Esempio n. 1
0
def ensure_secret(api: client.CoreV1Api, secret, name, namespace):
    if len(
            api.list_namespaced_secret(
                namespace=namespace,
                field_selector=f'metadata.name={name}').items) == 0:
        logger.info(f'creating secret: {name}')
        api.create_namespaced_secret(namespace=namespace, body=secret)
    else:
        logger.info(f'secret exists: {name}')
Esempio n. 2
0
def create_secret(v1: CoreV1Api, namespace, body) -> str:
    """
    Create a secret based on a dict.

    :param v1: CoreV1Api
    :param namespace: namespace
    :param body: a dict
    :return: str
    """
    print("Create a secret:")
    v1.create_namespaced_secret(namespace, body)
    print(f"Secret created: {body['metadata']['name']}")
    return body['metadata']['name']
Esempio n. 3
0
def create_secret(v1: CoreV1Api, namespace, body) -> str:
    """
    Create a secret based on a dict.

    :param v1: CoreV1Api
    :param namespace: namespace
    :param body: a dict
    :return: str
    """
    print("Create a secret:")
    v1.create_namespaced_secret(namespace, body)
    print(f"Secret created: {body['metadata']['name']}")
    return body['metadata']['name']
Esempio n. 4
0
def upsert(client: CoreV1Api, log: BoundLogger, namespace: V1Namespace, secret: V1Secret) -> V1Secret:
    existing_secret = get(client, log, namespace, secret.metadata.name)
    return common_k8s.upsert_resource(
        existing_secret, secret, log, 'secret',
        lambda: client.create_namespaced_secret(
            body=secret, namespace=namespace.metadata.name),
        lambda: client.patch_namespaced_secret(
            existing_secret.metadata.name, namespace.metadata.name, secret))
Esempio n. 5
0
def create_secret(v1: CoreV1Api,
                  name: str,
                  data: Dict[str, str],
                  typ: str = 'from-literal'):
    if name in list_secret_names(v1):
        logger.info(f"Secret {name} already exists. Skipping.")
        return

    logger.info(f"Creating {name}...")
    metadata = V1ObjectMeta(name=name, namespace='default')
    secret = V1Secret(api_version='v1',
                      kind='Secret',
                      metadata=metadata,
                      type=typ,
                      data=data)
    return v1.create_namespaced_secret(namespace='default', body=secret)
Esempio n. 6
0
def create_node_key(private_key_name, node_type,
                    kubernetes_api: client.CoreV1Api):
    subkey_output = subprocess.run(["subkey", "generate-node-key"],
                                   capture_output=True,
                                   text=True)
    secret = {
        "apiVersion": "v1",
        "kind": "Secret",
        "metadata": {
            "name": private_key_name
        },
        "stringData": {
            "node_key_file": subkey_output.stdout.rstrip(),
            "public_key": subkey_output.stderr.rstrip()
        }
    }
    secret_data = kubernetes_api.create_namespaced_secret("default", secret)
    return secret_data
Esempio n. 7
0
def _create_token_for_sa(
    core_api: CoreV1Api,
    service_account: V1ServiceAccount,
) -> str:
    service_account_name = service_account.metadata.name
    service_account_namespace = service_account.metadata.namespace
    token = core_api.create_namespaced_secret(
        namespace=service_account_namespace,
        body=V1Secret(
            api_version='v1',
            kind='Secret',
            metadata=V1ObjectMeta(
                generate_name=f'{service_account_name}-token-',
                annotations={
                    'kubernetes.io/service-account.name': service_account_name
                },
            ),
            type='kubernetes.io/service-account-token',
        ),
    )
    # not all required values are set on the returned object yet. Return only name so that we can
    # fetch it later (name will be generated by the kube-apiserver)
    return token.metadata.name