def ensure_secret(api: client.CoreV1Api, secret, name, namespace): if len( api.list_namespaced_secret( namespace=namespace, field_selector=f'metadata.name={name}').items) == 0: logger.info(f'creating secret: {name}') api.create_namespaced_secret(namespace=namespace, body=secret) else: logger.info(f'secret exists: {name}')
def create_secret(v1: CoreV1Api, namespace, body) -> str: """ Create a secret based on a dict. :param v1: CoreV1Api :param namespace: namespace :param body: a dict :return: str """ print("Create a secret:") v1.create_namespaced_secret(namespace, body) print(f"Secret created: {body['metadata']['name']}") return body['metadata']['name']
def create_secret(v1: CoreV1Api, namespace, body) -> str: """ Create a secret based on a dict. :param v1: CoreV1Api :param namespace: namespace :param body: a dict :return: str """ print("Create a secret:") v1.create_namespaced_secret(namespace, body) print(f"Secret created: {body['metadata']['name']}") return body['metadata']['name']
def upsert(client: CoreV1Api, log: BoundLogger, namespace: V1Namespace, secret: V1Secret) -> V1Secret: existing_secret = get(client, log, namespace, secret.metadata.name) return common_k8s.upsert_resource( existing_secret, secret, log, 'secret', lambda: client.create_namespaced_secret( body=secret, namespace=namespace.metadata.name), lambda: client.patch_namespaced_secret( existing_secret.metadata.name, namespace.metadata.name, secret))
def create_secret(v1: CoreV1Api, name: str, data: Dict[str, str], typ: str = 'from-literal'): if name in list_secret_names(v1): logger.info(f"Secret {name} already exists. Skipping.") return logger.info(f"Creating {name}...") metadata = V1ObjectMeta(name=name, namespace='default') secret = V1Secret(api_version='v1', kind='Secret', metadata=metadata, type=typ, data=data) return v1.create_namespaced_secret(namespace='default', body=secret)
def create_node_key(private_key_name, node_type, kubernetes_api: client.CoreV1Api): subkey_output = subprocess.run(["subkey", "generate-node-key"], capture_output=True, text=True) secret = { "apiVersion": "v1", "kind": "Secret", "metadata": { "name": private_key_name }, "stringData": { "node_key_file": subkey_output.stdout.rstrip(), "public_key": subkey_output.stderr.rstrip() } } secret_data = kubernetes_api.create_namespaced_secret("default", secret) return secret_data
def _create_token_for_sa( core_api: CoreV1Api, service_account: V1ServiceAccount, ) -> str: service_account_name = service_account.metadata.name service_account_namespace = service_account.metadata.namespace token = core_api.create_namespaced_secret( namespace=service_account_namespace, body=V1Secret( api_version='v1', kind='Secret', metadata=V1ObjectMeta( generate_name=f'{service_account_name}-token-', annotations={ 'kubernetes.io/service-account.name': service_account_name }, ), type='kubernetes.io/service-account-token', ), ) # not all required values are set on the returned object yet. Return only name so that we can # fetch it later (name will be generated by the kube-apiserver) return token.metadata.name