Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Writing Kubenetes tools in Go
Search
Daisuke Fujita
June 20, 2016
Programming
1
3.4k
Writing Kubenetes tools in Go
Kubernetes Meetup Tokyo #2
http://k8sjp.connpass.com/event/33508/
の発表資料です
Daisuke Fujita
June 20, 2016
Tweet
Share
More Decks by Daisuke Fujita
See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
dtan4
0
140
Our Practices of Delegating Ownership in Microservices World
dtan4
4
8.8k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
dtan4
3
4.4k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
dtan4
1
1.7k
Wantedly から Chef を一掃した話 / #chibadan
dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
dtan4
6
7k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
dtan4
19
3.9k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
dtan4
1
8.1k
最近の wercker 便利って話 #tqrk10
dtan4
2
900
Other Decks in Programming
See All in Programming
英語
s_shimotori
1
220
Android開発者のための Kotlin Multiplatform入門
ntaro
0
190
12年前の『型システム入門』翻訳の思い出話
mame
11
1.2k
APIのない大学ログインWebサービスをWKWebViewとJavaScriptでアプリ化した話
akidon0000
1
330
Introduction of Happy Eyeballs Version 2 (RFC8305) to the Socket library
coe401_
1
220
【Go言語】golangci-lintの使い方
tomo1227
0
280
CSC307 Lecture 13
javiergs
PRO
0
150
CSC307 Lecture 09
javiergs
PRO
1
500
Webエディタライブラリ 「CodeMirror」から学ぶ Webアプリ開発のテクニック
ryosukeigarashi
0
250
Exploring the Gradually Lost Technical Skills in the Cloud Native Era
hwchiu
2
3.9k
実用的かつリーズナブルな 「Azure × Gemini × LINE」~キャラクターBot 実装ライブデモ~
tomodo_ysys
1
170
CSC307 Lecture 12
javiergs
PRO
0
220
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
166
14k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
245
1.2M
For a Future-Friendly Web
brad_frost
173
9.2k
A better future with KSS
kneath
231
17k
Adopting Sorbet at Scale
ufuk
71
8.8k
Writing Fast Ruby
sferik
623
60k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
248
20k
Stop Working from a Prison Cell
hatefulcrawdad
266
20k
Bootstrapping a Software Product
garrettdimon
PRO
304
110k
Ruby is Unlike a Banana
tanoku
96
10k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
24
1.8k
Design by the Numbers
sachag
277
18k
Transcript
Writing Kubernetes tools in Go ,VCFSOFUFT.FFUVQ5PLZP %BJTVLF'VKJUB!EUBO
Daisuke Fujita @dtan4
$ k8sec CLI tool to manage Kubernetes Secrets easily
k8sec • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ • Interface like Heroku CLI
(heroku config) • Written in Go dtan4/k8sec $ k8sec <command> \ [--kubeconfig KUBECONFIG] \ [--namespace NAMESPACE] \ ARGS
Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷڥมʹ͍͍ͨ • kubectl ͰΔͱ໘ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
k8sec $ k8sec list rails NAME TYPE KEY VALUE rails
Opaque database-url "postgres://example.com:5432/dbname" # Show values as base64-encoded string $ k8sec list --base64 rails NAME TYPE KEY VALUE rails Opaque database-url cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ== Ұཡදࣔ list dtan4/k8sec
k8sec # Set secret $ k8sec set rails rails-env=production rails
# Pass base64-encoded value $ echo dtan4 | base64 ZHRhbjQK $ k8sec set --base64 rails foo=ZHRhbjQK rails $ k8sec list rails NAME TYPE KEY VALUE rails Opaque database-url "postgres://example.com:5432/dbname" rails Opaque foo "dtan4\n" # Unset secret $ k8sec unset rails rails-env ઃఆɺղআ set,unset dtan4/k8sec
k8sec # Save as .env $ k8sec save -f .env
rails $ cat .env database-url="postgres://example.com:5432/dbname" # Load .env $ k8sec load -f .env rails LFZWBMVFFOW load,save dtan4/k8sec
Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷڥมʹ͍͍ͨ • kubectl ͰΔͱ໘ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
kubectl • ສೳʂ • API ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͍ʹ͍͘෦ • ඇӡ༻ଆ (e.g. Rails
developer) ͕৮Δʹ ֶशίετ͕ߴ͍…ʁ => ࣗͨͪͷཁٻʹదͨ͠ wrapper Λ࡞Ζ͏
kubectl wrapper • ଞݴޠ͔Β kubectl ίϚϯυΛୟ͘ͷ εϚʔτ͡Όͳ͍ • kubectl ͬͯཁ͢Δʹ
Kubernetes API ΫϥΠΞϯτͰ͢ΑͶ • API Λୟ͘Α͏ʹ͢Ε͍͍ͷͰ…ʁ
Kubernetes API Client Library https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md
k8s.io/kubernetes/pkg/client Official Kubernetes API client library
API ΫϥΠΞϯτ࡞ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile loader :=
clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err := loader.ClientConfig() if err != nil { return nil, err } kubeClient, err := client.New(clientConfig) if err != nil { return nil, err } import ( "k8s.io/kubernetes/pkg/api" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" )
API ΫϥΠΞϯτ࡞ loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile • loadingRules.ExplicitPath ʹ ίϯϑΟάϑΝΠϧͷύεΛࢦఆ •
RecommendedHomeFile == ~/.kube/config https://github.com/kubernetes/kubernetes/blob/master/pkg/client/unversioned/clientcmd/loader.go
API ݺͼग़͠ pods, err := kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{}) • ·ͣ Pods, Secret
ͷΑ͏ʹϦιʔεࢦఆ w Ҿ/BNFTQBDF • api.NamespaceDefault == "default" • api.NamespaceSystem == "system" w ϦιʔεʹνΣΠϯͯ͠ૢ࡞Λࢦఆ • Get(name), List kubeClient.<resource>.<operation> https://github.com/kubernetes/kubernetes/blob/4a78db61370df83a37957490749f7d171b00c28a/pkg/api/types.go#L154-L161
Pod ҰཡΛग़ྗ for _, pod := range pods.Items { fmt.Println(pod.Name)
} hello-world-e2d3x wordpress-mysql-488205646-t6v4k
ҙ • k8s.io/kubernetes Kubernetes ຊମͷϦϙδτϦ ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)
• github.com/docker/docker ґଘͯ͠Δ • Godeps Έ͍ͨʹ vendoring ΛϦϙδτϦʹؚΊΔ ߹ཁҙ • glide ͓͏ • kubectl ͷιʔε (pkg/kubectl) Λಡ͏
·ͱΊ • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ ࡞Γ·ͨ͠ • Go ͷ
API client library ΛͬͯɺKubernetes Λ ૢ࡞͢Δํ๏Λհ͠·ͨ͠ • ܅͚ͩͷ Kubernetes tool Λ࡞Ζ͏