def update_route(route_fqdn, route_name, config, logger, watcher):
ipa_client = IPAClient(
ipa_user = config.get('ipa_user'),
ipa_password = config.get('ipa_password'),
ipa_url = config.get('ipa_url'),
ca_trust = config.get('ipa_ca_cert', False)
)
ipa_client.create_host(route_fqdn)
certificate, key = ipa_client.create_cert(route_fqdn, config.get('ipa_realm'))
logger.info("[CERT CREATED]: {0}".format(route_fqdn))
logger.debug("Cert: {0}\nKey: {1}\n".format(certificate, key.exportKey().decode('UTF-8')))
req = requests.patch('https://{0}/oapi/v1/namespaces/{1}/routes/{2}'.format(watcher.config.k8s_endpoint, watcher.config.k8s_namespace, route_name),
headers={'Authorization': 'Bearer {0}'.format(watcher.config.k8s_token), 'Content-Type':'application/strategic-merge-patch+json'},
data=json.dumps({'metadata': {'annotations': {'{0}.state'.format(config.get('need_cert_annotation')): 'created'}}, 'spec': {'tls': {'certificate': '-----BEGIN CERTIFICATE-----\n{0}\n-----END CERTIFICATE-----'.format(
'\n'.join(certificate[i:i+65] for i in six.moves.range(0, len(certificate), 65))),
'key': '{0}'.format(key.exportKey('PEM').decode('UTF-8'))}}}),
params="", verify=watcher.config.k8s_ca)
logger.info("[ROUTE UPDATED]: {0}".format(route_fqdn))
评论列表
文章目录