Writing Kubenetes tools in Go

Writing Kubernetes tools in Go ,VCFSOFUFT.FFUVQ5PLZP %BJTVLF'VKJUB!EUBO

Daisuke Fujita @dtan4

$ k8sec CLI tool to manage Kubernetes Secrets easily

k8sec • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ • Interface like Heroku CLI
(heroku config) • Written in Go dtan4/k8sec $ k8sec <command> \ [--kubeconfig KUBECONFIG] \ [--namespace NAMESPACE] \ ARGS

Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ౓ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D

k8sec $ k8sec list rails NAME TYPE KEY VALUE rails
Opaque database-url "postgres://example.com:5432/dbname" # Show values as base64-encoded string $ k8sec list --base64 rails NAME TYPE KEY VALUE rails Opaque database-url cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ== Ұཡදࣔ list dtan4/k8sec

k8sec # Set secret $ k8sec set rails rails-env=production rails
# Pass base64-encoded value $ echo dtan4 | base64 ZHRhbjQK $ k8sec set --base64 rails foo=ZHRhbjQK rails $ k8sec list rails NAME TYPE KEY VALUE rails Opaque database-url "postgres://example.com:5432/dbname" rails Opaque foo "dtan4\n" # Unset secret $ k8sec unset rails rails-env ઃఆɺղআ set,unset dtan4/k8sec

k8sec # Save as .env $ k8sec save -f .env
rails $ cat .env database-url="postgres://example.com:5432/dbname" # Load .env $ k8sec load -f .env rails LFZWBMVFFOW load,save dtan4/k8sec

Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ౓ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D

kubectl • ສೳʂ • API ΂ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͸࢖͍ʹ͍͘෦෼΋ • ඇӡ༻ଆ (e.g. Rails
developer) ͕৮Δʹ͸  ֶशίετ͕ߴ͍…ʁ => ࣗ෼ͨͪͷཁٻʹదͨ͠ wrapper Λ࡞Ζ͏

kubectl wrapper • ଞݴޠ͔Β kubectl ίϚϯυΛ௚઀ୟ͘ͷ͸  εϚʔτ͡Όͳ͍ • kubectl ͬͯཁ͢Δʹ
  Kubernetes API ΫϥΠΞϯτͰ͢ΑͶ • ௚઀ API Λୟ͘Α͏ʹ͢Ε͹͍͍ͷͰ͸…ʁ

Kubernetes API Client Library https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md

k8s.io/kubernetes/pkg/client Oﬃcial Kubernetes API client library

API ΫϥΠΞϯτ࡞੒ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile loader :=
clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err := loader.ClientConfig() if err != nil { return nil, err } kubeClient, err := client.New(clientConfig) if err != nil { return nil, err } import ( "k8s.io/kubernetes/pkg/api" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" )

API ΫϥΠΞϯτ࡞੒ loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile • loadingRules.ExplicitPath ʹ  ίϯϑΟάϑΝΠϧͷύεΛࢦఆ •
RecommendedHomeFile == ~/.kube/config https://github.com/kubernetes/kubernetes/blob/master/pkg/client/unversioned/clientcmd/loader.go

API ݺͼग़͠ pods, err := kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{}) • ·ͣ Pods, Secret
ͷΑ͏ʹϦιʔεࢦఆ w Ҿ਺͸/BNFTQBDF • api.NamespaceDefault == "default" • api.NamespaceSystem == "system" w ϦιʔεʹνΣΠϯͯ͠ૢ࡞Λࢦఆ • Get(name), List kubeClient.<resource>.<operation> https://github.com/kubernetes/kubernetes/blob/4a78db61370df83a37957490749f7d171b00c28a/pkg/api/types.go#L154-L161

Pod ҰཡΛग़ྗ for _, pod := range pods.Items { fmt.Println(pod.Name)
} hello-world-e2d3x wordpress-mysql-488205646-t6v4k

஫ҙ • k8s.io/kubernetes ͸ Kubernetes ຊମͷϦϙδτϦ ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)
• github.com/docker/docker ΋ґଘͯ͠Δ • Godeps Έ͍ͨʹ vendoring ΛϦϙδτϦʹؚΊΔ  ৔߹͸ཁ஫ҙ • glide ࢖͓͏ • kubectl ͷιʔε (pkg/kubectl) Λಡ΋͏

·ͱΊ • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ  ࡞Γ·ͨ͠ • Go ͷ
API client library Λ࢖ͬͯɺKubernetes Λ  ௚઀ૢ࡞͢Δํ๏Λ঺հ͠·ͨ͠ • ܅͚ͩͷ Kubernetes tool Λ࡞Ζ͏

Writing Kubenetes tools in Go

Writing Kubenetes tools in Go

Daisuke Fujita

More Decks by Daisuke Fujita

Other Decks in Programming

Featured

Transcript

Writing Kubernetes tools in Go ,VCFSOFUFT.FFUVQ5PLZP %BJTVLF'VKJUB!EUBO

Daisuke Fujita @dtan4

$ k8sec CLI tool to manage Kubernetes Secrets easily

k8sec • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ • Interface like Heroku CLI

Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl

k8sec $ k8sec list rails NAME TYPE KEY VALUE rails

k8sec # Set secret $ k8sec set rails rails-env=production rails

k8sec # Save as .env $ k8sec save -f .env

Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl

kubectl • ສೳʂ • API ΂ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͸࢖͍ʹ͍͘෦෼΋ • ඇӡ༻ଆ (e.g. Rails

kubectl wrapper • ଞݴޠ͔Β kubectl ίϚϯυΛ௚઀ୟ͘ͷ͸  εϚʔτ͡Όͳ͍ • kubectl ͬͯཁ͢Δʹ

Kubernetes API Client Library https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md

k8s.io/kubernetes/pkg/client Oﬃcial Kubernetes API client library

API ΫϥΠΞϯτ࡞੒ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile loader :=

API ΫϥΠΞϯτ࡞੒ loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile • loadingRules.ExplicitPath ʹ  ίϯϑΟάϑΝΠϧͷύεΛࢦఆ •

API ݺͼग़͠ pods, err := kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{}) • ·ͣ Pods, Secret

Pod ҰཡΛग़ྗ for _, pod := range pods.Items { fmt.Println(pod.Name)

஫ҙ • k8s.io/kubernetes ͸ Kubernetes ຊମͷϦϙδτϦ ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)

·ͱΊ • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ  ࡞Γ·ͨ͠ • Go ͷ