Client, ns, name string) (string, error) {
secrets, err := client.Secrets(ns).List(labels.Everything(), fields.Everything())
if err != nil {
return "", err
}
for _, secret := range secrets.Items {
if secret.Type == api.SecretTypeServiceAccountToken && secret.Annotations[api.ServiceAccountNameKey] == name {
sa, err := client.ServiceAccounts(ns).Get(name)
if err != nil {
return "", err
}
for _, ref := range sa.Secrets {
if ref.Name == secret.Name {
return string(secret.Data[api.ServiceAccountTokenKey]), nil
}
}
}
}
return "", nil
}示例14: createSecret
// createSecret creates a secret containing TLS certificates for the given Ingress.
func createSecret(kubeClient *client.Client, ing *extensions.Ingress) (host string, rootCA, privKey []byte, err error) {
var k, c bytes.Buffer
tls := ing.Spec.TLS[0]
host = strings.Join(tls.Hosts, ",")
Logf("Generating RSA cert for host %v", host)
if err = generateRSACerts(host, true, &k, &c); err != nil {
return
}
cert := c.Bytes()
key := k.Bytes()
secret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Name: tls.SecretName,
},
Data: map[string][]byte{
api.TLSCertKey: cert,
api.TLSPrivateKeyKey: key,
},
}
Logf("Creating secret %v in ns %v with hosts %v for ingress %v", secret.Name, secret.Namespace, host, ing.Name)
_, err = kubeClient.Secrets(ing.Namespace).Create(secret)
return host, cert, key, err
}示例15: GetSecrets
// GetSecrets - return all secrets in the given namespace.
func GetSecrets(client *client.Client, namespace string) (*SecretsList,
error) {
secretsList := &SecretsList{}
secrets, err := client.Secrets(namespace).List(api.ListOptions{
LabelSelector: labels.Everything(),
FieldSelector: fields.Everything(),
})
if err != nil {
return nil, err
}
for _, secret := range secrets.Items {
secretsList.Secrets = append(secretsList.Secrets, secret.ObjectMeta.Name)
}
return secretsList, err
}