Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Writing Kubenetes tools in Go

Writing Kubenetes tools in Go

Kubernetes Meetup Tokyo #2 http://k8sjp.connpass.com/event/33508/ の発表資料です

Daisuke Fujita

June 20, 2016
Tweet

More Decks by Daisuke Fujita

Other Decks in Programming

Transcript

  1. Writing Kubernetes tools
    in Go

    ,VCFSOFUFT.FFUVQ5PLZP
    %BJTVLF'VKJUB!EUBO

    View full-size slide

  2. Daisuke Fujita
    @dtan4

    View full-size slide

  3. $ k8sec
    CLI tool to manage Kubernetes Secrets easily

    View full-size slide

  4. k8sec
    • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ

    • Interface like Heroku CLI (heroku config)

    • Written in Go
    dtan4/k8sec
    $ k8sec \
    [--kubeconfig KUBECONFIG] \
    [--namespace NAMESPACE] \
    ARGS

    View full-size slide

  5. Why k8sec?
    • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ

    • kubectl Ͱ΍Δͱ໘౗ͩͬͨ

    • kubectl ͩͱҰൃͰ list, update Ͱ͖ͳ͍

    • Ұ౓ YAML ʹు͍ͯ replace
    http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables
    $ kubectl create secret generic my-secret \
    --from-literal=key1=supersecret \
    --from-literal=key2=topsecret
    $ kubectl get secret registrykey -o json \
    | jq -r '.data[".dockercfg"]' | base64 -D

    View full-size slide

  6. k8sec
    $ k8sec list rails
    NAME TYPE KEY VALUE
    rails Opaque database-url "postgres://example.com:5432/dbname"
    # Show values as base64-encoded string
    $ k8sec list --base64 rails
    NAME TYPE KEY VALUE
    rails Opaque database-url cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ==
    Ұཡදࣔ list

    dtan4/k8sec

    View full-size slide

  7. k8sec
    # Set secret
    $ k8sec set rails rails-env=production
    rails
    # Pass base64-encoded value
    $ echo dtan4 | base64
    ZHRhbjQK
    $ k8sec set --base64 rails foo=ZHRhbjQK
    rails
    $ k8sec list rails
    NAME TYPE KEY VALUE
    rails Opaque database-url "postgres://example.com:5432/dbname"
    rails Opaque foo "dtan4\n"
    # Unset secret
    $ k8sec unset rails rails-env
    ઃఆɺղআ set,unset

    dtan4/k8sec

    View full-size slide

  8. k8sec
    # Save as .env
    $ k8sec save -f .env rails
    $ cat .env
    database-url="postgres://example.com:5432/dbname"
    # Load .env
    $ k8sec load -f .env rails
    LFZWBMVFFOW load,save

    dtan4/k8sec

    View full-size slide

  9. Why k8sec?
    • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ

    • kubectl Ͱ΍Δͱ໘౗ͩͬͨ

    • kubectl ͩͱҰൃͰ list, update Ͱ͖ͳ͍

    • Ұ౓ YAML ʹు͍ͯ replace
    http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables
    $ kubectl create secret generic my-secret \
    --from-literal=key1=supersecret \
    --from-literal=key2=topsecret
    $ kubectl get secret registrykey -o json \
    | jq -r '.data[".dockercfg"]' | base64 -D

    View full-size slide

  10. kubectl
    • ສೳʂ

    • API ΂ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͸࢖͍ʹ͍͘෦෼΋

    • ඇӡ༻ଆ (e.g. Rails developer) ͕৮Δʹ͸

    ֶशίετ͕ߴ͍…ʁ

    => ࣗ෼ͨͪͷཁٻʹదͨ͠ wrapper Λ࡞Ζ͏

    View full-size slide

  11. kubectl wrapper
    • ଞݴޠ͔Β kubectl ίϚϯυΛ௚઀ୟ͘ͷ͸

    εϚʔτ͡Όͳ͍

    • kubectl ͬͯཁ͢Δʹ 

    Kubernetes API ΫϥΠΞϯτͰ͢ΑͶ

    • ௚઀ API Λୟ͘Α͏ʹ͢Ε͹͍͍ͷͰ͸…ʁ

    View full-size slide

  12. Kubernetes API Client
    Library
    https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md

    View full-size slide

  13. k8s.io/kubernetes/pkg/client
    Official Kubernetes API client library

    View full-size slide

  14. API ΫϥΠΞϯτ࡞੒
    loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
    loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile
    loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules,
    &clientcmd.ConfigOverrides{})
    clientConfig, err := loader.ClientConfig()
    if err != nil {
    return nil, err
    }
    kubeClient, err := client.New(clientConfig)
    if err != nil {
    return nil, err
    }
    import (
    "k8s.io/kubernetes/pkg/api"
    client "k8s.io/kubernetes/pkg/client/unversioned"
    "k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
    )

    View full-size slide

  15. API ΫϥΠΞϯτ࡞੒
    loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile
    • loadingRules.ExplicitPath ʹ

    ίϯϑΟάϑΝΠϧͷύεΛࢦఆ

    • RecommendedHomeFile == ~/.kube/config
    https://github.com/kubernetes/kubernetes/blob/master/pkg/client/unversioned/clientcmd/loader.go

    View full-size slide

  16. API ݺͼग़͠
    pods, err :=
    kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{})
    • ·ͣ Pods, Secret ͷΑ͏ʹϦιʔεࢦఆ
    w Ҿ਺͸/BNFTQBDF
    • api.NamespaceDefault == "default"
    • api.NamespaceSystem == "system"
    w ϦιʔεʹνΣΠϯͯ͠ૢ࡞Λࢦఆ
    • Get(name), List
    kubeClient..
    https://github.com/kubernetes/kubernetes/blob/4a78db61370df83a37957490749f7d171b00c28a/pkg/api/types.go#L154-L161

    View full-size slide

  17. Pod ҰཡΛग़ྗ
    for _, pod := range pods.Items {
    fmt.Println(pod.Name)
    }
    hello-world-e2d3x
    wordpress-mysql-488205646-t6v4k

    View full-size slide

  18. ஫ҙ
    • k8s.io/kubernetes ͸ Kubernetes ຊମͷϦϙδτϦ
    ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)

    • github.com/docker/docker ΋ґଘͯ͠Δ

    • Godeps Έ͍ͨʹ vendoring ΛϦϙδτϦʹؚΊΔ

    ৔߹͸ཁ஫ҙ

    • glide ࢖͓͏

    • kubectl ͷιʔε (pkg/kubectl) Λಡ΋͏

    View full-size slide

  19. ·ͱΊ
    • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ

    ࡞Γ·ͨ͠

    • Go ͷ API client library Λ࢖ͬͯɺKubernetes Λ

    ௚઀ૢ࡞͢Δํ๏Λ঺հ͠·ͨ͠

    • ܅͚ͩͷ Kubernetes tool Λ࡞Ζ͏

    View full-size slide