[Configuration] Support exec for kubeconfig

examples/Makefile

@@ -2,8 +2,10 @@ all:
 	cd create_pod; make
 	cd list_pod; make
 	cd list_pod_incluster; make
+	cd exec_provider; make
 
 clean:
 	cd create_pod; make clean
 	cd list_pod; make clean
 	cd list_pod_incluster; make clean
+	cd exec_provider; make clean

examples/exec_provider/.gitignore

@@ -0,0 +1,4 @@
+my_exec_provider_bin
+list_pod_by_exec_provider_bin
+config_with_exec_provider
+config_with_exec_provider.*

examples/exec_provider/Makefile

@@ -0,0 +1,14 @@
+INCLUDE:=-I../../kubernetes/include -I../../kubernetes/model -I../../kubernetes/api -I../../kubernetes/config
+LIBS:=-L../../kubernetes/build -lkubernetes -lcurl -lyaml -lpthread -lssl -lz
+CFLAGS:=-g
+
+all: my_exec_provider_bin list_pod_by_exec_provider_bin
+
+list_pod_by_exec_provider_bin:
+	gcc list_pod_by_exec_provider.c $(CFLAGS) $(INCLUDE) $(LIBS) -o list_pod_by_exec_provider_bin
+
+my_exec_provider_bin:
+	gcc my_exec_provider.c $(CFLAGS) -o my_exec_provider_bin
+
+clean:
+	rm ./my_exec_provider_bin ./list_pod_by_exec_provider_bin

examples/exec_provider/config_with_exec_provider_sample

@@ -0,0 +1,29 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: 
+    server: 
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: kubernetes-admin
+  name: kubernetes-admin@kubernetes
+current-context: kubernetes-admin@kubernetes
+kind: Config
+preferences: {}
+users:
+- name: kubernetes-admin
+  user:
+    exec:
+      command: "./my_exec_provider_bin"
+      apiVersion: "client.authentication.k8s.io/v1beta1"
+      env:
+      - name: "exec_client_certificate_data"
+        value: "-----BEGIN CERTIFICATE-----\n\n-----END CERTIFICATE-----"
+      - name: "exec_client_private_key"
+        value: "-----BEGIN RSA PRIVATE KEY-----\n\n-----END RSA PRIVATE KEY-----"
+      args:
+      - "arg1"
+      - "arg2"
+      - "token_value"

examples/exec_provider/list_pod_by_exec_provider.c

@@ -0,0 +1,66 @@
+#include <kube_config.h>
+#include <apiClient.h>
+#include <CoreV1API.h>
+#include <malloc.h>
+#include <stdio.h>
+#include <errno.h>
+
+void list_pod(apiClient_t * apiClient)
+{
+    v1_pod_list_t *pod_list = NULL;
+    pod_list = CoreV1API_listNamespacedPod(apiClient, "default",    /*namespace */
+                                           NULL,    /* pretty */
+                                           0,   /* allowWatchBookmarks */
+                                           NULL,    /* continue */
+                                           NULL,    /* fieldSelector */
+                                           NULL,    /* labelSelector */
+                                           0,   /* limit */
+                                           NULL,    /* resourceVersion */
+                                           0,   /* timeoutSeconds */
+                                           0    /* watch */
+        );
+    printf("The return code of HTTP request=%ld\n", apiClient->response_code);
+    if (pod_list) {
+        printf("Get pod list:\n");
+        listEntry_t *listEntry = NULL;
+        v1_pod_t *pod = NULL;
+        list_ForEach(listEntry, pod_list->items) {
+            pod = listEntry->data;
+            printf("\tThe pod name: %s\n", pod->metadata->name);
+        }
+    } else {
+        printf("Cannot get any pod.\n");
+    }
+}
+
+int main(int argc, char *argv[])
+{
+    int rc = 0;
+
+    char *baseName = NULL;
+    sslConfig_t *sslConfig = NULL;
+    list_t *apiKeys = NULL;
+    apiClient_t *k8sApiClient = NULL;
+
+    rc = load_kube_config(&baseName, &sslConfig, &apiKeys, "./config_with_exec_provider");
+    if (0 == rc) {
+        k8sApiClient = apiClient_create_with_base_path(baseName, sslConfig, apiKeys);
+    } else {
+        printf("Cannot load kubernetes configuration.\n");
+        return -1;
+    }
+
+    if (k8sApiClient) {
+        list_pod(k8sApiClient);
+    }
+
+    free_client_config(baseName, sslConfig, apiKeys);
+    baseName = NULL;
+    sslConfig = NULL;
+    apiKeys = NULL;
+
+    apiClient_free(k8sApiClient);
+    k8sApiClient = NULL;
+
+    return rc;
+}

examples/exec_provider/my_exec_provider.c

@@ -0,0 +1,44 @@
+#define _GNU_SOURCE
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#define ENV_EXEC_CLIENT_CERTIFICATE_DATA "exec_client_certificate_data"
+#define ENV_EXEC_CLIENT_PRIVATE_KEY "exec_client_private_key"
+
+char token_template[] = "\
+{\
+  \"apiVersion\": \"client.authentication.k8s.io/v1beta1\",\
+  \"kind\": \"ExecCredential\",\
+  \"status\": {\
+    \"token\": \"%s\"\
+  }\
+}";
+
+char certificate_template[] = "\
+{\
+  \"apiVersion\": \"client.authentication.k8s.io/v1beta1\",\
+  \"kind\": \"ExecCredential\",\
+  \"status\": {\
+    \"clientCertificateData\": \"%s\",\
+    \"clientKeyData\": \"%s\"\
+  }\
+}";
+
+int main(int argc, char *argv[])
+{
+    const char *client_certificate_data = secure_getenv(ENV_EXEC_CLIENT_CERTIFICATE_DATA);
+    const char *client_private_key = secure_getenv(ENV_EXEC_CLIENT_PRIVATE_KEY);
+
+    if ((4 == argc) && argv[3]) {
+        // token is passed by command line argument
+        printf(token_template, argv[3]);
+    } else if ((client_certificate_data) && strlen(client_certificate_data) > 0 && (client_private_key) && strlen(client_private_key) > 0) {
+        // client certificate and private key are passed by environment variables
+        printf(certificate_template, client_certificate_data, client_private_key);
+    } else {
+        printf("Cannot get authentication data\n");
+    }
+
+    return 0;
+}