Dana Pieluszczak danajp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| irb(main):001:0> require "kubeclient" | |
| => true | |
| irb(main):002:0> config = Kubeclient::Config.read("/home/dana/.kube/config") | |
| => #<Kubeclient::Config:0x00560ede0bc528 ...> | |
| irb(main):003:0> client = Kubeclient::Client.new( | |
| irb(main):004:1* config.context.api_endpoint, | |
| irb(main):005:1* config.context.api_version, | |
| irb(main):006:1* { | |
| irb(main):007:2* :ssl_options => config.context.ssl_options, | |
| irb(main):008:2* :auth_options => config.context.auth_options |
danajp
/ monkey-patch-kubeclient-client.rb
Last active
May 24, 2017 17:28
[net http blog] monkey patch kubeclient client
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module MonkeyPatches | |
| module KubeclientClientMixin | |
| def create_rest_client(path = nil) | |
| path ||= @api_endpoint.path | |
| options = { | |
| :ssl_ca_file => @ssl_options[:ca_file], | |
| :ssl_cert_store => @ssl_options[:cert_store], | |
| :verify_ssl => @ssl_options[:verify_ssl], | |
| :ssl_client_cert => @ssl_options[:client_cert], | |
| :ssl_client_key => @ssl_options[:client_key], |
danajp
/ monkey-patch-kubeclient-config.rb
Created
May 23, 2017 19:01
[net http blog] monkey patch kubeclient config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module MonkeyPatches | |
| module KubeclientConfigMixin | |
| def context(context_name = nil) | |
| old = super(context_name) | |
| new_ssl_options = old.ssl_options.merge( | |
| :extra_chain_cert => client_certificate_intermediate_chain(context_name) | |
| ) | |
| Context.new(old.api_endpoint, old.api_version, new_ssl_options, old.auth_options) |
danajp
/ monkey-patch-rest-client-request.rb
Created
May 23, 2017 19:00
[net http blog] monkey patch rest client request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module MonkeyPatches | |
| module RestClientRequest | |
| def net_http_object(hostname, port) | |
| net = super(hostname, port) | |
| extra_chain_cert = @ssl_opts[:extra_chain_cert] | |
| net.extra_chain_cert = extra_chain_cert if extra_chain_cert | |
| net | |
| end |
danajp
/ monkey-patch-rest-client.rb
Created
May 23, 2017 18:58
[net http blog] monkey patch rest client const
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Avoid "already initialized constant" warnings | |
| ssl_option_list = RestClient::Request::SSLOptionList | |
| ssl_option_list << 'extra_chain_cert' | |
| RestClient::Request.send(:remove_const, 'SSLOptionList') | |
| RestClient::Request.const_set('SSLOptionList', ssl_option_list) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| irb(main):090:0> cert_data = <<EOF | |
| irb(main):091:0" -----BEGIN CERTIFICATE----- | |
| irb(main):092:0" MHIwWjAgZXZlbiBtb3JlIGZha2UgY2VydGlmaWNhdGUgZGF0YSB0aGF0J3MgYmFz | |
| irb(main):093:0" ... | |
| irb(main):094:0" ZTY0IGVuY29kZWQK | |
| irb(main):095:0" -----END CERTIFICATE----- | |
| irb(main):096:0" EOF | |
| => "-----BEGIN CERTIFICATE-----\nMHIwWjAgZXZlbiBtb3JlIGZha2UgY2VydGlmaWNhdGUgZGF0YSB0aGF0J3MgYmFz\n...\nZTY0IGVuY29kZWQK\n-----END CERTIFICATE-----\n" | |
| irb(main):097:0> intermediate_cert_data = <<EOF | |
| irb(main):098:0" -----BEGIN CERTIFICATE----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Net::HTTP | |
| SSL_IVNAMES << :@extra_chain_cert unless SSL_IVNAMES.include?(:@extra_chain_cert) | |
| SSL_ATTRIBUTES << :extra_chain_cert unless SSL_ATTRIBUTES.include?(:extra_chain_cert) | |
| attr_accessor :extra_chain_cert | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module Net #:nodoc: | |
| # ... | |
| class HTTP < Protocol | |
| # ... | |
| SSL_IVNAMES = [ | |
| :@ca_file, | |
| :@ca_path, | |
| :@cert, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| irb(main):001:0> puts OpenSSL::X509::Certificate.new(File.read("/home/dana/.kube/k8s-admin.pem")).to_s | |
| -----BEGIN CERTIFICATE----- | |
| MHIwWjAgZXZlbiBtb3JlIGZha2UgY2VydGlmaWNhdGUgZGF0YSB0aGF0J3MgYmFz | |
| ... | |
| ZTY0IGVuY29kZWQK | |
| -----END CERTIFICATE----- | |
| => nil |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cat ~/.minikube/apiserver.crt | |
| -----BEGIN CERTIFICATE----- | |
| MHIwWjAgbmljZSB0cnkgYnVkZHksIHRoaXMgaXMgc29tZSBmYWtlIGNlcnRpZmlj | |
| ... | |
| YXRlIGRhdGEK== | |
| -----END CERTIFICATE----- | |
| $ cat ~/.kube/k8s-admin.pem | |
| -----BEGIN CERTIFICATE----- | |
| MHIwWjAgZXZlbiBtb3JlIGZha2UgY2VydGlmaWNhdGUgZGF0YSB0aGF0J3MgYmFz |
NewerOlder