mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/pkg/utils/tls/cert.go
Charles-Edouard Brétéché 5ec66918f6
feat: add subresource support to resource filters (#6780) 
* feat: add subresource support to resource filters

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* filter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* values

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-05 13:51:07 +00:00

31 lines
788 B
Go
Raw Permalink Blame History

package tls
import (
"context"
"crypto/x509"
"fmt"
"github.com/kyverno/kyverno/pkg/config"
"google.golang.org/grpc/credentials"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)
func FetchCert(
ctx context.Context,
certs string,
kubeClient kubernetes.Interface,
) (credentials.TransportCredentials, error) {
secret, err := kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).Get(ctx, certs, metav1.GetOptions{})
if err != nil {
return nil, fmt.Errorf("error fetching certificate from secret")
}
cp := x509.NewCertPool()
if !cp.AppendCertsFromPEM(secret.Data["ca.pem"]) {
return nil, fmt.Errorf("credentials: failed to append certificates")
}
transportCreds := credentials.NewClientTLSFromCert(cp, "")
return transportCreds, nil
}
View git blame Copy permalink