Add client TLS to gRPC server

commit: f7349965496f50481873d7a043ac06d8ef45fc12 [log] [tgz]
author: Gabriel Cuba <gcuba@whitestack.com> Wed Apr 26 12:01:25 2023 -0500
committer: Gabriel Cuba <gcuba@whitestack.com> Wed Apr 26 12:01:25 2023 -0500
tree: 8cd0754fc36b7f5748381fdaff173b6255ff9b29
parent: a1c09667d45cd740e4c80448f1f0b72a39a48fdb [diff] [blame]
diff --git a/osm_ee/util/util_kubernetes.py b/osm_ee/util/util_kubernetes.py
new file mode 100644
index 0000000..d4594d9
--- /dev/null
+++ b/osm_ee/util/util_kubernetes.py

@@ -0,0 +1,23 @@
+from kubernetes import client, config
+from kubernetes.client.rest import ApiException
+
+
+def get_secret_data(name) -> dict:
+    # assume that we are executing in a kubernetes pod
+    try:
+        config.load_incluster_config()
+    except config.ConfigException:
+        # we are not running in kubernetes
+        return {}
+    # Read the namespace from the service account
+    current_namespace = open("/var/run/secrets/kubernetes.io/serviceaccount/namespace").read()
+
+    v1 = client.CoreV1Api()
+    try:
+        secret = v1.read_namespaced_secret(name, current_namespace)
+    except ApiException as e:
+        if e.reason == 'Not Found':  # Backwards compatibility: we run in k8s but certs don't exist
+            return {}
+        else:
+            raise
+    return secret.data
commit	f7349965496f50481873d7a043ac06d8ef45fc12	[log] [tgz]
author	Gabriel Cuba <gcuba@whitestack.com>	Wed Apr 26 12:01:25 2023 -0500
committer	Gabriel Cuba <gcuba@whitestack.com>	Wed Apr 26 12:01:25 2023 -0500
tree	8cd0754fc36b7f5748381fdaff173b6255ff9b29
parent	a1c09667d45cd740e4c80448f1f0b72a39a48fdb [diff] [blame]