1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
mod apis;
mod incluster_config;
mod kube_config;
mod utils;
use base64;
use failure::Error;
use reqwest::{header, Certificate, Client, Identity};
use self::kube_config::KubeConfigLoader;
#[derive(Clone)]
pub struct Configuration {
pub base_path: String,
pub client: Client,
}
impl Configuration {
pub fn new(base_path: String, client: Client) -> Self {
Configuration {
base_path: base_path.to_owned(),
client: client,
}
}
}
pub fn load_kube_config() -> Result<Configuration, Error> {
let kubeconfig = utils::kubeconfig_path()
.or_else(utils::default_kube_path)
.ok_or(format_err!("Unable to load kubeconfig"))?;
let loader = KubeConfigLoader::load(kubeconfig)?;
let mut client_builder = Client::builder();
let ca = loader.ca()?;
let req_ca = Certificate::from_der(&ca.to_der()?)?;
client_builder = client_builder.add_root_certificate(req_ca);
match loader.p12(" ") {
Ok(p12) => {
let req_p12 = Identity::from_pkcs12_der(&p12.to_der()?, " ")?;
client_builder = client_builder.identity(req_p12);
}
Err(_e) => {
if let Some(true) = loader.cluster.insecure_skip_tls_verify {
client_builder = client_builder.danger_accept_invalid_certs(true);
}
}
}
let mut headers = header::HeaderMap::new();
match (
utils::data_or_file(&loader.user.token, &loader.user.token_file),
(loader.user.username, loader.user.password),
) {
(Ok(token), _) => {
headers.insert(
header::AUTHORIZATION,
header::HeaderValue::from_str(&format!("Bearer {}", token))?,
);
}
(_, (Some(u), Some(p))) => {
let encoded = base64::encode(&format!("{}:{}", u, p));
headers.insert(
header::AUTHORIZATION,
header::HeaderValue::from_str(&format!("Basic {}", encoded))?,
);
}
_ => {}
}
let client_builder = client_builder.default_headers(headers);
Ok(Configuration::new(
loader.cluster.server,
client_builder.build()?,
))
}
pub fn incluster_config() -> Result<Configuration, Error> {
let server = incluster_config::kube_server().ok_or(format_err!(
"Unable to load incluster config, {} and {} must be defined",
incluster_config::SERVICE_HOSTENV,
incluster_config::SERVICE_PORTENV
))?;
let ca = incluster_config::load_cert()?;
let req_ca = Certificate::from_der(&ca.to_der()?)?;
let token = incluster_config::load_token()?;
let mut headers = header::HeaderMap::new();
headers.insert(
header::AUTHORIZATION,
header::HeaderValue::from_str(&format!("Bearer {}", token))?,
);
let client_builder = Client::builder()
.add_root_certificate(req_ca)
.default_headers(headers);
Ok(Configuration::new(server, client_builder.build()?))
}