mirror of
https://github.com/ysoftdevs/imagepullsecret-injector.git
synced 2026-03-24 18:12:04 +01:00
Move k8s client setup to the constructor
This commit is contained in:
Martin Šalata
@@ -60,9 +60,9 @@ func main() {
|
|||||||
|
|
||||||
glog.Infof("Running with config: %+v", parameters)
|
glog.Infof("Running with config: %+v", parameters)
|
||||||
|
|
||||||
whsvr := &WebhookServer{
|
whsvr, err := NewWebhookServer(
|
||||||
config: ¶meters,
|
¶meters,
|
||||||
server: &http.Server{
|
&http.Server{
|
||||||
Addr: fmt.Sprintf(":%v", parameters.port),
|
Addr: fmt.Sprintf(":%v", parameters.port),
|
||||||
// This is quite inefficient as it loads file contents on every TLS ClientHello, but ¯\_(ツ)_/¯
|
// This is quite inefficient as it loads file contents on every TLS ClientHello, but ¯\_(ツ)_/¯
|
||||||
TLSConfig: &tls.Config{GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
TLSConfig: &tls.Config{GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
@@ -71,6 +71,9 @@ func main() {
|
|||||||
return &cert, err
|
return &cert, err
|
||||||
}},
|
}},
|
||||||
},
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
glog.Exitf("Could not create the Webhook server: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// define http server and server handler
|
// define http server and server handler
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ var (
|
|||||||
type WebhookServer struct {
|
type WebhookServer struct {
|
||||||
server *http.Server
|
server *http.Server
|
||||||
config *WhSvrParameters
|
config *WhSvrParameters
|
||||||
|
client *kubernetes.Clientset
|
||||||
}
|
}
|
||||||
|
|
||||||
// Webhook Server parameters
|
// Webhook Server parameters
|
||||||
@@ -57,6 +58,26 @@ var (
|
|||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func NewWebhookServer(parameters *WhSvrParameters, server *http.Server) (*WebhookServer, error) {
|
||||||
|
config, err := rest.InClusterConfig()
|
||||||
|
if err != nil {
|
||||||
|
glog.Errorf("Could not create k8s client: %v", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
clientset, err := kubernetes.NewForConfig(config)
|
||||||
|
if err != nil {
|
||||||
|
glog.Errorf("Could not create k8s clientset: %v", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &WebhookServer{
|
||||||
|
config: parameters,
|
||||||
|
server: server,
|
||||||
|
client: clientset,
|
||||||
|
}, nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
func DefaultParametersObject() WhSvrParameters {
|
func DefaultParametersObject() WhSvrParameters {
|
||||||
return WhSvrParameters{
|
return WhSvrParameters{
|
||||||
port: 8443,
|
port: 8443,
|
||||||
@@ -126,22 +147,12 @@ func getCurrentNamespace() string {
|
|||||||
|
|
||||||
func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
|
func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
|
||||||
glog.Infof("Ensuring existing secrets")
|
glog.Infof("Ensuring existing secrets")
|
||||||
namespace := ar.Request.Namespace
|
targetNamespace := ar.Request.Namespace
|
||||||
|
|
||||||
config, err := rest.InClusterConfig()
|
|
||||||
if err != nil {
|
|
||||||
glog.Errorf("Could not create k8s client: %v", err)
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
clientset, err := kubernetes.NewForConfig(config)
|
|
||||||
if err != nil {
|
|
||||||
glog.Errorf("Could not create k8s clientset: %v", err)
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
currentNamespace := getCurrentNamespace()
|
currentNamespace := getCurrentNamespace()
|
||||||
|
|
||||||
glog.Infof("Looking for the source secret")
|
glog.Infof("Looking for the source secret")
|
||||||
sourceSecret, err := clientset.CoreV1().Secrets(whsvr.config.sourceImagePullSecretNamespace).Get(whsvr.config.sourceImagePullSecretName, metav1.GetOptions{})
|
sourceSecret, err := whsvr.client.CoreV1().Secrets(whsvr.config.sourceImagePullSecretNamespace).Get(whsvr.config.sourceImagePullSecretName, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Errorf("Could not fetch source secret %s in namespace %s: %v", whsvr.config.sourceImagePullSecretName, currentNamespace, err)
|
glog.Errorf("Could not fetch source secret %s in namespace %s: %v", whsvr.config.sourceImagePullSecretName, currentNamespace, err)
|
||||||
return err
|
return err
|
||||||
@@ -149,23 +160,23 @@ func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
|
|||||||
glog.Infof("Source secret found")
|
glog.Infof("Source secret found")
|
||||||
|
|
||||||
glog.Infof("Looking for the existing target secret")
|
glog.Infof("Looking for the existing target secret")
|
||||||
secret, err := clientset.CoreV1().Secrets(namespace).Get(whsvr.config.targetImagePullSecretName, metav1.GetOptions{})
|
secret, err := whsvr.client.CoreV1().Secrets(targetNamespace).Get(whsvr.config.targetImagePullSecretName, metav1.GetOptions{})
|
||||||
if err != nil && !errors.IsNotFound(err) {
|
if err != nil && !errors.IsNotFound(err) {
|
||||||
glog.Errorf("Could not fetch secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
|
glog.Errorf("Could not fetch secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil && errors.IsNotFound(err) {
|
if err != nil && errors.IsNotFound(err) {
|
||||||
glog.Infof("Target secret not found, creating a new one")
|
glog.Infof("Target secret not found, creating a new one")
|
||||||
if _, createErr := clientset.CoreV1().Secrets(namespace).Create(&corev1.Secret{
|
if _, createErr := whsvr.client.CoreV1().Secrets(targetNamespace).Create(&corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: whsvr.config.targetImagePullSecretName,
|
Name: whsvr.config.targetImagePullSecretName,
|
||||||
Namespace: namespace,
|
Namespace: targetNamespace,
|
||||||
},
|
},
|
||||||
Data: sourceSecret.Data,
|
Data: sourceSecret.Data,
|
||||||
Type: sourceSecret.Type,
|
Type: sourceSecret.Type,
|
||||||
}); createErr != nil {
|
}); createErr != nil {
|
||||||
glog.Errorf("Could not create secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
|
glog.Errorf("Could not create secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
glog.Infof("Target secret created successfully")
|
glog.Infof("Target secret created successfully")
|
||||||
@@ -174,8 +185,8 @@ func (whsvr *WebhookServer) ensureSecrets(ar *v1beta1.AdmissionReview) error {
|
|||||||
|
|
||||||
glog.Infof("Target secret found, updating")
|
glog.Infof("Target secret found, updating")
|
||||||
secret.Data = sourceSecret.Data
|
secret.Data = sourceSecret.Data
|
||||||
if _, err := clientset.CoreV1().Secrets(namespace).Update(secret); err != nil {
|
if _, err := whsvr.client.CoreV1().Secrets(targetNamespace).Update(secret); err != nil {
|
||||||
glog.Errorf("Could not update secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, namespace, err)
|
glog.Errorf("Could not update secret %s in namespace %s: %v", whsvr.config.targetImagePullSecretName, targetNamespace, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
glog.Infof("Target secret updated successfully")
|
glog.Infof("Target secret updated successfully")
|
||||||
|
|||||||
Reference in New Issue
Block a user