Develop Reference

Can not create kubernetes secret using go client

I am trying to create a secret using this function
func (ks *KubeSession) DeploySecret(secretName string, secretType string, secretMap map[string][]byte) error {
InfoLogger.Printf("deploying secret %s", secretName)
secret := corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
},
Data: secretMap,
Type: secretType,
}
_, err := ks.ClientSet.CoreV1().Secrets(JOB_NAMESPACE).Create(context.TODO(), &secret, metav1.CreateOptions{})
if err != nil {
return err
}
return nil
}
It is getting the following error:
cannot use secretType (variable of type string) as "k8s.io/api/core/v1".SecretType value in struct literal
Though, it works fine when I use a hardcoded string instead, like that:
...
Type: "generic"
...
How can I substitute this variable, so that I do not have to use hardcoded values instead?

Resolved.
Found the right way to declare the composite type:
Type: corev1.SecretType(secretType)

Why intercept pod/bindings but fail to fetch its corresponding pod in kubernetes

I have a project that intercepts pod/bindings resources by mutatingwebhook, then gets the corresponding pod and adds a label.
Part of the code is as follows
# k8s webhookconfig
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutation
webhooks:
- name: mutationpod
rules:
- operations: ["CREATE"]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods/binding"]
failurePolicy: Fail
sideEffects: None
# webhook server
func (p *PodMutate) Handle(ctx context.Context, req admission.Request) admission.Response {
podBinding := &corev1.Binding{}
podMutateLog := log.WithName("PodMutate")
err := p.decoder.Decode(req, podBinding)
if err != nil {
podMutateLog.Error(err, "failed decoder podBinding")
return admission.Errored(http.StatusBadRequest, err)
}
pod := &corev1.Pod{}
if err = p.Client.Get(ctx, types.NamespacedName{Namespace: podBinding.Namespace, Name: podBinding.Name}, pod); err != nil {
if apierrors.IsNotFound(err) {
podMutateLog.Error(err, fmt.Sprintf("pod %s in namespace %s not found", podBinding.Name, podBinding.Namespace))
} else if statusError, isStatus := err.(*apierrors.StatusError); isStatus {
podMutateLog.Error(err, fmt.Sprintf("error getting pod %s in namespace %s: %v", podBinding.Name, podBinding.Namespace, statusError.ErrStatus.Message))
} else {
podMutateLog.Error(err, fmt.Sprintf("failed to get pod %s: %v", podBinding.Name, err))
}
return admission.Allowed("")
}
...
...
But it unexpectedly got an error that the pod could not be found, of course, this is an accidental error that I found after deploying the service many times.
{"lever":"error",...,"msg":"pod nginx-deployment-xxx in namespace default not found"}...
So I added a retry mechanism to read the pod and so far this error doesn't happen again. But I want to know why this is?
I really appreciate any help with this.
PS: Code reference controller-runtime example

Create/Get a custom kubernetes resource

I want to create a custom kubernetes resource with go. The application is deployed in the kubernetes cluster. I want to create e.g. the followng resource:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: add-response-header
config:
add:
headers:
- "demo: injected-by-kong"
plugin: response-transformer
So far I always created the 'standard' resources e.g. a secret with the following code:
CreateSecret(name string, data map[string]string) error {
confs, err := rest.InClusterConfig()
if err != nil {
panic(err)
}
clientset, err = kubernetes.NewForConfig(confs)
i := clientset.CoreV1()
if _, err := i.Secrets(namespace).Create(&v1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
},
StringData: data,
Type: "Opaque",
}); err != nil {
return err
}
}
In addition I tried to get a resource with the following code:
b, err := clientset.RESTClient().Get().Namespace(namespace).Resource("KongPlugin").DoRaw()
I get the following err:
the server could not find the requested resource (get KongPlugin)
If I make a request at the command line k get KongPlugin I can see all the resources.
NAME PLUGIN-TYPE AGE
add-proxy-headers request-transformer 3h34m
So how can view the custom resoources?

For RESTClient 👇🏼
Get:
You have to fully specify path to you custom resource.
Use fluent interface
data, err := clientset.RESTClient().
Get().
AbsPath("/apis/<api>/<version>").
Namespace("<namespace>").
Resource("kongplugins").
Name("kongplugin-sample").
DoRaw(context.TODO())
or specify manually
data, err := clientset.RESTClient().
Get().
AbsPath("/apis/<api>/<version>/namespaces/<namespace>/kongplugins/kongplugin-sample").
DoRaw(context.TODO())
You can find AbsPath in selfLink of custom resource.
Create:
For example, you can post marshaled data use AbsPath
kongPlugin := &KongPlugin{
TypeMeta: metav1.TypeMeta{
APIVersion: "<api>/<version>",
Kind: "KongPlugin",
},
ObjectMeta: metav1.ObjectMeta{
Name: "kongplugin-sample",
Namespace: "<namespace>",
},
...}}
body, err := json.Marshal(kongPlugin)
data, err := clientset.RESTClient().
Post().
AbsPath("/apis/<api>/<version>/namespaces/<namespace>/kongplugins").
Body(body).
DoRaw(context.TODO())
because arg of the method Body(obj interface{}) is an empty interface, you can use different types of arguments according to documentation:
k8s.io/client-go/rest - func (*Request) Body

How do I get/update a Kubernetes custom resource from a go program?

I'm looking for the go equivalent of:
kubectl get some-custom-resource-kind some-custom-resource -o yaml > file.yaml
Modify the yaml file...
kubectl apply -f file.yaml
Kubernetes has a client go library for standard resource kinds.
And various vendors have client go libraries for their custom resources.
But I need to get/update a resource kind that doesn't have a publicly available client go library. The logic is implemented in bash script today and I'm trying to move that function to a go controller.
Seems like it there should be a straightforward way in go to do the equivalent of kubectl.
Thanks, Paul

For any type, including your CRDs, use client.Client.
From the documentation:
// Using a typed object.
pod := &corev1.Pod{}
// c is a created client.
_ = c.Get(context.Background(), client.ObjectKey{
Namespace: "namespace",
Name: "name",
}, pod)
pod.SetFinalizers(append(pod.GetFinalizers(), "new-finalizer"))
_ = c.Update(context.Background(), pod)
// Using a unstructured object.
u := &unstructured.Unstructured{}
u.SetGroupVersionKind(schema.GroupVersionKind{
Group: "apps",
Kind: "Deployment",
Version: "v1",
})
_ = c.Get(context.Background(), client.ObjectKey{
Namespace: "namespace",
Name: "name",
}, u)
u.SetFinalizers(append(u.GetFinalizers(), "new-finalizer"))
_ = c.Update(context.Background(), u)
You could just as easily swap in SomeCustomResourceKind:
myCR := &v1alpha1.SomeCustomResourceKind{}
// c is a created client.Client
_ = c.Get(context.TODO(), client.ObjectKey{
Namespace: "namespace",
Name: "some-custom-resource", }, myCR)
myCR.MyProperty = "NewValue"
_ = c.Update(context.TODO(), myCR)
You mentioned you're trying to move this functionality from a bash script to a Go controller, so it would be worth checking out the Kubebuilder project, which can scaffold out a controller for you (and any additional APIs you might need). It creates fully functional controllers with the controller-runtime Client and wires up all the reconciliation logic to manage your CRDs.

I am creating a CRD (securitycontextconstraint) as follows:
import(
v1 "github.com/openshift/api/security/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func (c *ClusterClient) CreateSCC() {
name := "ssc-test"
scc := v1.SecurityContextConstraints{
TypeMeta: metav1.TypeMeta{
Kind: "SecurityContextConstraints",
APIVersion: "security.openshift.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
},
RequiredDropCapabilities: []corev1.Capability{"KILL", "MKNOD", "SETUID", "SETGID"},
AllowHostPorts: false,
AllowPrivilegedContainer: false,
AllowHostDirVolumePlugin: false,
AllowHostIPC: false,
ReadOnlyRootFilesystem: false,
DefaultAddCapabilities: nil,
AllowHostPID: false,
AllowHostNetwork: false,
AllowedCapabilities: nil,
Volumes: []v1.FSType{v1.FSTypeConfigMap, v1.FSTypeDownwardAPI, v1.FSTypeEmptyDir, v1.FSTypePersistentVolumeClaim, v1.FSProjected, v1.FSTypeSecret},
SELinuxContext: v1.SELinuxContextStrategyOptions{
Type: v1.SELinuxStrategyMustRunAs,
},
RunAsUser: v1.RunAsUserStrategyOptions{
Type: v1.RunAsUserStrategyMustRunAsRange,
},
SupplementalGroups: v1.SupplementalGroupsStrategyOptions{
Type: v1.SupplementalGroupsStrategyRunAsAny,
},
Users: []string{},
Groups: []string{"system:authenticated"},
}
// To check if scc is already created or not
_, err := c.kubeClient.CoreV1().RESTClient().
Get().
AbsPath("/apis/security.openshift.io/v1/securitycontextconstraints/ssc-test").
DoRaw(context.Background())
// scc is not present in cluster
if err != nil {
//Creating SCC
_, err = c.kubeClient.CoreV1().RESTClient().
Post().
AbsPath("/apis/security.openshift.io/v1").
Resource("securitycontextconstraints").
// VersionedParams(&metav1.CreateOptions{}, scheme.ParameterCodec).
Body(&scc).
DoRaw(context.Background())
if err != nil {
fmt.Printf("Failed to create SecurityContextConstraints: %v\n", err)
// return Failure, err
}
fmt.Printf("Successfully created SecurityContextConstraints %s\n", name)
}
}

How to deserialize Kubernetes YAML file

How can I deserialize a Kubernetes YAML file into an Go struct? I took a look into the kubectl code, but somehow I get an error for every YAML file:
no kind "Deployment" is registered for version "apps/v1beta1"
This is an MWE:
package main
import (
"fmt"
"k8s.io/client-go/pkg/api"
)
var service = `
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: my-nginx
spec:
replicas: 2
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
`
func main() {
decode := api.Codecs.UniversalDecoder().Decode
//decode := api.Codecs.UniversalDeserializer().Decode
obj, _, err := decode([]byte(service), nil, nil)
if err != nil {
panic(err)
}
fmt.Printf("%#v\n", obj)
}
I am using client version 2.0.0. The glide.yaml looks like this:
package: test/stackoverflow
import:
- package: k8s.io/client-go
version: ^2.0.0
These are the references to kubectl:
https://github.com/kubernetes/kubernetes/blob/43ac38e29e6ecf83e78bc7c5d9f804310b051c95/pkg/kubectl/cmd/apply.go#L637
https://github.com/kubernetes/kubernetes/blob/43ac38e29e6ecf83e78bc7c5d9f804310b051c95/pkg/kubectl/cmd/util/factory_client_access.go#L205-L213
Unfortunately, the docs are very confusing to me, so I have no idea how to tackle this problem.
Edit:
This problem also exists with other resource types:
no kind "Service" is registered for version "v1"

You need to import _ "k8s.io/client-go/pkg/apis/extensions/install" otherwise the schema is empty, see also docs.
The complete working example is:
$ go get -u github.com/golang/dep/cmd/dep
$ dep init
$ go run main.go
With the following main.go:
package main
import (
"fmt"
"k8s.io/client-go/pkg/api"
_ "k8s.io/client-go/pkg/api/install"
_ "k8s.io/client-go/pkg/apis/extensions/install"
)
var deployment = `
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-nginx
spec:
replicas: 2
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
`
func main() {
// decode := api.Codecs.UniversalDecoder().Decode
decode := api.Codecs.UniversalDeserializer().Decode
obj, _, err := decode([]byte(deployment), nil, nil)
if err != nil {
fmt.Printf("%#v", err)
}
fmt.Printf("%#v\n", obj)
}
Note that I also imported _ "k8s.io/client-go/pkg/api/install" for you so that you can use objects in v1 such as pods or services.
EDIT: Kudos to my colleague Stefan Schimanski who proposed the initial solution.

I've been using api machinery'sk8s.io/apimachinery/pkg/util/yaml to decode kubernete's deployment and service manifests.
import (
"fmt"
"bytes"
appsv1 "k8s.io/api/apps/v1"
k8Yaml "k8s.io/apimachinery/pkg/util/yaml"
)
...
d := &appsv1.Deployment{}
dec := k8Yaml.NewYAMLOrJSONDecoder(bytes.NewReader([]byte(deploymentManifest)), 1000)
if err := dec.Decode(&d); err != nil {
return nil, err
}
fmt.Printf("%+v", d)

import (
"fmt"
"gopkg.in/yaml.v2"
"log"
//corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime/serializer/json"
"k8s.io/client-go/kubernetes/scheme"
v1alpha1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
)
....
func ParseYaml2(yaml []byte) (v1alpha1.Application, error) {
// Create a YAML serializer. JSON is a subset of YAML, so is supported too.
s := json.NewYAMLSerializer(json.DefaultMetaFactory, scheme.Scheme,
scheme.Scheme)
// Decode the YAML to an object.
var app v1alpha1.Application
_, _, err := s.Decode(yaml, nil, &app)
if err != nil {
panic(err)
}
//fmt.Printf("%#v\n", app)
return app, err
}
---
go.mod
// https://github.com/argoproj/argo-cd/issues/4055
replace github.com/argoproj/argo-cd => github.com/argoproj/argo-cd v1.5.5
var yaml2 = []byte(`
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
...
var app v1alpha1.Application
app,err := ParseYaml2(yaml2)
// Types from https://github.com/argoproj/argo-cd/blob/master/pkg/apis/application/v1alpha1/types.go
fmt.Printf("--- t:\n%s\n\n", app.Spec.Source.Path)
fmt.Printf("--- t:\n%s\n\n", app.Spec.Source.Helm.ValueFiles)
----