-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
118 lines (103 loc) · 2.76 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package k8s
import (
"context"
"encoding/json"
"log"
"github.com/csepulveda/secret-sync/config"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
corev1 "k8s.io/client-go/applyconfigurations/core/v1"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
)
func CreateSecret(namespace, secretname, secret string) {
kind := "Secret"
apiVersion := "v1"
config, err := rest.InClusterConfig()
if err != nil {
panic(err.Error())
}
// creates the clientset
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
panic(err.Error())
}
secretData := map[string]string{}
err = json.Unmarshal([]byte(secret), &secretData)
if err != nil {
panic(err.Error())
}
labels := map[string]string{}
labels["created_by"] = "secret-sync"
k8ssecret := &corev1.SecretApplyConfiguration{
TypeMetaApplyConfiguration: v1.TypeMetaApplyConfiguration{
Kind: &kind,
APIVersion: &apiVersion,
},
ObjectMetaApplyConfiguration: &v1.ObjectMetaApplyConfiguration{
Name: &secretname,
Namespace: &namespace,
Labels: labels,
},
StringData: secretData,
}
opts := metav1.ApplyOptions{
Force: true,
FieldManager: "secret-sync",
}
_, err = clientset.CoreV1().Secrets(namespace).Apply(context.TODO(), k8ssecret, opts)
if err != nil {
panic(err.Error())
}
}
func DeleteSecrets(cfg *config.Config) {
config, err := rest.InClusterConfig()
if err != nil {
panic(err.Error())
}
// creates the clientset
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
panic(err.Error())
}
wantedSecrets := Secrets{}
actualSecrets := Secrets{}
for i := range cfg.Secrets {
wantedSecret := Secret{
Name: cfg.Secrets[i].Dest,
Namespace: cfg.Secrets[i].Namespace,
}
wantedSecrets.AddSecret(wantedSecret)
namespace := cfg.Secrets[i].Namespace
opts := metav1.ListOptions{
LabelSelector: "created_by=secret-sync",
}
secretList, err := clientset.CoreV1().Secrets(namespace).List(context.TODO(), opts)
if err != nil {
panic(err.Error())
}
for _, secret := range secretList.Items {
actualSecret := Secret{
Name: secret.Name,
Namespace: secret.Namespace,
}
actualSecrets.AddSecret(actualSecret)
}
}
for _, actual := range actualSecrets.Secrets {
toDelete := true
for _, wanted := range wantedSecrets.Secrets {
if actual == wanted {
toDelete = false
}
}
if toDelete {
err := clientset.CoreV1().Secrets(actual.Namespace).Delete(context.TODO(), actual.Name, metav1.DeleteOptions{})
if err != nil {
log.Printf("error deleting secret %s on namespace %s. error: %v", actual.Name, actual.Namespace, err)
} else {
log.Printf("deleted secret %s on namespace %s. error: %v", actual.Name, actual.Namespace, err)
}
}
}
}