-
Notifications
You must be signed in to change notification settings - Fork 3
/
boot.go
124 lines (112 loc) · 3.23 KB
/
boot.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package main
import (
"log"
"os"
"strconv"
"time"
"github.com/teamhephy/registry-token-refresher/pkg"
"github.com/teamhephy/registry-token-refresher/pkg/credentials"
"k8s.io/kubernetes/pkg/api"
kcl "k8s.io/kubernetes/pkg/client/unversioned"
"k8s.io/kubernetes/pkg/fields"
"k8s.io/kubernetes/pkg/labels"
)
var registryLocation = os.Getenv("DEIS_REGISTRY_LOCATION")
var namespaceRefreshTime = os.Getenv("DEIS_NAMESPACE_REFRESH_TIME")
const (
registryCredLocation = "/var/run/secrets/deis/registry/creds/"
)
func getDiff(appList []string, namespaceList []api.Namespace) ([]string, []string) {
var added []string
apps := make([]string, len(namespaceList))
// create a set of app names
appsSet := make(map[string]struct{}, len(appList))
for _, app := range appList {
appsSet[app] = struct{}{}
}
for i, ns := range namespaceList {
if _, ok := appsSet[ns.Name]; !ok {
added = append(added, ns.Name)
}
apps[i] = ns.Name
}
return added, apps
}
func tokenRefresher(client kcl.SecretsNamespacer, credsProvider credentials.DockerCredProvider, appListCh <-chan []api.Namespace, errCh chan<- error, doneCh <-chan struct{}) {
var appList []string
creds, err := credsProvider.GetDockerCredentials()
if err != nil {
errCh <- err
return
}
ticker := time.NewTicker(credsProvider.GetRefreshTime())
defer ticker.Stop()
for {
select {
case apps := <-appListCh:
var added []string
added, appList = getDiff(appList, apps)
for _, app := range added {
log.Printf("creating secret for app %s", app)
if err = pkg.CreateSecret(client.Secrets(app), creds); err != nil {
errCh <- err
return
}
}
case <-ticker.C:
creds, err = credsProvider.GetDockerCredentials()
if err != nil {
errCh <- err
return
}
for _, app := range appList {
log.Printf("updating secret for app %s", app)
if err = pkg.UpdateSecret(client.Secrets(app), creds); err != nil {
errCh <- err
return
}
}
case <-doneCh:
return
}
}
}
func main() {
kubeClient, err := kcl.NewInCluster()
if err != nil {
log.Fatal("Error getting kubernetes client ", err)
}
refreshTime, err := strconv.ParseInt(namespaceRefreshTime, 10, 32)
if err != nil {
log.Fatal("Error getting the namespace refresh time", err)
}
params, err := pkg.GetRegistryParams(registryCredLocation)
if err != nil {
log.Fatal("Error getting registry location credentials details", err)
}
credProvider, err := credentials.GetDockerCredentialsProvider(registryLocation, params)
if err != nil {
log.Fatal("Error getting credentials provider", err)
}
appListCh := make(chan []api.Namespace)
tokenRefErrCh := make(chan error)
doneCh := make(chan struct{})
defer close(doneCh)
go tokenRefresher(kubeClient, credProvider, appListCh, tokenRefErrCh, doneCh)
for {
select {
case err = <-tokenRefErrCh:
log.Printf("error during token refresh %s", err)
return
default:
labelMap := labels.Set{"heritage": "deis"}
nsList, err := kubeClient.Namespaces().List(api.ListOptions{LabelSelector: labelMap.AsSelector(), FieldSelector: fields.Everything()})
if err != nil {
log.Printf("Error getting kubernetes namespaces %s", err)
return
}
appListCh <- nsList.Items
}
time.Sleep(time.Second * time.Duration(refreshTime))
}
}