-
Notifications
You must be signed in to change notification settings - Fork 168
/
Copy pathk8s_utils.go
86 lines (73 loc) · 2.33 KB
/
k8s_utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package k8s
import (
"context"
"fmt"
"strings"
"github.com/containers/image/v5/docker/reference"
log "github.com/sirupsen/logrus"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
credprovsecrets "k8s.io/kubernetes/pkg/credentialprovider/secrets"
)
const MaxK8sJobName = 63
func CreateClientset(kubeconfigPath string) (kubernetes.Interface, error) {
// Create Kubernetes go-client clientset
var config *rest.Config
var err error
if kubeconfigPath != "" {
config, err = clientcmd.BuildConfigFromFlags("", kubeconfigPath)
} else {
config, err = rest.InClusterConfig()
}
if err != nil {
return nil, fmt.Errorf("failed to build config: %v", err)
}
// Create a rest client not targeting specific API version
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, fmt.Errorf("failed to create a rest client: %v", err)
}
return clientset, nil
}
func GetPodImagePullSecrets(clientset kubernetes.Interface, pod corev1.Pod) []*corev1.Secret {
var secrets []*corev1.Secret
for _, secretName := range pod.Spec.ImagePullSecrets {
secret, err := clientset.CoreV1().Secrets(pod.Namespace).Get(context.TODO(), secretName.Name, metav1.GetOptions{})
if err != nil {
log.Warnf("Failed to get secret %s in namespace %s. %+v", secretName.Name, pod.Namespace, err)
continue
}
secrets = append(secrets, secret)
}
return secrets
}
func GetMatchingSecretName(secrets []*corev1.Secret, imageName string) string {
for _, secret := range secrets {
slice := []corev1.Secret{*secret}
dockerKeyring, err := credprovsecrets.MakeDockerKeyring(slice, nil)
if err != nil || dockerKeyring == nil {
return ""
}
namedImageRef, err := reference.ParseNormalizedNamed(imageName)
if err != nil {
return ""
}
_, credentialsExist := dockerKeyring.Lookup(namedImageRef.Name())
if credentialsExist {
return secret.Name
}
}
return ""
}
// example: for "docker-pullable://gcr.io/development-infra-208909/kubei@sha256:6d5d0e4065777eec8237cefac4821702a31cd5b6255483ac50c334c057ffecfa"
// returns 6d5d0e4065777eec8237cefac4821702a31cd5b6255483ac50c334c057ffecfa
func ParseImageHash(imageID string) string {
index := strings.LastIndex(imageID, ":")
if index == -1 {
return ""
}
return imageID[index+1:]
}