Add secret handling
This commit is contained in:
parent
ad7f7acdca
commit
02606b9e3d
|
|
@ -1,10 +1,11 @@
|
|||
import asyncio
|
||||
import base64
|
||||
import yaml
|
||||
from base64 import b64decode
|
||||
from kubernetes_asyncio.client.api_client import ApiClient
|
||||
from kubernetes_asyncio import client, config
|
||||
from os import path
|
||||
from time import time
|
||||
from urllib.parse import urlparse
|
||||
|
||||
LABEL_MANAGED_BY = "camera-operator"
|
||||
with open("camera-service.yml") as stream:
|
||||
|
|
@ -33,17 +34,29 @@ async def main():
|
|||
continue
|
||||
for item in resp["items"]:
|
||||
target = item["spec"]["target"]
|
||||
secret_ref = item["spec"].get("secretRef")
|
||||
replicas = item["spec"].get("replicas")
|
||||
|
||||
print("Applying", target)
|
||||
# Pull in secrets for the target URL
|
||||
secret_ref = item["spec"].get("secretRef")
|
||||
if secret_ref:
|
||||
secret = await v1.read_namespaced_secret(secret_ref, i.metadata.name)
|
||||
username = b64decode(secret.data.get("username", b"")).decode("ascii")
|
||||
password = b64decode(secret.data.get("password", b"")).decode("ascii")
|
||||
o = urlparse(target)
|
||||
netloc = o.netloc
|
||||
if "@" in netloc:
|
||||
_, netloc = o.netloc.split("@", 1)
|
||||
target = o._replace(netloc="%s:%s@%s" % (username, password, netloc)).geturl()
|
||||
|
||||
name = "camera-%s" % item["metadata"]["name"]
|
||||
print("Applying", name)
|
||||
|
||||
# Generate Deployment
|
||||
body = yaml.safe_load(DEPLOYMENT_BODY.replace("foobar", name))
|
||||
body["metadata"]["labels"] ["app.kubernetes.io/managed-by"] = LABEL_MANAGED_BY
|
||||
body["metadata"]["labels"] ["modified"] = now
|
||||
body["spec"]["template"]["spec"]["containers"][0]["args"] = [target]
|
||||
|
||||
if replicas:
|
||||
body["spec"]["replicas"] = replicas
|
||||
try:
|
||||
|
|
|
|||
Loading…
Reference in New Issue