| Gabriel Cuba | f734996 | 2023-04-26 12:01:25 -0500 | [diff] [blame] | 1 | from kubernetes import client, config |
| 2 | from kubernetes.client.rest import ApiException |
| 3 | |
| 4 | |
| 5 | def get_secret_data(name) -> dict: |
| 6 | # assume that we are executing in a kubernetes pod |
| 7 | try: |
| 8 | config.load_incluster_config() |
| 9 | except config.ConfigException: |
| 10 | # we are not running in kubernetes |
| 11 | return {} |
| 12 | # Read the namespace from the service account |
| garciadeblas | 43fc935 | 2024-07-09 14:30:44 +0200 | [diff] [blame^] | 13 | current_namespace = open( |
| 14 | "/var/run/secrets/kubernetes.io/serviceaccount/namespace" |
| 15 | ).read() |
| Gabriel Cuba | f734996 | 2023-04-26 12:01:25 -0500 | [diff] [blame] | 16 | |
| 17 | v1 = client.CoreV1Api() |
| 18 | try: |
| 19 | secret = v1.read_namespaced_secret(name, current_namespace) |
| 20 | except ApiException as e: |
| Gabriel Cuba | 66df14d | 2023-06-29 03:20:20 -0500 | [diff] [blame] | 21 | if e.reason in ("Not Found", "Forbidden"): |
| 22 | # Backwards compatibility: we run in k8s but certs don't exist, or we are running in a different namespace |
| Gabriel Cuba | f734996 | 2023-04-26 12:01:25 -0500 | [diff] [blame] | 23 | return {} |
| 24 | else: |
| 25 | raise |
| 26 | return secret.data |