-
-
Notifications
You must be signed in to change notification settings - Fork 291
/
secret_reflector.rs
71 lines (63 loc) · 2.07 KB
/
secret_reflector.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
use futures::TryStreamExt;
use k8s_openapi::api::core::v1::Secret;
use kube::{
api::{Api, ResourceExt},
runtime::{reflector, reflector::Store, watcher, WatchStreamExt},
Client,
};
use std::collections::BTreeMap;
use tracing::*;
/// Example way to read secrets
#[derive(Debug)]
#[allow(dead_code)] // we only gather data in this ex, we don't print the secrets
enum Decoded {
/// Usually secrets are just short utf8 encoded strings
Utf8(String),
/// But it's allowed to just base64 encode binary in the values
Bytes(Vec<u8>),
}
fn decode(secret: &Secret) -> BTreeMap<String, Decoded> {
let mut res = BTreeMap::new();
// Ignoring binary data for now
if let Some(data) = secret.data.clone() {
for (k, v) in data {
if let Ok(b) = std::str::from_utf8(&v.0) {
res.insert(k, Decoded::Utf8(b.to_string()));
} else {
res.insert(k, Decoded::Bytes(v.0));
}
}
}
res
}
fn spawn_periodic_reader(reader: Store<Secret>) {
tokio::spawn(async move {
loop {
// Periodically read our state
let cms: Vec<_> = reader
.state()
.iter()
.map(|s| format!("{}: {:?}", s.name_any(), decode(s).keys()))
.collect();
info!("Current secrets: {:?}", cms);
tokio::time::sleep(std::time::Duration::from_secs(15)).await;
}
});
}
#[tokio::main]
async fn main() -> anyhow::Result<()> {
tracing_subscriber::fmt::init();
let client = Client::try_default().await?;
let secrets: Api<Secret> = Api::default_namespaced(client);
let wc = watcher::Config::default().timeout(10); // short watch timeout in this example
let (reader, writer) = reflector::store::<Secret>();
let rf = reflector(writer, watcher(secrets, wc));
spawn_periodic_reader(reader); // read from a reader in the background
rf.applied_objects()
.try_for_each(|s| async move {
info!("saw: {}", s.name_any());
Ok(())
})
.await?;
Ok(())
}