Writing Kubenetes tools in Go

92ce4587cc8465736433e698b1e50aaa?s=47 Daisuke Fujita
June 20, 2016
Programming
1
2.6k

Writing Kubenetes tools in Go

Kubernetes Meetup Tokyo #2 http://k8sjp.connpass.com/event/33508/ の発表資料です

92ce4587cc8465736433e698b1e50aaa?s=128

Daisuke Fujita

June 20, 2016
Tweet

Want more?

92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
0
87
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
4
3.6k
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
3
3.1k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
2
160
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
1
83
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
74
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
5
150
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
4
160
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
2
220
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
2
440
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
120
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
200

Transcript

  1. 1.

    Writing Kubernetes tools in Go  ,VCFSOFUFT.FFUVQ5PLZP %BJTVLF'VKJUB!EUBO

  2. 2.

    Daisuke Fujita @dtan4

  3. 3.

    $ k8sec CLI tool to manage Kubernetes Secrets easily

  4. 4.

    k8sec • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ • Interface like Heroku CLI

    (heroku config) • Written in Go dtan4/k8sec $ k8sec <command> \ [--kubeconfig KUBECONFIG] \ [--namespace NAMESPACE] \ ARGS
  5. 5.

    Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl

    ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ౓ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
  6. 6.

    k8sec $ k8sec list rails NAME TYPE KEY VALUE rails

    Opaque database-url "postgres://example.com:5432/dbname" # Show values as base64-encoded string $ k8sec list --base64 rails NAME TYPE KEY VALUE rails Opaque database-url cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ== Ұཡදࣔ list dtan4/k8sec
  7. 7.

    k8sec # Set secret $ k8sec set rails rails-env=production rails

    # Pass base64-encoded value $ echo dtan4 | base64 ZHRhbjQK $ k8sec set --base64 rails foo=ZHRhbjQK rails $ k8sec list rails NAME TYPE KEY VALUE rails Opaque database-url "postgres://example.com:5432/dbname" rails Opaque foo "dtan4\n" # Unset secret $ k8sec unset rails rails-env ઃఆɺղআ set,unset dtan4/k8sec
  8. 8.

    k8sec # Save as .env $ k8sec save -f .env

    rails $ cat .env database-url="postgres://example.com:5432/dbname" # Load .env $ k8sec load -f .env rails LFZWBMVFFOW load,save dtan4/k8sec
  9. 9.

    Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl

    ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ౓ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
  10. 10.

    kubectl • ສೳʂ • API ΂ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͸࢖͍ʹ͍͘෦෼΋ • ඇӡ༻ଆ (e.g. Rails

    developer) ͕৮Δʹ͸
 ֶशίετ͕ߴ͍…ʁ => ࣗ෼ͨͪͷཁٻʹదͨ͠ wrapper Λ࡞Ζ͏
  11. 11.

    kubectl wrapper • ଞݴޠ͔Β kubectl ίϚϯυΛ௚઀ୟ͘ͷ͸
 εϚʔτ͡Όͳ͍ • kubectl ͬͯཁ͢Δʹ

    
 Kubernetes API ΫϥΠΞϯτͰ͢ΑͶ • ௚઀ API Λୟ͘Α͏ʹ͢Ε͹͍͍ͷͰ͸…ʁ
  12. 12.

    Kubernetes API Client Library https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md

  13. 13.

    k8s.io/kubernetes/pkg/client Official Kubernetes API client library

  14. 14.

    API ΫϥΠΞϯτ࡞੒ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile loader :=

    clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err := loader.ClientConfig() if err != nil { return nil, err } kubeClient, err := client.New(clientConfig) if err != nil { return nil, err } import ( "k8s.io/kubernetes/pkg/api" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" )
  15. 15.

    API ΫϥΠΞϯτ࡞੒ loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile • loadingRules.ExplicitPath ʹ
 ίϯϑΟάϑΝΠϧͷύεΛࢦఆ •

    RecommendedHomeFile == ~/.kube/config https://github.com/kubernetes/kubernetes/blob/master/pkg/client/unversioned/clientcmd/loader.go
  16. 16.

    API ݺͼग़͠ pods, err := kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{}) • ·ͣ Pods, Secret

    ͷΑ͏ʹϦιʔεࢦఆ w Ҿ਺͸/BNFTQBDF • api.NamespaceDefault == "default" • api.NamespaceSystem == "system" w ϦιʔεʹνΣΠϯͯ͠ૢ࡞Λࢦఆ • Get(name), List kubeClient.<resource>.<operation> https://github.com/kubernetes/kubernetes/blob/4a78db61370df83a37957490749f7d171b00c28a/pkg/api/types.go#L154-L161
  17. 17.

    Pod ҰཡΛग़ྗ for _, pod := range pods.Items { fmt.Println(pod.Name)

    } hello-world-e2d3x wordpress-mysql-488205646-t6v4k
  18. 18.

    ஫ҙ • k8s.io/kubernetes ͸ Kubernetes ຊମͷϦϙδτϦ ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)

    • github.com/docker/docker ΋ґଘͯ͠Δ • Godeps Έ͍ͨʹ vendoring ΛϦϙδτϦʹؚΊΔ
 ৔߹͸ཁ஫ҙ • glide ࢖͓͏ • kubectl ͷιʔε (pkg/kubectl) Λಡ΋͏
  19. 19.

    ·ͱΊ • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ
 ࡞Γ·ͨ͠ • Go ͷ

    API client library Λ࢖ͬͯɺKubernetes Λ
 ௚઀ૢ࡞͢Δํ๏Λ঺հ͠·ͨ͠ • ܅͚ͩͷ Kubernetes tool Λ࡞Ζ͏