mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-07 00:17:13 +00:00
3e2894b6fa
* integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
30 lines
779 B
Go
30 lines
779 B
Go
package kube
|
|
|
|
import (
|
|
"context"
|
|
"crypto/x509"
|
|
"fmt"
|
|
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
"google.golang.org/grpc/credentials"
|
|
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/client-go/kubernetes"
|
|
)
|
|
|
|
func FetchCert(
|
|
ctx context.Context,
|
|
certs string,
|
|
kubeClient kubernetes.Interface) (credentials.TransportCredentials, error) {
|
|
secret, err := kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).Get(ctx, certs, v1.GetOptions{})
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error fetching certificate from secret")
|
|
}
|
|
|
|
cp := x509.NewCertPool()
|
|
if !cp.AppendCertsFromPEM(secret.Data["ca.pem"]) {
|
|
return nil, fmt.Errorf("credentials: failed to append certificates")
|
|
}
|
|
|
|
transportCreds := credentials.NewClientTLSFromCert(cp, "")
|
|
return transportCreds, nil
|
|
}
|