gatekeeper
gatekeeper copied to clipboard
open-policy-agent
Go client
[A clear and concise description of what you want to happen.] I'm trying to write a simple go program which checks if a constrainttemplate has been created or not in a cluster from within a pod in the cluster. (based of .status.created field of the constrainttemplate) However I could'nt find any go client for constrainttemplate using which I can query exisiting constraintttemplates in the cluster
- Gatekeeper version: 3.7.1
- Kubernetes version: (use
kubectl version): 1.21
Not 100% sure what you're looking for here? Can you use the controller-runtime client library?
Here is an example of it being used by the constraint template controller:
https://github.com/open-policy-agent/gatekeeper/blob/0ff57f637f00bd233e07fe53f8c3fd6587d0876b/pkg/controller/constrainttemplate/constrainttemplate_controller.go#L268-L279
I want a client (k8sclient) like below to fetch constrainttemplates crd's in the cluster
ctx := context.Background()
k8sConfig, err := rest.InClusterConfig()
if err != nil {
return fmt.Errorf("initializing Kubernetes in-cluster config: %w", err)
}
k8sClient, err := kubernetes.NewForConfig(k8sConfig)
if err != nil {
return fmt.Errorf("initializing Kubernetes client: %w", err)
}
fmt.Print(k8sClient.AppsV1().Deployments("test").Get(ctx, "test", metav1.GetOptions{}))
Ah, I'm not sure non-core K8s stuff uses that style of client.
If you are really wanting to run inside the cluster, that is essentially a controller, I'd consider following the Kubebuilder Book to create the controller. The client for that should work just like Gatekeeper's client (linked above), and you'd be creating a controller that watches constraint templates (you can use our constraint template structs to generate typed clients/watches... be sure to add them to your schema).
If you want to use controller-runtime, you can follow these instructions to create a manager:
https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/manager#example-New
Then call manager.GetClient() for a standard client (which will establish watches and read from a cache... good for reducing load if you are polling client.Get() to look for changes, though really you should watch directly if you're doing that, more on that below)
manager.GetAPIReader() will return a client that calls out directly to the cluster every time.
manager.GetCache() returns the informer cache, which you can use to create a watch by calling GetInformer() and then AddEventHandler().
If you want to use client-go, you can use the dynamic client:
https://github.com/kubernetes/client-go/tree/master/examples/dynamic-create-update-delete-deployment
but that works with unstructured objects, which are a bit more cumbersome, but not too bad.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.