treacher

func main() {
	// Set logging output to standard console out
	log.SetOutput(os.Stdout)

	sigs := make(chan os.Signal, 1) // Create channel to receive OS signals
	stop := make(chan struct{})     // Create channel to receive stop signal

	signal.Notify(sigs, os.Interrupt, syscall.SIGTERM, syscall.SIGINT) // Register the sigs channel to receieve SIGTERM

	wg := &sync.WaitGroup{} // Goroutines can add themselves to this to be waited on so that they finish

treacher

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kubernetes-team-1
  namespace: team-1
subjects:
- kind: Group
  name: kubernetes-team-1
  apiGroup: rbac.authorization.k8s.io

treacher

// NamespaceController watches the kubernetes api for changes to namespaces and
// creates a RoleBinding for that particular namespace.
type NamespaceController struct {
	namespaceInformer cache.SharedIndexInformer
	kclient           *kubernetes.Clientset
}

// NewNamespaceController creates a new NewNamespaceController
func NewNamespaceController(kclient *kubernetes.Clientset) *NamespaceController {
	namespaceWatcher := &NamespaceController{}

treacher

// NamespaceController watches the kubernetes api for changes to namespaces and
// creates a RoleBinding for that particular namespace.
type NamespaceController struct {
	namespaceInformer cache.SharedIndexInformer
	kclient           *kubernetes.Clientset
}

// Run starts the process for listening for namespace changes and acting upon those changes.
func (c *NamespaceController) Run(stopCh <-chan struct{}, wg *sync.WaitGroup) {
	// When this function completes, mark the go function as done

treacher

func (c *NamespaceController) createRoleBinding(obj interface{}) {
	namespaceObj := obj.(*v1.Namespace)
	namespaceName := namespaceObj.Name

	roleBinding := &v1beta1.RoleBinding{
		TypeMeta: metav1.TypeMeta{
			Kind:       "RoleBinding",
			APIVersion: "rbac.authorization.k8s.io/v1beta1",
		},
		ObjectMeta: metav1.ObjectMeta{

treacher

// Run starts the process for listening for namespace changes and acting upon those changes.
func (c *NamespaceController) Run(stopCh <-chan struct{}, wg *sync.WaitGroup) {
	// When this function completes, mark the go function as done
	defer wg.Done()

	// Increment wait group as we're about to execute a go function
	wg.Add(1)

	// Execute go function
	go c.namespaceInformer.Run(stopCh)

treacher

apiVersion: v1
kind: Pod
metadata:
  name: container-with-secrets
spec:
  containers:
  - name: container-with-secrets
    image: redis
    env:
      - name: SECRET_PASSWORD

treacher

DB_PASSWORD=foobar123
DB_USER=foo
API_KEY=12345abcd
SERVICE_PASSWORD=bbaabb45

treacher

AWSTemplateFormatVersion: 2010-09-09
Resources:
  # KMS Key which we'll be using to encrypt our environment variables
  Key:
    Type: AWS::KMS::Key
    Properties:
      Description: kube-kms-example application secrets key
      KeyPolicy:
        Version: 2012-10-17
        Id: allow-root-access-to-key

treacher

curl -sL -o /usr/local/bin/shush \
    https://github.com/realestate-com-au/shush/releases/download/v1.3.0/shush_linux_amd64 \
 && chmod +x /usr/local/bin/shush