Skip to content

Commit 36c5f72

Browse files
agrevtsevagrevtsev
committed
get only secrets of specific type from k8s
1 parent 33dd533 commit 36c5f72

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

internal/kubernetes.go

+13-12
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212
v1 "k8s.io/api/core/v1"
1313
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1414
"k8s.io/apimachinery/pkg/labels"
15+
"k8s.io/apimachinery/pkg/fields"
1516
"k8s.io/client-go/kubernetes"
1617
"k8s.io/client-go/rest"
1718
"k8s.io/client-go/tools/clientcmd"
@@ -36,17 +37,16 @@ func (exporter *Exporter) parseAllKubeSecrets() ([]*certificateRef, []error) {
3637
}
3738

3839
for _, namespace := range namespaces {
39-
secrets, err := exporter.getWatchedSecrets(namespace)
40-
if err != nil {
41-
outputErrors = append(outputErrors, fmt.Errorf("failed to fetch secrets from namespace \"%s\": %s", namespace, err.Error()))
42-
continue
43-
}
44-
45-
for _, secret := range secrets {
46-
for _, secretType := range exporter.KubeSecretTypes {
47-
typeAndKey := strings.Split(secretType, ":")
40+
for _, secretType := range exporter.KubeSecretTypes {
41+
typeAndKey := strings.Split(secretType, ":")
42+
secrets, err := exporter.getWatchedSecrets(namespace, typeAndKey[0])
43+
if err != nil {
44+
outputErrors = append(outputErrors, fmt.Errorf("failed to fetch secrets from namespace \"%s\": %s", namespace, err.Error()))
45+
continue
46+
}
4847

49-
if secret.Type == v1.SecretType(typeAndKey[0]) && len(secret.Data[typeAndKey[1]]) > 0 {
48+
for _, secret := range secrets {
49+
if len(secret.Data[typeAndKey[1]]) > 0 {
5050
output = append(output, &certificateRef{
5151
path: fmt.Sprintf("k8s/%s/%s", namespace, secret.GetName()),
5252
format: certificateFormatKubeSecret,
@@ -57,7 +57,6 @@ func (exporter *Exporter) parseAllKubeSecrets() ([]*certificateRef, []error) {
5757
}
5858
}
5959
}
60-
6160
return output, outputErrors
6261
}
6362

@@ -94,7 +93,7 @@ func (exporter *Exporter) listNamespacesToWatch() ([]string, error) {
9493
return namespaces, nil
9594
}
9695

97-
func (exporter *Exporter) getWatchedSecrets(namespace string) ([]v1.Secret, error) {
96+
func (exporter *Exporter) getWatchedSecrets(namespace string, secretType string) ([]v1.Secret, error) {
9897
cachedSecrets, cached := exporter.secretsCache.Get(namespace)
9998
if cached {
10099
return cachedSecrets.([]v1.Secret), nil
@@ -123,8 +122,10 @@ func (exporter *Exporter) getWatchedSecrets(namespace string) ([]v1.Secret, erro
123122
}
124123

125124
labelSelector := metav1.LabelSelector{MatchLabels: includedLabelsWithValue}
125+
fieldSelector := fields.SelectorFromSet(fields.Set{"type" : secretType})
126126
secrets, err := exporter.kubeClient.CoreV1().Secrets(namespace).List(context.Background(), metav1.ListOptions{
127127
LabelSelector: labels.Set(labelSelector.MatchLabels).String(),
128+
FieldSelector: fieldSelector.String(),
128129
})
129130
if err != nil {
130131
return nil, err

0 commit comments

Comments
 (0)