How can I create a kubernetes.Clientset directly from a GCP service account JSON key file in Go?

huangapple go评论116阅读模式
英文:

How can I create a kubernetes.Clientset directly from a GCP service account JSON key file in Go?

问题

我正在寻找一种在Go中使用服务帐号JSON密钥文件初始化GKE的kubernetes.Clientset的方法。我找到了一些线索,比如这篇博客这个相关的gist,但是那里提到的方法似乎需要列出GCP项目中的所有集群,以创建kubeconfig的内存表示,这并不理想。

英文:

I'm looking for a way to initialise a kubernetes.Clientset for GKE in Go starting from a service account JSON key file. I found a few leads, such as this blog and this associated gist, but the approach outlined there seems to require listing all clusters in a GCP project to create an in-memory representation of the kubeconfig, which isn't ideal.

答案1

得分: 1

使用来自https://github.com/rancher/kontainer-engine的GKE驱动代码作为灵感,我提出了以下方法(避免了对k8s.io/client-go/tools/clientcmd的依赖):

package main

import (
	"context"
	"encoding/base64"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"strings"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/google"
	"google.golang.org/api/container/v1"
	"google.golang.org/api/option"
	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"
	"k8s.io/client-go/rest"
)

func getGKEClientset(cluster *container.Cluster, ts oauth2.TokenSource) (kubernetes.Interface, error) {
	capem, err := base64.StdEncoding.DecodeString(cluster.MasterAuth.ClusterCaCertificate)
	if err != nil {
		return nil, fmt.Errorf("failed to decode cluster CA cert: %s", err)
	}

	config := &rest.Config{
		Host: cluster.Endpoint,
		TLSClientConfig: rest.TLSClientConfig{
			CAData: capem,
		},
	}
	config.Wrap(func(rt http.RoundTripper) http.RoundTripper {
		return &oauth2.Transport{
			Source: ts,
			Base:   rt,
		}
	})

	clientset, err := kubernetes.NewForConfig(config)
	if err != nil {
		return nil, fmt.Errorf("failed to initialise clientset from config: %s", err)
	}

	return clientset, nil
}

func main() {
	gcpServiceAccountKeyFile := "gcp_service_account_key.json"
	gkeLocation := "<GKE项目位置>" // 例如:us-east1
	gkeClusterName := "<GKE集群名称>"
	gkeNamespace :=  "<GKE集群命名空间>"

	data, err := ioutil.ReadFile(gcpServiceAccountKeyFile)
	if err != nil {
		log.Fatalf("Failed to read GCP service account key file: %s", err)
	}

	ctx := context.Background()

	creds, err := google.CredentialsFromJSON(ctx, data, container.CloudPlatformScope)
	if err != nil {
		log.Fatalf("Failed to load GCP service account credentials: %s", err)
	}

	gkeService, err := container.NewService(ctx, option.WithHTTPClient(oauth2.NewClient(ctx, creds.TokenSource)))
	if err != nil {
		log.Fatalf("Failed to initialise Kubernetes Engine service: %s", err)
	}

	name := fmt.Sprintf("projects/%s/locations/%s/clusters/%s", creds.ProjectID, gkeLocation, gkeClusterName)
	cluster, err := container.NewProjectsLocationsClustersService(gkeService).Get(name).Do()
	if err != nil {
		log.Fatalf("Failed to load GKE cluster %q: %s", name, err)
	}

	clientset, err := getGKEClientset(cluster, creds.TokenSource)
	if err != nil {
		log.Fatalf("Failed to initialise Kubernetes clientset: %s", err)
	}

	pods, err := clientset.CoreV1().Pods(gkeNamespace).List(ctx, v1.ListOptions{})
	if err != nil {
		log.Fatalf("Failed to list pods: %s", err)
	}
	log.Printf("There are %d pods in the namespace", len(pods.Items))
}
英文:

Using the GKE driver code from https://github.com/rancher/kontainer-engine as inspiration, I came up with the following approach (which avoids the dependency on k8s.io/client-go/tools/clientcmd):

package main
import (
&quot;context&quot;
&quot;encoding/base64&quot;
&quot;fmt&quot;
&quot;io/ioutil&quot;
&quot;log&quot;
&quot;net/http&quot;
&quot;strings&quot;
&quot;golang.org/x/oauth2&quot;
&quot;golang.org/x/oauth2/google&quot;
&quot;google.golang.org/api/container/v1&quot;
&quot;google.golang.org/api/option&quot;
v1 &quot;k8s.io/apimachinery/pkg/apis/meta/v1&quot;
&quot;k8s.io/client-go/kubernetes&quot;
&quot;k8s.io/client-go/rest&quot;
)
func getGKEClientset(cluster *container.Cluster, ts oauth2.TokenSource) (kubernetes.Interface, error) {
capem, err := base64.StdEncoding.DecodeString(cluster.MasterAuth.ClusterCaCertificate)
if err != nil {
return nil, fmt.Errorf(&quot;failed to decode cluster CA cert: %s&quot;, err)
}
config := &amp;rest.Config{
Host: cluster.Endpoint,
TLSClientConfig: rest.TLSClientConfig{
CAData: capem,
},
}
config.Wrap(func(rt http.RoundTripper) http.RoundTripper {
return &amp;oauth2.Transport{
Source: ts,
Base:   rt,
}
})
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, fmt.Errorf(&quot;failed to initialise clientset from config: %s&quot;, err)
}
return clientset, nil
}
func main() {
gcpServiceAccountKeyFile := &quot;gcp_service_account_key.json&quot;
gkeLocation := &quot;&lt;GKE Project Location&gt;&quot; // i.e. us-east1
gkeClusterName := &quot;&lt;GKE Cluster Name&gt;&quot;
gkeNamespace :=  &quot;&lt;GKE Cluster Namespace&gt;&quot;
data, err := ioutil.ReadFile(gcpServiceAccountKeyFile)
if err != nil {
log.Fatalf(&quot;Failed to read GCP service account key file: %s&quot;, err)
}
ctx := context.Background()
creds, err := google.CredentialsFromJSON(ctx, data, container.CloudPlatformScope)
if err != nil {
log.Fatalf(&quot;Failed to load GCP service account credentials: %s&quot;, err)
}
gkeService, err := container.NewService(ctx, option.WithHTTPClient(oauth2.NewClient(ctx, creds.TokenSource)))
if err != nil {
log.Fatalf(&quot;Failed to initialise Kubernetes Engine service: %s&quot;, err)
}
name := fmt.Sprintf(&quot;projects/%s/locations/%s/clusters/%s&quot;, creds.ProjectID, gkeLocation, gkeClusterName)
cluster, err := container.NewProjectsLocationsClustersService(gkeService).Get(name).Do()
if err != nil {
log.Fatalf(&quot;Failed to load GKE cluster %q: %s&quot;, name, err)
}
clientset, err := getGKEClientset(cluster, creds.TokenSource)
if err != nil {
log.Fatalf(&quot;Failed to initialise Kubernetes clientset: %s&quot;, err)
}
pods, err := clientset.CoreV1().Pods(gkeNamespace).List(ctx, v1.ListOptions{})
if err != nil {
log.Fatalf(&quot;Failed to list pods: %s&quot;, err)
}
log.Printf(&quot;There are %d pods in the namespace&quot;, len(pods.Items))
}

huangapple
  • 本文由 发表于 2022年4月12日 10:58:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/71836518.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定