Example 1 with CertificatesV1Api
use of io.kubernetes.client.openapi.apis.CertificatesV1Api in project java by kubernetes-client.
the class CSRUtils method waitUntilCertificateSigned.
/**
* Wait until the CertificateSigningRequest is approved within a timeout of 30 minutes.
*
* @param apiClient the api client
* @param csrObjectName the csr object name
* @param retryInterval the retry interval
* @param timeout the timeout
* @return the byte [ ]
* @throws CSRNotApprovedException the csr not approved exception
*/
public static byte[] waitUntilCertificateSigned(ApiClient apiClient, String csrObjectName, Duration retryInterval, Duration timeout) throws CSRNotApprovedException {
CertificatesV1Api api = new CertificatesV1Api(apiClient);
ScheduledExecutorService service = Executors.newSingleThreadScheduledExecutor();
try {
AtomicReference<byte[]> certRef = new AtomicReference<>();
boolean certificateSigned = Wait.poll(retryInterval, timeout, () -> {
try {
V1CertificateSigningRequest current = api.readCertificateSigningRequest(csrObjectName, null);
CSRUtils.getCertificate(current).ifPresent(cert -> certRef.set(cert));
return true;
} catch (ApiException e) {
LOG.info("Failed acquiring latest state of CertificateSigningRequest resource {} from the cluster", csrObjectName);
return false;
}
});
if (!certificateSigned) {
LOG.error("Timeout exceed but the CertificateSigningRequest {} is not approved", csrObjectName);
throw new CSRNotApprovedException("Timeout - CertificateSigningRequest not approved: " + csrObjectName);
}
LOG.info("Successfully acquired certificate from CertificateSigningRequest {}", csrObjectName);
return certRef.get();
} finally {
service.shutdown();
}
}
Also used :
ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService)
CSRNotApprovedException(io.kubernetes.client.util.exception.CSRNotApprovedException)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
V1CertificateSigningRequest(io.kubernetes.client.openapi.models.V1CertificateSigningRequest)
CertificatesV1Api(io.kubernetes.client.openapi.apis.CertificatesV1Api)
ApiException(io.kubernetes.client.openapi.ApiException)
Example 2 with CertificatesV1Api
use of io.kubernetes.client.openapi.apis.CertificatesV1Api in project java by kubernetes-client.
the class CSRUtils method createAndWaitUntilCertificateSigned.
/**
* Creates the given CertificateSigningRequest object if it doesn't exist, then waits until it's
* approved.
*
* <p>It's short-cut combo of CSRUtils#createIfAbsent and CSRUtils#waitUntilCertificateSigned
*
* @param bootstrapApiClient the bootstrap api client
* @param csr the csr
* @return the bytes of CSR [ ]
* @throws CSRNotApprovedException the csr not approved exception
* @throws ApiException the api exception
*/
public static byte[] createAndWaitUntilCertificateSigned(ApiClient bootstrapApiClient, V1CertificateSigningRequest csr) throws CSRNotApprovedException, ApiException {
// creates CSR or checks whether the existing one conflicts.
if (!CSRUtils.createIfAbsent(bootstrapApiClient, csr)) {
CertificatesV1Api api = new CertificatesV1Api(bootstrapApiClient);
V1CertificateSigningRequest existing = api.readCertificateSigningRequest(csr.getMetadata().getName(), null);
if (!CSRUtils.isIdentical(existing, csr)) {
LOG.error("Existing CertificateSigningRequest object is conflicting with the requesting object");
throw new IllegalStateException("Conflicting CSR object found in the cluster");
}
}
// wait until the certificates is approved.
return CSRUtils.waitUntilCertificateSigned(bootstrapApiClient, csr.getMetadata().getName());
}
Also used :
V1CertificateSigningRequest(io.kubernetes.client.openapi.models.V1CertificateSigningRequest)
CertificatesV1Api(io.kubernetes.client.openapi.apis.CertificatesV1Api)
Example 3 with CertificatesV1Api
use of io.kubernetes.client.openapi.apis.CertificatesV1Api in project java by kubernetes-client.
the class CSRUtils method approve.
/**
* Approves a CertificateSigningRequest by requesting "/approve" subresource.
*
* @param apiClient the api client
* @param csrObjName the csr obj name
* @throws ApiException the api exception
*/
public static void approve(ApiClient apiClient, String csrObjName) throws ApiException {
CertificatesV1Api api = new CertificatesV1Api(apiClient);
OffsetDateTime now = OffsetDateTime.now();
V1CertificateSigningRequest current = api.readCertificateSigningRequest(csrObjName, null);
current.getStatus().addConditionsItem(new V1CertificateSigningRequestCondition().type(V1CertificateSigningRequestCondition.TypeEnum.APPROVED).status("True").reason("Kubernetes Java Client").lastTransitionTime(now).lastUpdateTime(now));
api.replaceCertificateSigningRequestApproval(csrObjName, current, null, null, null, null);
}
Also used :
OffsetDateTime(java.time.OffsetDateTime)
V1CertificateSigningRequest(io.kubernetes.client.openapi.models.V1CertificateSigningRequest)
V1CertificateSigningRequestCondition(io.kubernetes.client.openapi.models.V1CertificateSigningRequestCondition)
CertificatesV1Api(io.kubernetes.client.openapi.apis.CertificatesV1Api)
Aggregations
CertificatesV1Api (io.kubernetes.client.openapi.apis.CertificatesV1Api)3
V1CertificateSigningRequest (io.kubernetes.client.openapi.models.V1CertificateSigningRequest)3
ApiException (io.kubernetes.client.openapi.ApiException)1
V1CertificateSigningRequestCondition (io.kubernetes.client.openapi.models.V1CertificateSigningRequestCondition)1
CSRNotApprovedException (io.kubernetes.client.util.exception.CSRNotApprovedException)1
OffsetDateTime (java.time.OffsetDateTime)1
ScheduledExecutorService (java.util.concurrent.ScheduledExecutorService)1
AtomicReference (java.util.concurrent.atomic.AtomicReference)1
