[Configuration]Support configuration for X509 client certificate in k…

…ube config file
kubernetes-client · Apr 5, 2020 · 705a605 · 705a605
1 parent d9ae510
commit 705a605
Show file tree

Hide file tree

Showing 12 changed files with 1,254 additions and 123 deletions.
diff --git a/code-check/code-static-check.sh b/code-check/code-static-check.sh
@@ -0,0 +1,5 @@
+# Usage: 
+# sh ./code-static-check.sh ${source_dir}
+
+cppcheck --enable=all $*
+
diff --git a/examples/create_pod/Makefile b/examples/create_pod/Makefile
@@ -1,5 +1,5 @@
-INCLUDE:=-I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api
-LIBS:=-L../../kubernetes/build -lkubernetes -lcurl -lpthread -lssl -lz
+INCLUDE:=-I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api -I../../kubernetes/config
+LIBS:=-L../../kubernetes/build -lkubernetes -lcurl -lyaml -lpthread -lssl -lz
 CFLAGS:=-g
 
 all:

diff --git a/examples/create_pod/main.c b/examples/create_pod/main.c
@@ -1,22 +1,10 @@
+#include <kube_config.h>
 #include <apiClient.h>
 #include <CoreV1API.h>
 #include <malloc.h>
 #include <stdio.h>
 #include <errno.h>
 
-// kubectl proxy server
-#define K8S_APISERVER_BASEPATH "http://localhost:8001"
-
-// Alternately from within a Kubernetes cluster:
-// #define K8S_APISERVER_BASEPATH https://your.server.here
-
-#define K8S_TOKEN_FILE_IN_CLUSTER "/var/run/secrets/kubernetes.io/serviceaccount/token"
-#define K8S_TOKEN_BUF_SIZE 1024
-#define K8S_AUTH_KEY "Authorization"
-#define K8S_AUTH_VALUE_TEMPLATE "Bearer %s"
-
-apiClient_t *g_k8sAPIConnector;
-
 void create_a_pod(apiClient_t * apiClient)
 {
     char *namespace = "default";
@@ -54,57 +42,34 @@ void create_a_pod(apiClient_t * apiClient)
     v1_pod_free(apod);
 }
 
-int loadK8sConfigInCluster(char *token, int token_buf_size)
-{
-    static char fname[] = "loadK8sConfigInCluster()";
-
-    FILE *fp;
-    fp = fopen(K8S_TOKEN_FILE_IN_CLUSTER, "r");
-
-    if (fp == NULL) {
-        if (errno == ENOENT) {
-            printf("%s: The file %s does not exist.", fname, K8S_TOKEN_FILE_IN_CLUSTER);
-            return (-1);
-        } else {
-            printf("%s: Failed to open file %s.", fname, K8S_TOKEN_FILE_IN_CLUSTER);
-            return (-1);
-        }
-    }
-
-    while (fgets(token, token_buf_size, fp) != NULL) {
-        ;
-    }
-
-    printf("%s\n", token);
-
-    fclose(fp);
-
-    return 0;
-}
-
-int init_k8s_connector(const char *token_out_of_cluster)
+int main(int argc, char *argv[])
 {
-    list_t *apiKeys;
-    apiKeys = list_create();
-
-    char *keyToken = strdup(K8S_AUTH_KEY);
 
-    char valueToken[K8S_TOKEN_BUF_SIZE];
-    memset(valueToken, 0, sizeof(valueToken));
+    int rc = 0;
 
-    sprintf(valueToken, K8S_AUTH_VALUE_TEMPLATE, token_out_of_cluster);
+    char *baseName = NULL;
+    sslConfig_t *sslConfig = NULL;
+    list_t *apiKeys = NULL;
+    apiClient_t *k8sApiClient = NULL;
 
-    keyValuePair_t *keyPairToken = keyValuePair_create(keyToken, valueToken);
-    list_addElement(apiKeys, keyPairToken);
+    rc = load_kube_config(&baseName, &sslConfig, &apiKeys, NULL);
+    if (0 == rc) {
+        k8sApiClient = apiClient_create_with_base_path(baseName, sslConfig, apiKeys);
+    } else {
+        printf("Cannot load kubernetes configuration.\n");
+        return -1;
+    }
 
-    g_k8sAPIConnector = apiClient_create_with_base_path(K8S_APISERVER_BASEPATH, NULL, apiKeys);
-}
+    if (k8sApiClient) {
+        create_a_pod(k8sApiClient);
+    }
 
-int main(int argc, char *argv[])
-{
-    init_k8s_connector(argv[1]);
+    free_client_config(baseName, sslConfig, apiKeys);
+    baseName = NULL;
+    sslConfig = NULL;
+    apiKeys = NULL;
 
-    create_a_pod(g_k8sAPIConnector);
+    apiClient_free(k8sApiClient);
+    k8sApiClient = NULL;
 
-    apiClient_free(g_k8sAPIConnector);
 }
diff --git a/examples/list_pod/Makefile b/examples/list_pod/Makefile
@@ -1,5 +1,5 @@
-INCLUDE:=-I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api
-LIBS:=-L../../kubernetes/build -lkubernetes -lcurl -lpthread -lssl -lz
+INCLUDE:=-I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api -I../../kubernetes/config
+LIBS:=-L../../kubernetes/build -lkubernetes -lcurl -lyaml -lpthread -lssl -lz
 CFLAGS:=-g
 
 all:

diff --git a/examples/list_pod/main.c b/examples/list_pod/main.c
@@ -1,22 +1,10 @@
+#include <kube_config.h>
 #include <apiClient.h>
 #include <CoreV1API.h>
 #include <malloc.h>
 #include <stdio.h>
 #include <errno.h>
 
-// kubectl proxy server
-#define K8S_APISERVER_BASEPATH "http://localhost:8001"
-
-// Alternately from within a Kubernetes cluster:
-// #define K8S_APISERVER_BASEPATH https://your.server.here
-
-#define K8S_TOKEN_FILE_IN_CLUSTER "/var/run/secrets/kubernetes.io/serviceaccount/token"
-#define K8S_TOKEN_BUF_SIZE 1024
-#define K8S_AUTH_KEY "Authorization"
-#define K8S_AUTH_VALUE_TEMPLATE "Bearer %s"
-
-apiClient_t *g_k8sAPIConnector;
-
 void list_pod(apiClient_t * apiClient)
 {
     v1_pod_list_t *pod_list = NULL;
@@ -31,71 +19,48 @@ void list_pod(apiClient_t * apiClient)
                                            0,   /* timeoutSeconds */
                                            0    /* watch */
         );
-    printf("return code=%ld\n", apiClient->response_code);
+    printf("The return code of HTTP request=%ld\n", apiClient->response_code);
     if (pod_list) {
-        printf("Get pod list.\n");
+        printf("Get pod list:\n");
         listEntry_t *listEntry = NULL;
         v1_pod_t *pod = NULL;
         list_ForEach(listEntry, pod_list->items) {
             pod = listEntry->data;
-            printf("pod name=%s\n", pod->metadata->name);
+            printf("\tThe pod name: %s\n", pod->metadata->name);
         }
     } else {
-        printf("Cannot list any pod.\n");
+        printf("Cannot get any pod.\n");
     }
 }
 
-int loadK8sConfigInCluster(char *token, int token_buf_size)
+int main(int argc, char *argv[])
 {
-    static char fname[] = "loadK8sConfigInCluster()";
+    int rc = 0;
 
-    FILE *fp;
-    fp = fopen(K8S_TOKEN_FILE_IN_CLUSTER, "r");
+    char *baseName = NULL;
+    sslConfig_t *sslConfig = NULL;
+    list_t *apiKeys = NULL;
+    apiClient_t *k8sApiClient = NULL;
 
-    if (fp == NULL) {
-        if (errno == ENOENT) {
-            printf("%s: The file %s does not exist.", fname, K8S_TOKEN_FILE_IN_CLUSTER);
-            return (-1);
-        } else {
-            printf("%s: Failed to open file %s.", fname, K8S_TOKEN_FILE_IN_CLUSTER);
-            return (-1);
-        }
+    rc = load_kube_config(&baseName, &sslConfig, &apiKeys, NULL);
+    if (0 == rc) {
+        k8sApiClient = apiClient_create_with_base_path(baseName, sslConfig, apiKeys);
+    } else {
+        printf("Cannot load kubernetes configuration.\n");
+        return -1;
     }
 
-    while (fgets(token, token_buf_size, fp) != NULL) {
-        ;
+    if (k8sApiClient) {
+        list_pod(k8sApiClient);
     }
 
-    printf("%s\n", token);
-
-    fclose(fp);
-
-    return 0;
-}
-
-int init_k8s_connector(const char *token_out_of_cluster)
-{
-    list_t *apiKeys;
-    apiKeys = list_create();
-
-    char *keyToken = strdup(K8S_AUTH_KEY);
-
-    char valueToken[K8S_TOKEN_BUF_SIZE];
-    memset(valueToken, 0, sizeof(valueToken));
-
-    sprintf(valueToken, K8S_AUTH_VALUE_TEMPLATE, token_out_of_cluster);
-
-    keyValuePair_t *keyPairToken = keyValuePair_create(keyToken, valueToken);
-    list_addElement(apiKeys, keyPairToken);
-
-    g_k8sAPIConnector = apiClient_create_with_base_path(K8S_APISERVER_BASEPATH, NULL, apiKeys);
-}
-
-int main(int argc, char *argv[])
-{
-    init_k8s_connector(argv[1]);
+    free_client_config(baseName, sslConfig, apiKeys);
+    baseName = NULL;
+    sslConfig = NULL;
+    apiKeys = NULL;
 
-    list_pod(g_k8sAPIConnector);
+    apiClient_free(k8sApiClient);
+    k8sApiClient = NULL;
 
-    apiClient_free(g_k8sAPIConnector);
+    return rc;
 }
diff --git a/kubernetes/CMakeLists.txt b/kubernetes/CMakeLists.txt
@@ -9,6 +9,7 @@ set(CMAKE_VISIBILITY_INLINES_HIDDEN OFF)
 set(CMAKE_BUILD_TYPE Debug)
 
 set(pkgName "kubernetes")
+ADD_DEFINITIONS(-DOPENSSL)
 
 find_package(CURL 7.58.0 REQUIRED)
 if(CURL_FOUND)
@@ -18,7 +19,11 @@ else(CURL_FOUND)
 	message(FATAL_ERROR "Could not find the CURL library and development files.")
 endif()
 
+
 set(SRCS
+    config/kube_config_model.c
+    config/kube_config_yaml.c
+    config/kube_config.c
     src/list.c
     src/apiKey.c
     src/apiClient.c
@@ -770,6 +775,9 @@ set(SRCS
 )
 
 set(HDRS
+    config/kube_config_model.h
+    config/kube_config_yaml.h
+    config/kube_config.h
     include/apiClient.h
     include/list.h
     include/keyValuePair.h