Add a kubectl create secret tls command

kubernetes · Apr 26, 2016 · 9bdb0c5 · 9bdb0c5 · k8s-teamcity-mesosphere · Apr 26, 2016
1 parent daf6be1
commit 9bdb0c5
Show file tree

Hide file tree

Showing 9 changed files with 525 additions and 2 deletions.
diff --git a/.generated_docs b/.generated_docs
@@ -26,6 +26,7 @@ docs/man/man1/kubectl-create-configmap.1
 docs/man/man1/kubectl-create-namespace.1
 docs/man/man1/kubectl-create-secret-docker-registry.1
 docs/man/man1/kubectl-create-secret-generic.1
+docs/man/man1/kubectl-create-secret-tls.1
 docs/man/man1/kubectl-create-secret.1
 docs/man/man1/kubectl-create-serviceaccount.1
 docs/man/man1/kubectl-create.1
@@ -80,6 +81,7 @@ docs/user-guide/kubectl/kubectl_create_namespace.md
 docs/user-guide/kubectl/kubectl_create_secret.md
 docs/user-guide/kubectl/kubectl_create_secret_docker-registry.md
 docs/user-guide/kubectl/kubectl_create_secret_generic.md
+docs/user-guide/kubectl/kubectl_create_secret_tls.md
 docs/user-guide/kubectl/kubectl_create_serviceaccount.md
 docs/user-guide/kubectl/kubectl_delete.md
 docs/user-guide/kubectl/kubectl_describe.md

diff --git a/contrib/completions/bash/kubectl b/contrib/completions/bash/kubectl
@@ -726,6 +726,72 @@ _kubectl_create_secret_docker-registry()
     noun_aliases=()
 }
 
+_kubectl_create_secret_tls()
+{
+    last_command="kubectl_create_secret_tls"
+    commands=()
+
+    flags=()
+    two_word_flags=()
+    flags_with_completion=()
+    flags_completion=()
+
+    flags+=("--cert=")
+    flags+=("--dry-run")
+    flags+=("--generator=")
+    flags+=("--key=")
+    flags+=("--no-headers")
+    flags+=("--output=")
+    two_word_flags+=("-o")
+    flags+=("--output-version=")
+    flags+=("--save-config")
+    flags+=("--schema-cache-dir=")
+    flags_with_completion+=("--schema-cache-dir")
+    flags_completion+=("_filedir")
+    flags+=("--show-all")
+    flags+=("-a")
+    flags+=("--show-labels")
+    flags+=("--sort-by=")
+    flags+=("--template=")
+    flags_with_completion+=("--template")
+    flags_completion+=("_filedir")
+    two_word_flags+=("-t")
+    flags_with_completion+=("-t")
+    flags_completion+=("_filedir")
+    flags+=("--validate")
+    flags+=("--alsologtostderr")
+    flags+=("--api-version=")
+    flags+=("--as=")
+    flags+=("--certificate-authority=")
+    flags+=("--client-certificate=")
+    flags+=("--client-key=")
+    flags+=("--cluster=")
+    flags+=("--context=")
+    flags+=("--insecure-skip-tls-verify")
+    flags+=("--kubeconfig=")
+    flags+=("--log-backtrace-at=")
+    flags+=("--log-dir=")
+    flags+=("--log-flush-frequency=")
+    flags+=("--logtostderr")
+    flags+=("--match-server-version")
+    flags+=("--namespace=")
+    flags_with_completion+=("--namespace")
+    flags_completion+=("__kubectl_get_namespaces")
+    flags+=("--password=")
+    flags+=("--server=")
+    two_word_flags+=("-s")
+    flags+=("--stderrthreshold=")
+    flags+=("--token=")
+    flags+=("--user=")
+    flags+=("--username=")
+    flags+=("--v=")
+    flags+=("--vmodule=")
+
+    must_have_one_flag=()
+    must_have_one_noun=()
+    noun_aliases=()
+}
+
 _kubectl_create_secret_generic()
 {
     last_command="kubectl_create_secret_generic"
@@ -798,6 +864,7 @@ _kubectl_create_secret()
     last_command="kubectl_create_secret"
     commands=()
     commands+=("docker-registry")
+    commands+=("tls")
     commands+=("generic")
 
     flags=()

diff --git a/docs/man/man1/kubectl-create-secret.1 b/docs/man/man1/kubectl-create-secret.1
@@ -116,7 +116,7 @@ Create a secret using specified subcommand.
 
 .SH SEE ALSO
 .PP
-\fBkubectl\-create(1)\fP, \fBkubectl\-create\-secret\-docker\-registry(1)\fP, \fBkubectl\-create\-secret\-generic(1)\fP,
+\fBkubectl\-create(1)\fP, \fBkubectl\-create\-secret\-docker\-registry(1)\fP, \fBkubectl\-create\-secret\-tls(1)\fP, \fBkubectl\-create\-secret\-generic(1)\fP,
 
 
 .SH HISTORY

diff --git a/docs/user-guide/kubectl/kubectl_create_secret.md b/docs/user-guide/kubectl/kubectl_create_secret.md
@@ -78,8 +78,9 @@ kubectl create secret
 * [kubectl create](kubectl_create.md)	 - Create a resource by filename or stdin
 * [kubectl create secret docker-registry](kubectl_create_secret_docker-registry.md)	 - Create a secret for use with a Docker registry.
 * [kubectl create secret generic](kubectl_create_secret_generic.md)	 - Create a secret from a local file, directory or literal value.
+* [kubectl create secret tls](kubectl_create_secret_tls.md)	 - Create a TLS secret.
 
-###### Auto generated by spf13/cobra on 5-Apr-2016
+###### Auto generated by spf13/cobra on 25-Apr-2016
 
 <!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
 [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/user-guide/kubectl/kubectl_create_secret.md?pixel)]()

diff --git a/docs/user-guide/kubectl/kubectl_create_secret_tls.md b/docs/user-guide/kubectl/kubectl_create_secret_tls.md
@@ -0,0 +1,108 @@
+<!-- BEGIN MUNGE: UNVERSIONED_WARNING -->
+
+<!-- BEGIN STRIP_FOR_RELEASE -->
+
+<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
+     width="25" height="25">
+<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
+     width="25" height="25">
+<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
+     width="25" height="25">
+<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
+     width="25" height="25">
+<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
+     width="25" height="25">
+
+<h2>PLEASE NOTE: This document applies to the HEAD of the source tree</h2>
+
+If you are using a released version of Kubernetes, you should
+refer to the docs that go with that version.
+
+Documentation for other releases can be found at
+[releases.k8s.io](http://releases.k8s.io).
+</strong>
+--
+
+<!-- END STRIP_FOR_RELEASE -->
+
+<!-- END MUNGE: UNVERSIONED_WARNING -->
+
+## kubectl create secret tls
+
+Create a TLS secret.
+
+### Synopsis
+
+
+
+Create a TLS secret from the given public/private key pair.
+
+The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.
+
+```
+kubectl create secret tls NAME --cert=path to cert file --key=path to key file [--dry-run]
+```
+
+### Examples
+
+```
+  # Create a new TLS secret named tls-secret with the given key pair:
+  $ kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
+```
+
+### Options
+
+```
+      --cert="": Path to PEM encoded public key certificate.
+      --dry-run[=false]: If true, only print the object that would be sent, without sending it.
+      --generator="secret-for-tls/v1": The name of the API generator to use.
+      --key="": Path to private key associated with given certificate.
+      --no-headers[=false]: When using the default output, don't print headers.
+  -o, --output="": Output format. One of: json|yaml|wide|name|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://releases.k8s.io/HEAD/docs/user-guide/jsonpath.md].
+      --output-version="": Output the formatted object with the given group version (for ex: 'extensions/v1beta1').
+      --save-config[=false]: If true, the configuration of current object will be saved in its annotation. This is useful when you want to perform kubectl apply on this object in the future.
+      --schema-cache-dir="~/.kube/schema": If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
+  -a, --show-all[=false]: When printing, show all resources (default hide terminated pods.)
+      --show-labels[=false]: When printing, show all labels as the last column (default hide labels column)
+      --sort-by="": If non-empty, sort list types using this field specification.  The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+      --template="": Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+      --validate[=true]: If true, use a schema to validate the input before sending it
+```
+
+### Options inherited from parent commands
+
+```
+      --alsologtostderr[=false]: log to standard error as well as files
+      --as="": Username to impersonate for the operation.
+      --certificate-authority="": Path to a cert. file for the certificate authority.
+      --client-certificate="": Path to a client certificate file for TLS.
+      --client-key="": Path to a client key file for TLS.
+      --cluster="": The name of the kubeconfig cluster to use
+      --context="": The name of the kubeconfig context to use
+      --insecure-skip-tls-verify[=false]: If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.
+      --kubeconfig="": Path to the kubeconfig file to use for CLI requests.
+      --log-backtrace-at=:0: when logging hits line file:N, emit a stack trace
+      --log-dir="": If non-empty, write log files in this directory
+      --log-flush-frequency=5s: Maximum number of seconds between log flushes
+      --logtostderr[=true]: log to standard error instead of files
+      --match-server-version[=false]: Require server version to match client version
+      --namespace="": If present, the namespace scope for this CLI request.
+      --password="": Password for basic authentication to the API server.
+  -s, --server="": The address and port of the Kubernetes API server
+      --stderrthreshold=2: logs at or above this threshold go to stderr
+      --token="": Bearer token for authentication to the API server.
+      --user="": The name of the kubeconfig user to use
+      --username="": Username for basic authentication to the API server.
+      --v=0: log level for V logs
+      --vmodule=: comma-separated list of pattern=N settings for file-filtered logging
+```
+
+### SEE ALSO
+
+* [kubectl create secret](kubectl_create_secret.md)	 - Create a secret using specified subcommand.
+
+###### Auto generated by spf13/cobra on 25-Apr-2016
+
+<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
+[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/user-guide/kubectl/kubectl_create_secret_tls.md?pixel)]()
+<!-- END MUNGE: GENERATED_ANALYTICS -->
diff --git a/pkg/kubectl/cmd/create_secret.go b/pkg/kubectl/cmd/create_secret.go
@@ -37,6 +37,7 @@ func NewCmdCreateSecret(f *cmdutil.Factory, cmdOut io.Writer) *cobra.Command {
 		},
 	}
 	cmd.AddCommand(NewCmdCreateSecretDockerRegistry(f, cmdOut))
+	cmd.AddCommand(NewCmdCreateSecretTLS(f, cmdOut))
 	cmd.AddCommand(NewCmdCreateSecretGeneric(f, cmdOut))
 
 	return cmd
@@ -192,3 +193,65 @@ func CreateSecretDockerRegistry(f *cmdutil.Factory, cmdOut io.Writer, cmd *cobra
 		OutputFormat:        cmdutil.GetFlagString(cmd, "output"),
 	})
 }
+
+const (
+	secretForTLSLong = `
+Create a TLS secret from the given public/private key pair.
+
+The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.`
+
+	secretForTLSExample = `  # Create a new TLS secret named tls-secret with the given key pair:
+  $ kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key`
+)
+
+// NewCmdCreateSecretTLS is a macro command for creating secrets to work with Docker registries
+func NewCmdCreateSecretTLS(f *cmdutil.Factory, cmdOut io.Writer) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "tls NAME --cert=path to cert file --key=path to key file [--dry-run]",
+		Short:   "Create a TLS secret.",
+		Long:    secretForTLSLong,
+		Example: secretForTLSExample,
+		Run: func(cmd *cobra.Command, args []string) {
+			err := CreateSecretTLS(f, cmdOut, cmd, args)
+			cmdutil.CheckErr(err)
+		},
+	}
+	cmdutil.AddApplyAnnotationFlags(cmd)
+	cmdutil.AddValidateFlags(cmd)
+	cmdutil.AddPrinterFlags(cmd)
+	cmdutil.AddGeneratorFlags(cmd, cmdutil.SecretForTLSV1GeneratorName)
+	cmd.Flags().String("cert", "", "Path to PEM encoded public key certificate.")
+	cmd.Flags().String("key", "", "Path to private key associated with given certificate.")
+	return cmd
+}
+
+// CreateSecretTLS is the implementation of the create secret tls command
+func CreateSecretTLS(f *cmdutil.Factory, cmdOut io.Writer, cmd *cobra.Command, args []string) error {
+	name, err := NameFromCommandArgs(cmd, args)
+	if err != nil {
+		return err
+	}
+	requiredFlags := []string{"cert", "key"}
+	for _, requiredFlag := range requiredFlags {
+		if value := cmdutil.GetFlagString(cmd, requiredFlag); len(value) == 0 {
+			return cmdutil.UsageError(cmd, "flag %s is required", requiredFlag)
+		}
+	}
+	var generator kubectl.StructuredGenerator
+	switch generatorName := cmdutil.GetFlagString(cmd, "generator"); generatorName {
+	case cmdutil.SecretForTLSV1GeneratorName:
+		generator = &kubectl.SecretForTLSGeneratorV1{
+			Name: name,
+			Key:  cmdutil.GetFlagString(cmd, "key"),
+			Cert: cmdutil.GetFlagString(cmd, "cert"),
+		}
+	default:
+		return cmdutil.UsageError(cmd, fmt.Sprintf("Generator: %s not supported.", generatorName))
+	}
+	return RunCreateSubcommand(f, cmd, cmdOut, &CreateSubcommandOptions{
+		Name:                name,
+		StructuredGenerator: generator,
+		DryRun:              cmdutil.GetFlagBool(cmd, "dry-run"),
+		OutputFormat:        cmdutil.GetFlagString(cmd, "output"),
+	})
+}
diff --git a/pkg/kubectl/cmd/util/factory.go b/pkg/kubectl/cmd/util/factory.go
@@ -151,6 +151,7 @@ const (
 	NamespaceV1GeneratorName                    = "namespace/v1"
 	SecretV1GeneratorName                       = "secret/v1"
 	SecretForDockerRegistryV1GeneratorName      = "secret-for-docker-registry/v1"
+	SecretForTLSV1GeneratorName                 = "secret-for-tls/v1"
 	ConfigMapV1GeneratorName                    = "configmap/v1"
 )
 
@@ -180,6 +181,10 @@ func DefaultGenerators(cmdName string) map[string]kubectl.Generator {
 	generators["secret-for-docker-registry"] = map[string]kubectl.Generator{
 		SecretForDockerRegistryV1GeneratorName: kubectl.SecretForDockerRegistryGeneratorV1{},
 	}
+	generators["secret-for-tls"] = map[string]kubectl.Generator{
+		SecretForTLSV1GeneratorName: kubectl.SecretForTLSGeneratorV1{},
+	}
+
 	return generators[cmdName]
 }