Create SecretManager interface
This commit is contained in:
Wojciech Tyczynski
parent
6e268e6f83
commit
85ee9e570b
@ -29,6 +29,7 @@ go_library(
|
||||
"reason_cache.go",
|
||||
"runonce.go",
|
||||
"runtime.go",
|
||||
"secret_manager.go",
|
||||
"util.go",
|
||||
"volume_host.go",
|
||||
],
|
||||
|
||||
@ -409,6 +409,12 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
|
||||
}
|
||||
containerRefManager := kubecontainer.NewRefManager()
|
||||
|
||||
// TODO: Create and use a more sophisticated secret mamanger.
|
||||
secretManager, err := newSimpleSecretManager(kubeClient)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to initialize secret manager: %v", err)
|
||||
}
|
||||
|
||||
oomWatcher := NewOOMWatcher(kubeDeps.CAdvisorInterface, kubeDeps.Recorder)
|
||||
|
||||
klet := &Kubelet{
|
||||
@ -434,6 +440,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
|
||||
recorder: kubeDeps.Recorder,
|
||||
cadvisor: kubeDeps.CAdvisorInterface,
|
||||
diskSpaceManager: diskSpaceManager,
|
||||
secretManager: secretManager,
|
||||
cloud: kubeDeps.Cloud,
|
||||
autoDetectCloudProvider: (componentconfigv1alpha1.AutoDetectCloudProvider == kubeCfg.CloudProvider),
|
||||
nodeRef: nodeRef,
|
||||
@ -913,6 +920,9 @@ type Kubelet struct {
|
||||
// Diskspace manager.
|
||||
diskSpaceManager diskSpaceManager
|
||||
|
||||
// Secret manager.
|
||||
secretManager secretManager
|
||||
|
||||
// Cached MachineInfo returned by cadvisor.
|
||||
machineInfo *cadvisorapi.MachineInfo
|
||||
|
||||
|
||||
@ -524,7 +524,7 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
|
||||
if kl.kubeClient == nil {
|
||||
return result, fmt.Errorf("Couldn't get secret %v/%v, no kubeClient defined", pod.Namespace, name)
|
||||
}
|
||||
secret, err = kl.kubeClient.Core().Secrets(pod.Namespace).Get(name, metav1.GetOptions{})
|
||||
secret, err = kl.secretManager.GetSecret(pod.Namespace, name)
|
||||
if err != nil {
|
||||
return result, err
|
||||
}
|
||||
@ -638,14 +638,11 @@ func (kl *Kubelet) makePodDataDirs(pod *v1.Pod) error {
|
||||
|
||||
// getPullSecretsForPod inspects the Pod and retrieves the referenced pull
|
||||
// secrets.
|
||||
// TODO: duplicate secrets are being retrieved multiple times and there
|
||||
// is no cache. Creating and using a secret manager interface will make this
|
||||
// easier to address.
|
||||
func (kl *Kubelet) getPullSecretsForPod(pod *v1.Pod) ([]v1.Secret, error) {
|
||||
pullSecrets := []v1.Secret{}
|
||||
|
||||
for _, secretRef := range pod.Spec.ImagePullSecrets {
|
||||
secret, err := kl.kubeClient.Core().Secrets(pod.Namespace).Get(secretRef.Name, metav1.GetOptions{})
|
||||
secret, err := kl.secretManager.GetSecret(pod.Namespace, secretRef.Name)
|
||||
if err != nil {
|
||||
glog.Warningf("Unable to retrieve pull secret %s/%s for %s/%s due to %v. The image pull may not succeed.", pod.Namespace, secretRef.Name, pod.Namespace, pod.Name, err)
|
||||
continue
|
||||
|
||||
41
pkg/kubelet/secret_manager.go
Normal file
41
pkg/kubelet/secret_manager.go
Normal file
@ -0,0 +1,41 @@
|
||||
/*
|
||||
Copyright 2016 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package kubelet
|
||||
|
||||
import (
|
||||
"k8s.io/kubernetes/pkg/api"
|
||||
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
|
||||
)
|
||||
|
||||
type secretManager interface {
|
||||
// Get secret by secret namespace and name.
|
||||
GetSecret(namespace, name string) (*api.Secret, error)
|
||||
}
|
||||
|
||||
// simpleSecretManager implements SecretManager interfaces with
|
||||
// simple operations to apiserver.
|
||||
type simpleSecretManager struct {
|
||||
kubeClient clientset.Interface
|
||||
}
|
||||
|
||||
func newSimpleSecretManager(kubeClient clientset.Interface) (secretManager, error) {
|
||||
return &simpleSecretManager{kubeClient: kubeClient}, nil
|
||||
}
|
||||
|
||||
func (s *simpleSecretManager) GetSecret(namespace, name string) (*api.Secret, error) {
|
||||
return s.kubeClient.Core().Secrets(namespace).Get(name)
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user