英文:
How can I create a kubernetes.Clientset directly from a GCP service account JSON key file in Go?
问题
我正在寻找一种在Go中使用服务帐号JSON密钥文件初始化GKE的kubernetes.Clientset的方法。我找到了一些线索,比如这篇博客和这个相关的gist,但是那里提到的方法似乎需要列出GCP项目中的所有集群,以创建kubeconfig的内存表示,这并不理想。
英文:
I'm looking for a way to initialise a kubernetes.Clientset for GKE in Go starting from a service account JSON key file. I found a few leads, such as this blog and this associated gist, but the approach outlined there seems to require listing all clusters in a GCP project to create an in-memory representation of the kubeconfig, which isn't ideal.
答案1
得分: 1
使用来自https://github.com/rancher/kontainer-engine的GKE驱动代码作为灵感,我提出了以下方法(避免了对k8s.io/client-go/tools/clientcmd的依赖):
package mainimport ("context""encoding/base64""fmt""io/ioutil""log""net/http""strings""golang.org/x/oauth2""golang.org/x/oauth2/google""google.golang.org/api/container/v1""google.golang.org/api/option"v1 "k8s.io/apimachinery/pkg/apis/meta/v1""k8s.io/client-go/kubernetes""k8s.io/client-go/rest")func getGKEClientset(cluster *container.Cluster, ts oauth2.TokenSource) (kubernetes.Interface, error) {capem, err := base64.StdEncoding.DecodeString(cluster.MasterAuth.ClusterCaCertificate)if err != nil {return nil, fmt.Errorf("failed to decode cluster CA cert: %s", err)}config := &rest.Config{Host: cluster.Endpoint,TLSClientConfig: rest.TLSClientConfig{CAData: capem,},}config.Wrap(func(rt http.RoundTripper) http.RoundTripper {return &oauth2.Transport{Source: ts,Base: rt,}})clientset, err := kubernetes.NewForConfig(config)if err != nil {return nil, fmt.Errorf("failed to initialise clientset from config: %s", err)}return clientset, nil}func main() {gcpServiceAccountKeyFile := "gcp_service_account_key.json"gkeLocation := "<GKE项目位置>" // 例如:us-east1gkeClusterName := "<GKE集群名称>"gkeNamespace := "<GKE集群命名空间>"data, err := ioutil.ReadFile(gcpServiceAccountKeyFile)if err != nil {log.Fatalf("Failed to read GCP service account key file: %s", err)}ctx := context.Background()creds, err := google.CredentialsFromJSON(ctx, data, container.CloudPlatformScope)if err != nil {log.Fatalf("Failed to load GCP service account credentials: %s", err)}gkeService, err := container.NewService(ctx, option.WithHTTPClient(oauth2.NewClient(ctx, creds.TokenSource)))if err != nil {log.Fatalf("Failed to initialise Kubernetes Engine service: %s", err)}name := fmt.Sprintf("projects/%s/locations/%s/clusters/%s", creds.ProjectID, gkeLocation, gkeClusterName)cluster, err := container.NewProjectsLocationsClustersService(gkeService).Get(name).Do()if err != nil {log.Fatalf("Failed to load GKE cluster %q: %s", name, err)}clientset, err := getGKEClientset(cluster, creds.TokenSource)if err != nil {log.Fatalf("Failed to initialise Kubernetes clientset: %s", err)}pods, err := clientset.CoreV1().Pods(gkeNamespace).List(ctx, v1.ListOptions{})if err != nil {log.Fatalf("Failed to list pods: %s", err)}log.Printf("There are %d pods in the namespace", len(pods.Items))}
英文:
Using the GKE driver code from https://github.com/rancher/kontainer-engine as inspiration, I came up with the following approach (which avoids the dependency on k8s.io/client-go/tools/clientcmd):
package mainimport ("context""encoding/base64""fmt""io/ioutil""log""net/http""strings""golang.org/x/oauth2""golang.org/x/oauth2/google""google.golang.org/api/container/v1""google.golang.org/api/option"v1 "k8s.io/apimachinery/pkg/apis/meta/v1""k8s.io/client-go/kubernetes""k8s.io/client-go/rest")func getGKEClientset(cluster *container.Cluster, ts oauth2.TokenSource) (kubernetes.Interface, error) {capem, err := base64.StdEncoding.DecodeString(cluster.MasterAuth.ClusterCaCertificate)if err != nil {return nil, fmt.Errorf("failed to decode cluster CA cert: %s", err)}config := &rest.Config{Host: cluster.Endpoint,TLSClientConfig: rest.TLSClientConfig{CAData: capem,},}config.Wrap(func(rt http.RoundTripper) http.RoundTripper {return &oauth2.Transport{Source: ts,Base: rt,}})clientset, err := kubernetes.NewForConfig(config)if err != nil {return nil, fmt.Errorf("failed to initialise clientset from config: %s", err)}return clientset, nil}func main() {gcpServiceAccountKeyFile := "gcp_service_account_key.json"gkeLocation := "<GKE Project Location>" // i.e. us-east1gkeClusterName := "<GKE Cluster Name>"gkeNamespace := "<GKE Cluster Namespace>"data, err := ioutil.ReadFile(gcpServiceAccountKeyFile)if err != nil {log.Fatalf("Failed to read GCP service account key file: %s", err)}ctx := context.Background()creds, err := google.CredentialsFromJSON(ctx, data, container.CloudPlatformScope)if err != nil {log.Fatalf("Failed to load GCP service account credentials: %s", err)}gkeService, err := container.NewService(ctx, option.WithHTTPClient(oauth2.NewClient(ctx, creds.TokenSource)))if err != nil {log.Fatalf("Failed to initialise Kubernetes Engine service: %s", err)}name := fmt.Sprintf("projects/%s/locations/%s/clusters/%s", creds.ProjectID, gkeLocation, gkeClusterName)cluster, err := container.NewProjectsLocationsClustersService(gkeService).Get(name).Do()if err != nil {log.Fatalf("Failed to load GKE cluster %q: %s", name, err)}clientset, err := getGKEClientset(cluster, creds.TokenSource)if err != nil {log.Fatalf("Failed to initialise Kubernetes clientset: %s", err)}pods, err := clientset.CoreV1().Pods(gkeNamespace).List(ctx, v1.ListOptions{})if err != nil {log.Fatalf("Failed to list pods: %s", err)}log.Printf("There are %d pods in the namespace", len(pods.Items))}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论