Add secret handling

camera-operator.py

@@ -1,10 +1,11 @@
 import asyncio
-import base64
 import yaml
+from base64 import b64decode
 from kubernetes_asyncio.client.api_client import ApiClient
 from kubernetes_asyncio import client, config
 from os import path
 from time import time
+from urllib.parse import urlparse
 
 LABEL_MANAGED_BY = "camera-operator"
 with open("camera-service.yml") as stream:
@@ -33,17 +34,29 @@ async def main():
             continue
         for item in resp["items"]:
             target = item["spec"]["target"]
-            secret_ref = item["spec"].get("secretRef")
             replicas = item["spec"].get("replicas")
 
-            print("Applying", target)
+            # Pull in secrets for the target URL
+            secret_ref = item["spec"].get("secretRef")
+            if secret_ref:
+                secret = await v1.read_namespaced_secret(secret_ref, i.metadata.name)
+                username = b64decode(secret.data.get("username", b"")).decode("ascii")
+                password = b64decode(secret.data.get("password", b"")).decode("ascii")
+                o = urlparse(target)
+                netloc = o.netloc
+                if "@" in netloc:
+                    _, netloc = o.netloc.split("@", 1)
+                target = o._replace(netloc="%s:%s@%s" % (username, password, netloc)).geturl()
+
             name = "camera-%s" % item["metadata"]["name"]
+            print("Applying", name)
 
             # Generate Deployment
             body = yaml.safe_load(DEPLOYMENT_BODY.replace("foobar", name))
             body["metadata"]["labels"] ["app.kubernetes.io/managed-by"] = LABEL_MANAGED_BY
             body["metadata"]["labels"] ["modified"] = now
             body["spec"]["template"]["spec"]["containers"][0]["args"] = [target]
+
             if replicas:
                 body["spec"]["replicas"] = replicas
             try: