rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-21 00:03:49 +00:00
Code Issues Releases Wiki Activity

Refactor saving secrets

Browse Source
This commit is contained in:
moelsayed 2018-02-01 16:27:28 +02:00
parent cd83583815
commit ebfc5a7c10
2 changed files with 26 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
cluster/certificates.go
View File

@ -11,6 +11,7 @@ import (
"github.com/rancher/rke/log" "github.com/rancher/rke/log"
"github.com/rancher/rke/pki" "github.com/rancher/rke/pki"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sync/errgroup"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
"k8s.io/client-go/util/cert" "k8s.io/client-go/util/cert"
) )
@ -106,11 +107,17 @@ func getClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, etcd
func saveClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, crts map[string]pki.CertificatePKI) error { func saveClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, crts map[string]pki.CertificatePKI) error {
log.Infof(ctx, "[certificates] Save kubernetes certificates as secrets") log.Infof(ctx, "[certificates] Save kubernetes certificates as secrets")
var errgrp errgroup.Group
for crtName, crt := range crts { for crtName, crt := range crts {
err := saveCertToKubernetes(kubeClient, crtName, crt) name := crtName
if err != nil { certificate := crt
return fmt.Errorf("Failed to save certificate [%s] to kubernetes: %v", crtName, err) errgrp.Go(func() error {
} return saveCertToKubernetes(kubeClient, name, certificate)
})
}
if err := errgrp.Wait(); err != nil {
return err
} }
log.Infof(ctx, "[certificates] Successfully saved certificates as kubernetes secret [%s]", pki.CertificatesSecretName) log.Infof(ctx, "[certificates] Successfully saved certificates as kubernetes secret [%s]", pki.CertificatesSecretName)
return nil return nil
@ -119,40 +126,25 @@ func saveClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, crt
func saveCertToKubernetes(kubeClient *kubernetes.Clientset, crtName string, crt pki.CertificatePKI) error { func saveCertToKubernetes(kubeClient *kubernetes.Clientset, crtName string, crt pki.CertificatePKI) error {
logrus.Debugf("[certificates] Saving certificate [%s] to kubernetes", crtName) logrus.Debugf("[certificates] Saving certificate [%s] to kubernetes", crtName)
timeout := make(chan bool, 1) timeout := make(chan bool, 1)
// build secret Data
secretData := map[string][]byte{
"Certificate": cert.EncodeCertPEM(crt.Certificate),
"Key": cert.EncodePrivateKeyPEM(crt.Key),
"EnvName": []byte(crt.EnvName),
"KeyEnvName": []byte(crt.KeyEnvName),
}
if len(crt.Config) > 0 {
secretData["ConfigEnvName"] = []byte(crt.ConfigEnvName)
secretData["Config"] = []byte(crt.Config)
}
go func() { go func() {
for { for {
err := k8s.UpdateSecret(kubeClient, "Certificate", cert.EncodeCertPEM(crt.Certificate), crtName) err := k8s.UpdateSecret(kubeClient, secretData, crtName)
if err != nil { if err != nil {
time.Sleep(time.Second * 5) time.Sleep(time.Second * 5)
continue continue
} }
err = k8s.UpdateSecret(kubeClient, "Key", cert.EncodePrivateKeyPEM(crt.Key), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
err = k8s.UpdateSecret(kubeClient, "EnvName", []byte(crt.EnvName), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
err = k8s.UpdateSecret(kubeClient, "KeyEnvName", []byte(crt.KeyEnvName), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
if len(crt.Config) > 0 {
err = k8s.UpdateSecret(kubeClient, "ConfigEnvName", []byte(crt.ConfigEnvName), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
err = k8s.UpdateSecret(kubeClient, "Config", []byte(crt.Config), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
}
timeout <- true timeout <- true
break break
} }

19
k8s/secret.go
View File

@ -11,34 +11,19 @@ func GetSecret(k8sClient *kubernetes.Clientset, secretName string) (*v1.Secret,
return k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Get(secretName, metav1.GetOptions{}) return k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Get(secretName, metav1.GetOptions{})
} }
func UpdateSecret(k8sClient *kubernetes.Clientset, fieldName string, secretData []byte, secretName string) error { func UpdateSecret(k8sClient *kubernetes.Clientset, secretDataMap map[string][]byte, secretName string) error {
secret := &v1.Secret{ secret := &v1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: secretName, Name: secretName,
Namespace: metav1.NamespaceSystem, Namespace: metav1.NamespaceSystem,
}, },
Data: map[string][]byte{ Data: secretDataMap,
fieldName: secretData,
},
} }
if _, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Create(secret); err != nil { if _, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Create(secret); err != nil {
if !apierrors.IsAlreadyExists(err) { if !apierrors.IsAlreadyExists(err) {
return err return err
} }
// update secret if its already exist // update secret if its already exist
oldSecret, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Get(secretName, metav1.GetOptions{})
if err != nil {
return err
}
newData := oldSecret.Data
newData[fieldName] = secretData
secret := &v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: metav1.NamespaceSystem,
},
Data: newData,
}
if _, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Update(secret); err != nil { if _, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Update(secret); err != nil {
return err return err
} }