Initial version.

rossigee · rossigee · commit 9b9139c28d3b · 2023-08-16T15:11:45.000+07:00
diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
@@ -0,0 +1,55 @@
+name: Build and Publish
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+' # Trigger on tags with semantic versioning
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+    
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.20 # Use the Go version you need
+        
+    - name: Build
+      run: go build -o fetch-k8s-cert
+      
+    - name: Package for Debian
+      run: |
+        mkdir -p debian/fetch-k8s-cert/usr/local/bin
+        cp fetch-k8s-cert debian/fetch-k8s-cert/usr/local/bin
+        dpkg-deb --build debian
+        mv debian.deb fetch-k8s-cert.deb
+        
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ github.ref }}
+        release_name: Release ${{ github.ref }}
+        draft: false
+        prerelease: false
+    
+    - name: Upload Release Assets
+      id: upload-release-assets
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.create_release.outputs.upload_url }}
+        asset_path: |
+          fetch-k8s-cert
+          fetch-k8s-cert.deb
+        asset_name: |
+          fetch-k8s-cert
+          fetch-k8s-cert.deb
+        asset_content_type: application/octet-stream
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+fetch-k8s-cert
+config.yaml
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1 @@
+Public domain. Do whatever you like.
diff --git a/README.md b/README.md
@@ -0,0 +1,47 @@
+# Fetch K8s Certificate 
+
+This program is designed to be run on a regulary schedule to poll a K8S cluster for changes to a given TLS certificate resource. Briefly, this tool reads a YAML configuration file, connects to a Kubernetes API using credentials configured, fetches the contents of a TLS Certificate resource, compares it to a local file, and triggers a reload command if the contents have changed.
+
+The primary use case for this tool is to allow `cert-manager` to manage the lifecycle of the certificates on a Kubernetes cluster, but a non-K8S instance can use this tool to retrieve the latest copy of the TLS keypair from cluster and manage it locally. A local process (for example, 'haproxy') can then use the TLS certificate for client or server authentication.
+
+## Basic usage
+
+Build the binary...
+
+```
+go build
+```
+
+Create a configuration file in YAML format with the following fields:
+
+```yaml
+# URL of the Kubernetes API
+k8sAPIURL: https://your.cluster.address:6443
+
+# Base64-encoded authentication token
+token: jwt_token_from_service_account
+
+# Kubernetes namespace where the certificate is located
+namespace: internal
+
+# Name of the certificate resource
+certName: internal-tls
+
+# Path to the local certificate file.
+localFilePath: /etc/pki/tls/internal-tls.pem
+
+# Command to trigger a service reload.
+reloadCommand: "echo 'The cert changed.'"
+
+# Path to the CA file for the K8S API server
+#caCertFilePath: /etc/pki/tls/ca.crt
+
+# Enable to skip TLS verification of the K8S API server
+skipTLSVerification: true
+```
+
+Run the binary...
+
+```
+./fetch-k8s-cert -f config.yaml
+```
diff --git a/debian/changelog b/debian/changelog
@@ -0,0 +1,5 @@
+fetch-k8s-cert (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ -- Ross Golder <ross@golder.org>  Tue, 15 Aug 2023 22:42:30 +0700
diff --git a/debian/compat b/debian/compat
@@ -0,0 +1 @@
+12
diff --git a/debian/control b/debian/control
@@ -0,0 +1,12 @@
+Source: fetch-k8s-cert
+Section: misc
+Priority: optional
+Maintainer: Ross Golder <ross@golder.org>
+Build-Depends: debhelper (>= 10)
+Standards-Version: 3.9.8
+Homepage: https://github.com/rossigee/fetch-k8s-cert
+
+Package: fetch-k8s-cert
+Architecture: amd64
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Small tool to mirror a K8S Certificate resource to a local PEM file
diff --git a/debian/debhelper-build-stamp b/debian/debhelper-build-stamp
@@ -0,0 +1 @@
+fetch-k8s-cert
diff --git a/debian/fetch-k8s-cert.install b/debian/fetch-k8s-cert.install
@@ -0,0 +1,5 @@
+fetch-k8s-cert usr/bin/
+systemd/fetch-k8s-cert.service usr/lib/systemd/system/
+systemd/fetch-k8s-cert.timer usr/lib/systemd/system/
+README.md usr/share/doc/fetch-k8s-cert/
+LICENSE usr/share/doc/fetch-k8s-cert/
diff --git a/debian/fetch-k8s-cert.substvars b/debian/fetch-k8s-cert.substvars
@@ -0,0 +1,3 @@
+shlibs:Depends=libc6 (>= 2.34)
+misc:Depends=
+misc:Pre-Depends=
diff --git a/debian/files b/debian/files
@@ -0,0 +1,2 @@
+fetch-k8s-cert_1.0-1_amd64.buildinfo misc optional
+fetch-k8s-cert_1.0-1_amd64.deb misc optional
diff --git a/debian/rules b/debian/rules
@@ -0,0 +1,7 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+# For some reason 'dwz' results in obscure error and failure
+override_dh_dwz:
diff --git a/go.mod b/go.mod
@@ -0,0 +1,16 @@
+module github.com/rossigee/fetch-k8s-cert
+
+go 1.20
+
+require (
+	github.com/go-yaml/yaml v2.1.0+incompatible
+	github.com/sirupsen/logrus v1.9.3
+)
+
+require (
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -0,0 +1,36 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-yaml/yaml v2.1.0+incompatible h1:RYi2hDdss1u4YE7GwixGzWwVo47T8UQwnTLB6vQiq+o=
+github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/main.go b/main.go
diff --git a/main_test.go b/main_test.go
diff --git a/systemd/fetch-k8s-cert.service b/systemd/fetch-k8s-cert.service
diff --git a/systemd/fetch-k8s-cert.timer b/systemd/fetch-k8s-cert.timer

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +fetch-k8s-cert (1.0-1) unstable; urgency=medium
++
 +  * Initial release.
++
 + -- Ross Golder <[email protected]>  Tue, 15 Aug 2023 22:42:30 +0700
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+shlibs:Depends=libc6 (>= 2.34)`
	`2`	`+misc:Depends=`
	`3`	`+misc:Pre-Depends=`