Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Writing Kubenetes tools in Go
Search
Daisuke Fujita
June 20, 2016
Programming
1
3.5k
Writing Kubenetes tools in Go
Kubernetes Meetup Tokyo #2
http://k8sjp.connpass.com/event/33508/
の発表資料です
Daisuke Fujita
June 20, 2016
Tweet
Share
More Decks by Daisuke Fujita
See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
dtan4
0
170
Our Practices of Delegating Ownership in Microservices World
dtan4
4
8.9k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
dtan4
3
4.6k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
dtan4
1
1.8k
Wantedly から Chef を一掃した話 / #chibadan
dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
dtan4
6
7.1k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
dtan4
19
3.9k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
dtan4
1
8.3k
最近の wercker 便利って話 #tqrk10
dtan4
2
930
Other Decks in Programming
See All in Programming
dbt Pythonモデルで実現するSnowflake活用術
trsnium
0
270
React 19アップデートのために必要なこと
uhyo
8
1.6k
5分で理解する SOLID 原則 #phpcon_nagoya
shogogg
1
390
Domain-Driven Design (Tutorial)
hschwentner
13
22k
Visual StudioのGitHub Copilotでいろいろやってみる
tomokusaba
1
210
Better Code Design in PHP
afilina
0
180
DevNexus - Create AI Infused Java Apps with LangChain4j
kdubois
0
120
PHPのバージョンアップ時にも役立ったAST
matsuo_atsushi
0
230
Django NinjaによるAPI開発の効率化とリプレースの実践
kashewnuts
1
290
LINE messaging APIを使ってGoogleカレンダーと連携した予約ツールを作ってみた
takumakoike
0
130
kintone開発を効率化するためにチームで試した施策とその結果を大放出!
oguemon
0
280
たのしいSocketのしくみ / Socket Under a Microscope
coe401_
8
1.4k
Featured
See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Faster Mobile Websites
deanohume
306
31k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
4 Signs Your Business is Dying
shpigford
183
22k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7.1k
Facilitating Awesome Meetings
lara
53
6.3k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
Unsuck your backbone
ammeep
669
57k
Building an army of robots
kneath
303
45k
Visualization
eitanlees
146
15k
Transcript
Writing Kubernetes tools in Go ,VCFSOFUFT.FFUVQ5PLZP %BJTVLF'VKJUB!EUBO
Daisuke Fujita @dtan4
$ k8sec CLI tool to manage Kubernetes Secrets easily
k8sec • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ • Interface like Heroku CLI
(heroku config) • Written in Go dtan4/k8sec $ k8sec <command> \ [--kubeconfig KUBECONFIG] \ [--namespace NAMESPACE] \ ARGS
Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷڥมʹ͍͍ͨ • kubectl ͰΔͱ໘ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
k8sec $ k8sec list rails NAME TYPE KEY VALUE rails
Opaque database-url "postgres://example.com:5432/dbname" # Show values as base64-encoded string $ k8sec list --base64 rails NAME TYPE KEY VALUE rails Opaque database-url cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ== Ұཡදࣔ list dtan4/k8sec
k8sec # Set secret $ k8sec set rails rails-env=production rails
# Pass base64-encoded value $ echo dtan4 | base64 ZHRhbjQK $ k8sec set --base64 rails foo=ZHRhbjQK rails $ k8sec list rails NAME TYPE KEY VALUE rails Opaque database-url "postgres://example.com:5432/dbname" rails Opaque foo "dtan4\n" # Unset secret $ k8sec unset rails rails-env ઃఆɺղআ set,unset dtan4/k8sec
k8sec # Save as .env $ k8sec save -f .env
rails $ cat .env database-url="postgres://example.com:5432/dbname" # Load .env $ k8sec load -f .env rails LFZWBMVFFOW load,save dtan4/k8sec
Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷڥมʹ͍͍ͨ • kubectl ͰΔͱ໘ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
kubectl • ສೳʂ • API ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͍ʹ͍͘෦ • ඇӡ༻ଆ (e.g. Rails
developer) ͕৮Δʹ ֶशίετ͕ߴ͍…ʁ => ࣗͨͪͷཁٻʹదͨ͠ wrapper Λ࡞Ζ͏
kubectl wrapper • ଞݴޠ͔Β kubectl ίϚϯυΛୟ͘ͷ εϚʔτ͡Όͳ͍ • kubectl ͬͯཁ͢Δʹ
Kubernetes API ΫϥΠΞϯτͰ͢ΑͶ • API Λୟ͘Α͏ʹ͢Ε͍͍ͷͰ…ʁ
Kubernetes API Client Library https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md
k8s.io/kubernetes/pkg/client Official Kubernetes API client library
API ΫϥΠΞϯτ࡞ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile loader :=
clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err := loader.ClientConfig() if err != nil { return nil, err } kubeClient, err := client.New(clientConfig) if err != nil { return nil, err } import ( "k8s.io/kubernetes/pkg/api" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" )
API ΫϥΠΞϯτ࡞ loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile • loadingRules.ExplicitPath ʹ ίϯϑΟάϑΝΠϧͷύεΛࢦఆ •
RecommendedHomeFile == ~/.kube/config https://github.com/kubernetes/kubernetes/blob/master/pkg/client/unversioned/clientcmd/loader.go
API ݺͼग़͠ pods, err := kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{}) • ·ͣ Pods, Secret
ͷΑ͏ʹϦιʔεࢦఆ w Ҿ/BNFTQBDF • api.NamespaceDefault == "default" • api.NamespaceSystem == "system" w ϦιʔεʹνΣΠϯͯ͠ૢ࡞Λࢦఆ • Get(name), List kubeClient.<resource>.<operation> https://github.com/kubernetes/kubernetes/blob/4a78db61370df83a37957490749f7d171b00c28a/pkg/api/types.go#L154-L161
Pod ҰཡΛग़ྗ for _, pod := range pods.Items { fmt.Println(pod.Name)
} hello-world-e2d3x wordpress-mysql-488205646-t6v4k
ҙ • k8s.io/kubernetes Kubernetes ຊମͷϦϙδτϦ ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)
• github.com/docker/docker ґଘͯ͠Δ • Godeps Έ͍ͨʹ vendoring ΛϦϙδτϦʹؚΊΔ ߹ཁҙ • glide ͓͏ • kubectl ͷιʔε (pkg/kubectl) Λಡ͏
·ͱΊ • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ ࡞Γ·ͨ͠ • Go ͷ
API client library ΛͬͯɺKubernetes Λ ૢ࡞͢Δํ๏Λհ͠·ͨ͠ • ܅͚ͩͷ Kubernetes tool Λ࡞Ζ͏