def create_secret_in_namespace_if_not_exist(self, payload, namespace):
if self.in_cluster:
config.load_incluster_config()
else:
config.load_kube_config(config_file="~/.kube/config")
try:
api_instance = client.CoreV1Api()
api_instance.read_namespaced_secret(payload['metadata']['name'],
namespace)
except ApiException as e:
if e.status == 404:
try:
api_instance = client.CoreV1Api()
meta_data = client.V1ObjectMeta()
meta_data.name = payload['metadata']['name']
body = client.V1Secret(metadata=meta_data,
data=payload['data'])
api_instance.create_namespaced_secret(namespace, body)
except ApiException as create_e:
logger.error(
"Exception when calling CoreV1Api->create_namespaced_secret: %s\n"
% create_e)
sys.exit(1)
else:
logger.error(
"Exception when calling CoreV1Api->read_namespaced_secret: %s\n"
% e)
sys.exit(1)
def _create_container_registry_secret(self):
"""
Create the container registry secret in the cluster
(only if credentials are present in config)
"""
if not all(key in self.knative_config
for key in ["docker_user", "docker_password"]):
return
logger.debug('Creating container registry secret')
docker_server = self.knative_config.get('docker_server',
'https://index.docker.io/v1/')
docker_user = self.knative_config.get('docker_user')
docker_password = self.knative_config.get('docker_password')
cred_payload = {
"auths": {
docker_server: {
"Username": docker_user,
"Password": docker_password
}
}
}
data = {
".dockerconfigjson":
base64.b64encode(json.dumps(cred_payload).encode()).decode()
}
secret = client.V1Secret(
api_version="v1",
data=data,
kind="Secret",
metadata=dict(name="lithops-regcred", namespace=self.namespace),
type="kubernetes.io/dockerconfigjson",
)
try:
self.coreV1Api.delete_namespaced_secret("lithops-regcred",
self.namespace)
except ApiException as e:
pass
try:
self.coreV1Api.create_namespaced_secret(self.namespace, secret)
except ApiException as e:
if e.status != 409:
raise e
def replace_secret_in_namespace(self, payload, namespace):
if self.in_cluster:
config.load_incluster_config()
else:
config.load_kube_config(config_file="~/.kube/config")
try:
api_instance = client.CoreV1Api()
meta_data = client.V1ObjectMeta()
meta_data.name = payload['metadata']['name']
body = client.V1Secret(metadata=meta_data, data=payload['data'])
# don't use patch, which can't handle empty string: https://github.com/kubernetes/kubernetes/issues/37216
api_instance.replace_namespaced_secret(payload['metadata']['name'],
namespace, body)
except ApiException as e:
logger.error(
"Exception when calling CoreV1Api->patch_namespaced_secret: %s\n"
% e)
sys.exit(1)
