Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Writing Kubenetes tools in Go
Search
Daisuke Fujita
June 20, 2016
Programming
1
3.5k
Writing Kubenetes tools in Go
Kubernetes Meetup Tokyo #2
http://k8sjp.connpass.com/event/33508/
の発表資料です
Daisuke Fujita
June 20, 2016
Tweet
Share
More Decks by Daisuke Fujita
See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
dtan4
0
170
Our Practices of Delegating Ownership in Microservices World
dtan4
4
8.8k
Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform
dtan4
3
4.5k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
dtan4
1
1.8k
Wantedly から Chef を一掃した話 / #chibadan
dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
dtan4
6
7.1k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
dtan4
19
3.9k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
dtan4
1
8.3k
最近の wercker 便利って話 #tqrk10
dtan4
2
930
Other Decks in Programming
See All in Programming
CI改善もDatadogとともに
taumu
0
110
なぜイベント駆動が必要なのか - CQRS/ESで解く複雑系システムの課題 -
j5ik2o
7
2.5k
GAEログのコスト削減
mot_techtalk
0
110
AIの力でお手軽Chrome拡張機能作り
taiseiue
0
170
Multi Step Form, Decentralized Autonomous Organization
pumpkiinbell
1
660
お前もAI鬼にならないか?👹Bolt & Cursor & Supabase & Vercelで人間をやめるぞ、ジョジョー!👺
taishiyade
5
3.8k
Unity Android XR入門
sakutama_11
0
140
[Fin-JAWS 第38回 ~re:Invent 2024 金融re:Cap~]FaultInjectionServiceアップデート@pre:Invent2024
shintaro_fukatsu
0
400
技術を根付かせる / How to make technology take root
kubode
1
240
Honoをフロントエンドで使う 3つのやり方
yusukebe
4
2.1k
『GO』アプリ データ基盤のログ収集システムコスト削減
mot_techtalk
0
110
昭和の職場からアジャイルの世界へ
kumagoro95
1
350
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
Automating Front-end Workflow
addyosmani
1367
200k
Designing for Performance
lara
604
68k
Raft: Consensus for Rubyists
vanstee
137
6.8k
Writing Fast Ruby
sferik
628
61k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Code Review Best Practice
trishagee
66
17k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Being A Developer After 40
akosma
89
590k
Mobile First: as difficult as doing things right
swwweet
223
9.3k
Done Done
chrislema
182
16k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Transcript
Writing Kubernetes tools in Go ,VCFSOFUFT.FFUVQ5PLZP %BJTVLF'VKJUB!EUBO
Daisuke Fujita @dtan4
$ k8sec CLI tool to manage Kubernetes Secrets easily
k8sec • Kubernetes Secret Λखܰʹ͍͡Δπʔϧ • Interface like Heroku CLI
(heroku config) • Written in Go dtan4/k8sec $ k8sec <command> \ [--kubeconfig KUBECONFIG] \ [--namespace NAMESPACE] \ ARGS
Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷڥมʹ͍͍ͨ • kubectl ͰΔͱ໘ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
k8sec $ k8sec list rails NAME TYPE KEY VALUE rails
Opaque database-url "postgres://example.com:5432/dbname" # Show values as base64-encoded string $ k8sec list --base64 rails NAME TYPE KEY VALUE rails Opaque database-url cG9zdGdyZXM6Ly9leGFtcGxlLmNvbTo1NDMyL2RibmFtZQ== Ұཡදࣔ list dtan4/k8sec
k8sec # Set secret $ k8sec set rails rails-env=production rails
# Pass base64-encoded value $ echo dtan4 | base64 ZHRhbjQK $ k8sec set --base64 rails foo=ZHRhbjQK rails $ k8sec list rails NAME TYPE KEY VALUE rails Opaque database-url "postgres://example.com:5432/dbname" rails Opaque foo "dtan4\n" # Unset secret $ k8sec unset rails rails-env ઃఆɺղআ set,unset dtan4/k8sec
k8sec # Save as .env $ k8sec save -f .env
rails $ cat .env database-url="postgres://example.com:5432/dbname" # Load .env $ k8sec load -f .env rails LFZWBMVFFOW load,save dtan4/k8sec
Why k8sec? • Secret ΛΞϓϦέʔγϣϯͷڥมʹ͍͍ͨ • kubectl ͰΔͱ໘ͩͬͨ • kubectl
ͩͱҰൃͰ list, update Ͱ͖ͳ͍ • Ұ YAML ʹు͍ͯ replace http://kubernetes.io/docs/user-guide/secrets/#using-secrets-as-environment-variables $ kubectl create secret generic my-secret \ --from-literal=key1=supersecret \ --from-literal=key2=topsecret $ kubectl get secret registrykey -o json \ | jq -r '.data[".dockercfg"]' | base64 -D
kubectl • ສೳʂ • API ͬͨΓͳͷͰɺ࣮ӡ༻Ͱ͍ʹ͍͘෦ • ඇӡ༻ଆ (e.g. Rails
developer) ͕৮Δʹ ֶशίετ͕ߴ͍…ʁ => ࣗͨͪͷཁٻʹదͨ͠ wrapper Λ࡞Ζ͏
kubectl wrapper • ଞݴޠ͔Β kubectl ίϚϯυΛୟ͘ͷ εϚʔτ͡Όͳ͍ • kubectl ͬͯཁ͢Δʹ
Kubernetes API ΫϥΠΞϯτͰ͢ΑͶ • API Λୟ͘Α͏ʹ͢Ε͍͍ͷͰ…ʁ
Kubernetes API Client Library https://github.com/kubernetes/kubernetes/blob/master/docs/devel/client-libraries.md
k8s.io/kubernetes/pkg/client Official Kubernetes API client library
API ΫϥΠΞϯτ࡞ loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile loader :=
clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{}) clientConfig, err := loader.ClientConfig() if err != nil { return nil, err } kubeClient, err := client.New(clientConfig) if err != nil { return nil, err } import ( "k8s.io/kubernetes/pkg/api" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" )
API ΫϥΠΞϯτ࡞ loadingRules.ExplicitPath = clientcmd.RecommendedHomeFile • loadingRules.ExplicitPath ʹ ίϯϑΟάϑΝΠϧͷύεΛࢦఆ •
RecommendedHomeFile == ~/.kube/config https://github.com/kubernetes/kubernetes/blob/master/pkg/client/unversioned/clientcmd/loader.go
API ݺͼग़͠ pods, err := kubeClient.Pods(api.NamespaceDefault).List(api.ListOptions{}) • ·ͣ Pods, Secret
ͷΑ͏ʹϦιʔεࢦఆ w Ҿ/BNFTQBDF • api.NamespaceDefault == "default" • api.NamespaceSystem == "system" w ϦιʔεʹνΣΠϯͯ͠ૢ࡞Λࢦఆ • Get(name), List kubeClient.<resource>.<operation> https://github.com/kubernetes/kubernetes/blob/4a78db61370df83a37957490749f7d171b00c28a/pkg/api/types.go#L154-L161
Pod ҰཡΛग़ྗ for _, pod := range pods.Items { fmt.Println(pod.Name)
} hello-world-e2d3x wordpress-mysql-488205646-t6v4k
ҙ • k8s.io/kubernetes Kubernetes ຊମͷϦϙδτϦ ͳͷͰɺͰ͔ͯ͘ॏ͍ (400 Mbyte ~)
• github.com/docker/docker ґଘͯ͠Δ • Godeps Έ͍ͨʹ vendoring ΛϦϙδτϦʹؚΊΔ ߹ཁҙ • glide ͓͏ • kubectl ͷιʔε (pkg/kubectl) Λಡ͏
·ͱΊ • Secret Λ؆୯ʹѻ͑Δ k8sec ͱ͍͏πʔϧΛ ࡞Γ·ͨ͠ • Go ͷ
API client library ΛͬͯɺKubernetes Λ ૢ࡞͢Δํ๏Λհ͠·ͨ͠ • ܅͚ͩͷ Kubernetes tool Λ࡞Ζ͏