Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Writing Kubenetes tools in Go

92ce4587cc8465736433e698b1e50aaa?s=47 Daisuke Fujita
June 20, 2016
Programming
1
3k

Writing Kubenetes tools in Go

Kubernetes Meetup Tokyo #2 http://k8sjp.connpass.com/event/33508/ の発表資料です

92ce4587cc8465736433e698b1e50aaa?s=128

Daisuke Fujita

June 20, 2016
Tweet

More Decks by Daisuke Fujita

See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
0
110
Our Practices of Delegating Ownership in Microservices World
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
4
7.9k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
3
3.7k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: 
Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
1.6k
Wantedly から Chef を一掃した話 / #chibadan
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
6
6.6k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
19
3.6k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
7.2k
最近の wercker 便利って話 #tqrk10
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
2
830

Other Decks in Programming

See All in Programming
「混ぜるな危険」を推進する設計
8ec2b967e38f000eb63ae345cd7c58e6?s=48 minodriven
8
2.2k
AWS Config Custom Rule、ノーコードでできるかな?
822eaa655305fe3cffb0b034913f0cd2?s=48 watany
0
130
データ分析やAIの "運用" について考える
5b1f54cf0af2f41f7c1bf93ce0f0debf?s=48 mmorito
0
150
大規模プロダクトにLinterを導入し運用している話
68b11f940176220aa84f755abb0bea10?s=48 hirokiotsuka
0
240
社用PCのdotfiles管理 / dotfiles-in-company
8c653f1257636312a8e88612ccb27718?s=48 yammerjp
0
230
アジャイルで不確実性に向き合うための開発タスクの切り方
444706893bf3e53d6d96b4509d2d05d5?s=48 tanden
3
400
チームでカレーを作ろう!アジャイルカレークッキング
D30220c903365b2170e791313296b2f9?s=48 akitotsukahara
0
910
Modern Android Developer ~ 안내서
354271902cd8ba2762d05b251dfa0f84?s=48 pluu
1
670
More Than Micro Frontends: 3 Further Use Cases for Module Federation @DWX 2022
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
110
CSE360 Tutorial 07
B546a9b97d993392e4b22b74b99b91fe?s=48 javiergs
PRO
0
110
Gitlab CIでMRを自動生成する
1a2f29252240936c0ac4db4edab36d41?s=48 forcia_dev_pr
0
120
Client-Side Field-Level Encryption for Apache Kafka Connect @ VoxxedDays Luxembourg 2022
744f1c2c6cbea2ff5104b0ac512936bd?s=48 hpgrahsl
0
120

Featured

See All Featured
How New CSS Is Changing Everything About Graphic Design on the Web
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
213
11k
YesSQL, Process and Tooling at Scale
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
157
12k
Designing with Data
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.9k
Reflections from 52 weeks, 52 projects
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
337
17k
How GitHub (no longer) Works
78b475797a14c84799063c7cd073962f?s=48 holman
296
140k
Web Components: a chance to create the future
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
303
40k
Streamline your AJAX requests with AmplifyJS and jQuery
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
127
8.5k
Put a Button on it: Removing Barriers to Going Fast.
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
56
2.3k
Product Roadmaps are Hard
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
34
6.6k
Fireside Chat
864a009ac73600c7c02e1f26629dd989?s=48 paigeccino
12
1.3k
Designing for humans not robots
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
241
23k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
269
12k

Transcript

  1. Writing Kubernetes tools in Go  ,VCFSOFUFT.FFUVQ5PLZP %BJTVLF'VKJUB!EUBO

  2. Daisuke Fujita @dtan4

  3. $ k8sec CLI tool to manage Kubernetes Secrets easily

  4. k8sec • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ • Interface like Heroku CLI

    (heroku config) • Written in Go dtan4/k8sec $ k8sec <command> \ [--kubeconfig KUBECONFIG] \ [--namespace NAMESPACE] \ ARGS

  5. Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl

    ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ౓ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D

  6. k8sec $ k8sec list rails NAME TYPE KEY VALUE rails

    Opaque database-url "postgres://example.com:5432/dbname" # Show values as base64-encoded string $ k8sec list --base64 rails NAME TYPE KEY VALUE rails Opaque database-url cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ== Ұཡදࣔ list dtan4/k8sec

  7. k8sec # Set secret $ k8sec set rails rails-env=production rails

    # Pass base64-encoded value $ echo dtan4 | base64 ZHRhbjQK $ k8sec set --base64 rails foo=ZHRhbjQK rails $ k8sec list rails NAME TYPE KEY VALUE rails Opaque database-url "postgres://example.com:5432/dbname" rails Opaque foo "dtan4\n" # Unset secret $ k8sec unset rails rails-env ઃఆɺղআ set,unset dtan4/k8sec

  8. k8sec # Save as .env $ k8sec save -f .env

    rails $ cat .env database-url="postgres://example.com:5432/dbname" # Load .env $ k8sec load -f .env rails LFZWBMVFFOW load,save dtan4/k8sec

  9. Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷ؀ڥม਺ʹ࢖͍͍ͨ • kubectl Ͱ΍Δͱ໘౗ͩͬͨ • kubectl

    ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ౓ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D

  10. kubectl • ສೳʂ • API ΂ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͸࢖͍ʹ͍͘෦෼΋ • ඇӡ༻ଆ (e.g. Rails

    developer) ͕৮Δʹ͸
 ֶशίετ͕ߴ͍…ʁ => ࣗ෼ͨͪͷཁٻʹదͨ͠ wrapper Λ࡞Ζ͏

  11. kubectl wrapper • ଞݴޠ͔Β kubectl ίϚϯυΛ௚઀ୟ͘ͷ͸
 εϚʔτ͡Όͳ͍ • kubectl ͬͯཁ͢Δʹ

    
 Kubernetes API ΫϥΠΞϯτͰ͢ΑͶ • ௚઀ API Λୟ͘Α͏ʹ͢Ε͹͍͍ͷͰ͸…ʁ

  12. Kubernetes API Client Library https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md

  13. k8s.io/kubernetes/pkg/client Official Kubernetes API client library

  14. API ΫϥΠΞϯτ࡞੒ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile loader :=

    clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err := loader.ClientConfig() if err != nil { return nil, err } kubeClient, err := client.New(clientConfig) if err != nil { return nil, err } import ( "k8s.io/kubernetes/pkg/api" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" )

  15. API ΫϥΠΞϯτ࡞੒ loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile • loadingRules.ExplicitPath ʹ
 ίϯϑΟάϑΝΠϧͷύεΛࢦఆ •

    RecommendedHomeFile == ~/.kube/config https://github.com/kubernetes/kubernetes/blob/master/pkg/client/unversioned/clientcmd/loader.go

  16. API ݺͼग़͠ pods, err := kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{}) • ·ͣ Pods, Secret

    ͷΑ͏ʹϦιʔεࢦఆ w Ҿ਺͸/BNFTQBDF • api.NamespaceDefault == "default" • api.NamespaceSystem == "system" w ϦιʔεʹνΣΠϯͯ͠ૢ࡞Λࢦఆ • Get(name), List kubeClient.<resource>.<operation> https://github.com/kubernetes/kubernetes/blob/4a78db61370df83a37957490749f7d171b00c28a/pkg/api/types.go#L154-L161

  17. Pod ҰཡΛग़ྗ for _, pod := range pods.Items { fmt.Println(pod.Name)

    } hello-world-e2d3x wordpress-mysql-488205646-t6v4k

  18. ஫ҙ • k8s.io/kubernetes ͸ Kubernetes ຊମͷϦϙδτϦ ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)

    • github.com/docker/docker ΋ґଘͯ͠Δ • Godeps Έ͍ͨʹ vendoring ΛϦϙδτϦʹؚΊΔ
 ৔߹͸ཁ஫ҙ • glide ࢖͓͏ • kubectl ͷιʔε (pkg/kubectl) Λಡ΋͏

  19. ·ͱΊ • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ
 ࡞Γ·ͨ͠ • Go ͷ

    API client library Λ࢖ͬͯɺKubernetes Λ
 ௚઀ૢ࡞͢Δํ๏Λ঺հ͠·ͨ͠ • ܅͚ͩͷ Kubernetes tool Λ࡞Ζ͏