Skip to content

Commit

Permalink
Merge pull request #297 from moelsayed/fix_293
Browse files Browse the repository at this point in the history 
Refactor saving secrets
  • Loading branch information
Alena Prokharchyk authored Feb 1, 2018
2 parents ebb64ec + ebfc5a7 commit 313360b
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 49 deletions.
56 changes: 24 additions & 32 deletions cluster/certificates.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/rancher/rke/log"
"github.com/rancher/rke/pki"
"github.com/sirupsen/logrus"
"golang.org/x/sync/errgroup"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/util/cert"
)
Expand Down Expand Up @@ -106,11 +107,17 @@ func getClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, etcd

func saveClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, crts map[string]pki.CertificatePKI) error {
log.Infof(ctx, "[certificates] Save kubernetes certificates as secrets")
var errgrp errgroup.Group
for crtName, crt := range crts {
err := saveCertToKubernetes(kubeClient, crtName, crt)
if err != nil {
return fmt.Errorf("Failed to save certificate [%s] to kubernetes: %v", crtName, err)
}
name := crtName
certificate := crt
errgrp.Go(func() error {
return saveCertToKubernetes(kubeClient, name, certificate)
})
}
if err := errgrp.Wait(); err != nil {
return err

}
log.Infof(ctx, "[certificates] Successfully saved certificates as kubernetes secret [%s]", pki.CertificatesSecretName)
return nil
Expand All @@ -119,40 +126,25 @@ func saveClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, crt
func saveCertToKubernetes(kubeClient *kubernetes.Clientset, crtName string, crt pki.CertificatePKI) error {
logrus.Debugf("[certificates] Saving certificate [%s] to kubernetes", crtName)
timeout := make(chan bool, 1)

// build secret Data
secretData := map[string][]byte{
"Certificate": cert.EncodeCertPEM(crt.Certificate),
"Key": cert.EncodePrivateKeyPEM(crt.Key),
"EnvName": []byte(crt.EnvName),
"KeyEnvName": []byte(crt.KeyEnvName),
}
if len(crt.Config) > 0 {
secretData["ConfigEnvName"] = []byte(crt.ConfigEnvName)
secretData["Config"] = []byte(crt.Config)
}
go func() {
for {
err := k8s.UpdateSecret(kubeClient, "Certificate", cert.EncodeCertPEM(crt.Certificate), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
err = k8s.UpdateSecret(kubeClient, "Key", cert.EncodePrivateKeyPEM(crt.Key), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
err = k8s.UpdateSecret(kubeClient, "EnvName", []byte(crt.EnvName), crtName)
err := k8s.UpdateSecret(kubeClient, secretData, crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
err = k8s.UpdateSecret(kubeClient, "KeyEnvName", []byte(crt.KeyEnvName), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
if len(crt.Config) > 0 {
err = k8s.UpdateSecret(kubeClient, "ConfigEnvName", []byte(crt.ConfigEnvName), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
err = k8s.UpdateSecret(kubeClient, "Config", []byte(crt.Config), crtName)
if err != nil {
time.Sleep(time.Second * 5)
continue
}
}
timeout <- true
break
}
Expand Down
19 changes: 2 additions & 17 deletions k8s/secret.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,34 +11,19 @@ func GetSecret(k8sClient *kubernetes.Clientset, secretName string) (*v1.Secret,
return k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Get(secretName, metav1.GetOptions{})
}

func UpdateSecret(k8sClient *kubernetes.Clientset, fieldName string, secretData []byte, secretName string) error {
func UpdateSecret(k8sClient *kubernetes.Clientset, secretDataMap map[string][]byte, secretName string) error {
secret := &v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: metav1.NamespaceSystem,
},
Data: map[string][]byte{
fieldName: secretData,
},
Data: secretDataMap,
}
if _, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Create(secret); err != nil {
if !apierrors.IsAlreadyExists(err) {
return err
}
// update secret if its already exist
oldSecret, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Get(secretName, metav1.GetOptions{})
if err != nil {
return err
}
newData := oldSecret.Data
newData[fieldName] = secretData
secret := &v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: metav1.NamespaceSystem,
},
Data: newData,
}
if _, err := k8sClient.CoreV1().Secrets(metav1.NamespaceSystem).Update(secret); err != nil {
return err
}
Expand Down

0 comments on commit 313360b

Please sign in to comment.