io.fabric8.kubernetes.api.model.SecretVolumeSource Java Examples
The following examples show how to use
io.fabric8.kubernetes.api.model.SecretVolumeSource.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: KubernetesDockerRunnerTest.java From styx with Apache License 2.0 | 6 votes |
|
@Test
public void shouldEnsureAndMountServiceAccountSecret() throws IOException {
when(serviceAccountSecretManager.ensureServiceAccountKeySecret(
WORKFLOW_INSTANCE.workflowId().toString(), SERVICE_ACCOUNT)).thenReturn(SERVICE_ACCOUNT_SECRET);
kdr.start(RUN_STATE, RUN_SPEC_WITH_SA);
verify(serviceAccountSecretManager).ensureServiceAccountKeySecret(
WORKFLOW_INSTANCE.workflowId().toString(), SERVICE_ACCOUNT);
verify(k8sClient).createPod(podCaptor.capture());
final Pod pod = podCaptor.getValue();
final Optional<SecretVolumeSource> serviceAccountSecretVolume = pod.getSpec().getVolumes().stream()
.map(Volume::getSecret)
.filter(Objects::nonNull)
.filter(v -> SERVICE_ACCOUNT_SECRET.equals(v.getSecretName()))
.findAny();
assertThat(serviceAccountSecretVolume.isPresent(), is(true));
}
Example #2
| Source File: VolumeUtils.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
/**
* Creates a secret volume
*
* @param name Name of the Volume
* @param secretName Name of the Secret
* @param isOpenshift true if underlying cluster OpenShift
* @return The Volume created
*/
public static Volume createSecretVolume(String name, String secretName, boolean isOpenshift) {
String validName = getValidVolumeName(name);
int mode = 0444;
if (isOpenshift) {
mode = 0440;
}
SecretVolumeSource secretVolumeSource = new SecretVolumeSourceBuilder()
.withDefaultMode(mode)
.withSecretName(secretName)
.build();
Volume volume = new VolumeBuilder()
.withName(validName)
.withSecret(secretVolumeSource)
.build();
log.trace("Created secret Volume named '{}' with source secret '{}'", validName, secretName);
return volume;
}
Example #3
| Source File: SecretVolume.java From kubernetes-plugin with Apache License 2.0 | 6 votes |
|
@Override
public Volume buildVolume(String volumeName) {
SecretVolumeSource secretVolumeSource = new SecretVolumeSource();
secretVolumeSource.setSecretName(getSecretName());
secretVolumeSource.setOptional(getOptional());
if (StringUtils.isNotBlank(defaultMode)) {
secretVolumeSource.setDefaultMode(Integer.parseInt(getDefaultMode()));
}
return new VolumeBuilder()
.withName(volumeName)
.withNewSecretLike(secretVolumeSource)
.endSecret()
.build();
}
Example #4
| Source File: TillerInstaller.java From microbean-helm with Apache License 2.0 | 5 votes |
|
protected DeploymentSpec createDeploymentSpec(final int replicas,
final Map<String, String> labels,
final Map<String, String> nodeSelector,
String serviceAccountName,
final String imageName,
final ImagePullPolicy imagePullPolicy,
final int maxHistory,
final String namespace,
final boolean hostNetwork,
final boolean tls,
final boolean verifyTls) {
final DeploymentSpec deploymentSpec = new DeploymentSpec();
deploymentSpec.setReplicas(Math.max(1, replicas));
final PodTemplateSpec podTemplateSpec = new PodTemplateSpec();
final ObjectMeta metadata = new ObjectMeta();
metadata.setLabels(normalizeLabels(labels));
podTemplateSpec.setMetadata(metadata);
final PodSpec podSpec = new PodSpec();
serviceAccountName = normalizeServiceAccountName(serviceAccountName);
podSpec.setServiceAccountName(serviceAccountName);
podSpec.setContainers(Arrays.asList(this.createContainer(imageName, imagePullPolicy, maxHistory, namespace, tls, verifyTls)));
podSpec.setHostNetwork(Boolean.valueOf(hostNetwork));
if (nodeSelector != null && !nodeSelector.isEmpty()) {
podSpec.setNodeSelector(nodeSelector);
}
if (tls) {
final Volume volume = new Volume();
volume.setName(DEFAULT_NAME + "-certs");
final SecretVolumeSource secretVolumeSource = new SecretVolumeSource();
secretVolumeSource.setSecretName(SECRET_NAME);
volume.setSecret(secretVolumeSource);
podSpec.setVolumes(Arrays.asList(volume));
}
podTemplateSpec.setSpec(podSpec);
deploymentSpec.setTemplate(podTemplateSpec);
final LabelSelector selector = new LabelSelector();
selector.setMatchLabels(labels);
deploymentSpec.setSelector(selector);
return deploymentSpec;
}
Example #5
| Source File: VolumeUtils.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
/**
* Creates a secret volume with given items
*
* @param name Name of the Volume
* @param secretName Name of the Secret
* @param items contents of the Secret
* @param isOpenshift true if underlying cluster OpenShift
* @return The Volume created
*/
public static Volume createSecretVolume(String name, String secretName, Map<String, String> items, boolean isOpenshift) {
String validName = getValidVolumeName(name);
int mode = 0444;
if (isOpenshift) {
mode = 0440;
}
List<KeyToPath> keysPaths = new ArrayList<>();
for (Map.Entry<String, String> item : items.entrySet()) {
KeyToPath keyPath = new KeyToPathBuilder()
.withNewKey(item.getKey())
.withNewPath(item.getValue())
.build();
keysPaths.add(keyPath);
}
SecretVolumeSource secretVolumeSource = new SecretVolumeSourceBuilder()
.withDefaultMode(mode)
.withSecretName(secretName)
.withItems(keysPaths)
.build();
Volume volume = new VolumeBuilder()
.withName(validName)
.withSecret(secretVolumeSource)
.build();
log.trace("Created secret Volume named '{}' with source secret '{}'", validName, secretName);
return volume;
}
Example #6
| Source File: ExternalConfigurationVolumeSource.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Description("Reference to a key in a Secret. " +
"Exactly one Secret or ConfigMap has to be specified.")
@KubeLink(group = "core", version = "v1", kind = "secretvolumesource")
@JsonInclude(value = JsonInclude.Include.NON_NULL)
public SecretVolumeSource getSecret() {
return secret;
}
Example #7
| Source File: CertificateProvisionerTest.java From che with Eclipse Public License 2.0 | 5 votes |
|
private void verifyVolumeIsPresent(Pod pod) {
List<Volume> podVolumes = pod.getSpec().getVolumes();
assertEquals(podVolumes.size(), 1);
Volume certVolume = podVolumes.get(0);
assertEquals(certVolume.getName(), CHE_SELF_SIGNED_CERT_VOLUME);
SecretVolumeSource volumeSecret = certVolume.getSecret();
assertNotNull(volumeSecret);
assertEquals(volumeSecret.getSecretName(), EXPECTED_CERT_NAME);
}
Example #8
| Source File: KubernetesDockerRunner.java From styx with Apache License 2.0 | 4 votes |
|
@VisibleForTesting
static Pod createPod(WorkflowInstance workflowInstance,
RunSpec runSpec,
KubernetesSecretSpec secretSpec,
String styxEnvironment) {
final String imageWithTag = runSpec.imageName().contains(":")
? runSpec.imageName()
: runSpec.imageName() + ":latest";
final String executionId = runSpec.executionId();
final PodBuilder podBuilder = new PodBuilder()
.withNewMetadata()
.withName(executionId)
.addToAnnotations(STYX_WORKFLOW_INSTANCE_ANNOTATION, workflowInstance.toKey())
.addToAnnotations(DOCKER_TERMINATION_LOGGING_ANNOTATION,
String.valueOf(runSpec.terminationLogging()))
.endMetadata();
final PodSpecBuilder specBuilder = new PodSpecBuilder()
.withRestartPolicy("Never");
final ResourceRequirementsBuilder resourceRequirements = new ResourceRequirementsBuilder();
runSpec.memRequest().ifPresent(s -> resourceRequirements.addToRequests("memory", new Quantity(s)));
runSpec.memLimit().ifPresent(s -> resourceRequirements.addToLimits("memory", new Quantity(s)));
final ContainerBuilder mainContainerBuilder = new ContainerBuilder()
.withName(MAIN_CONTAINER_NAME)
.withImage(imageWithTag)
.withArgs(runSpec.args())
.withEnv(buildEnv(workflowInstance, runSpec, styxEnvironment))
.withResources(resourceRequirements.build());
secretSpec.serviceAccountSecret().ifPresent(serviceAccountSecret -> {
final SecretVolumeSource saVolumeSource = new SecretVolumeSourceBuilder()
.withSecretName(serviceAccountSecret)
.build();
final Volume saVolume = new VolumeBuilder()
.withName(STYX_WORKFLOW_SA_SECRET_NAME)
.withSecret(saVolumeSource)
.build();
specBuilder.addToVolumes(saVolume);
final VolumeMount saMount = new VolumeMountBuilder()
.withMountPath(STYX_WORKFLOW_SA_SECRET_MOUNT_PATH)
.withName(saVolume.getName())
.withReadOnly(true)
.build();
mainContainerBuilder.addToVolumeMounts(saMount);
mainContainerBuilder.addToEnv(envVar(STYX_WORKFLOW_SA_ENV_VARIABLE,
saMount.getMountPath() + STYX_WORKFLOW_SA_JSON_KEY));
});
secretSpec.customSecret().ifPresent(secret -> {
final SecretVolumeSource secretVolumeSource = new SecretVolumeSourceBuilder()
.withSecretName(secret.name())
.build();
final Volume secretVolume = new VolumeBuilder()
.withName(secret.name())
.withSecret(secretVolumeSource)
.build();
specBuilder.addToVolumes(secretVolume);
final VolumeMount secretMount = new VolumeMountBuilder()
.withMountPath(secret.mountPath())
.withName(secretVolume.getName())
.withReadOnly(true)
.build();
mainContainerBuilder.addToVolumeMounts(secretMount);
});
specBuilder.addToContainers(mainContainerBuilder.build());
specBuilder.addToContainers(keepaliveContainer());
podBuilder.withSpec(specBuilder.build());
return podBuilder.build();
}
Example #9
| Source File: ExternalConfigurationVolumeSource.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
public void setSecret(SecretVolumeSource secret) {
this.secret = secret;
}
