-
Notifications
You must be signed in to change notification settings - Fork 19
/
do-control.go
74 lines (65 loc) · 1.95 KB
/
do-control.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package do
import (
"context"
"fmt"
"io/ioutil"
"os"
"path/filepath"
buildkit "github.com/moby/buildkit/client"
"github.com/pkg/errors"
"github.com/rancher/kim/pkg/client"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type ControlFunc func(context.Context, *buildkit.Client) error
func Control(ctx context.Context, k8s *client.Interface, fn ControlFunc) error {
addr, err := GetServiceAddress(ctx, k8s, "buildkit")
if err != nil {
return err
}
tmp, err := ioutil.TempDir("", "kim-tls-*")
if err != nil {
return errors.Wrap(err, "failed to create temp directory")
}
defer os.RemoveAll(tmp)
tmpCA := filepath.Join(tmp, "ca.pem")
tmpCert := filepath.Join(tmp, "cert.pem")
tmpKey := filepath.Join(tmp, "key.pem")
options := []buildkit.ClientOpt{
buildkit.WithCredentials(
fmt.Sprintf("builder.%s.svc", k8s.Namespace),
tmpCA, tmpCert, tmpKey,
),
}
// ca
secret, err := k8s.Core.Secret().Get(k8s.Namespace, "kim-tls-ca", metav1.GetOptions{})
if err != nil {
return errors.Wrap(err, "failed to get ca cert")
}
if pem, ok := secret.Data[corev1.TLSCertKey]; ok {
if err = ioutil.WriteFile(tmpCA, pem, 0600); err != nil {
return errors.Wrap(err, "failed to write temporary ca certificate")
}
}
// client
secret, err = k8s.Core.Secret().Get(k8s.Namespace, "kim-tls-client", metav1.GetOptions{})
if err != nil {
return errors.Wrap(err, "failed to get client cert+key")
}
if pem, ok := secret.Data[corev1.TLSCertKey]; ok {
if err = ioutil.WriteFile(tmpCert, pem, 0600); err != nil {
return errors.Wrap(err, "failed to write temporary client certificate")
}
}
if pem, ok := secret.Data[corev1.TLSPrivateKeyKey]; ok {
if err = ioutil.WriteFile(tmpKey, pem, 0600); err != nil {
return errors.Wrap(err, "failed to write temporary client key")
}
}
bkc, err := buildkit.New(ctx, fmt.Sprintf("tcp://%s", addr), options...)
if err != nil {
return err
}
defer bkc.Close()
return fn(ctx, bkc)
}