client-go
Vault
Our great sponsors
client-go | Vault | |
---|---|---|
38 | 160 | |
8,595 | 29,610 | |
1.7% | 0.8% | |
9.3 | 10.0 | |
7 days ago | 7 days ago | |
Go | Go | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
client-go
-
The Inner Workings of Kubernetes Management Frontends — A Software Engineer’s Perspective
The Kubernetes clients (e.g., Go client) support developers with both methods to connect to a cluster, as we can see in the following examples.
-
Has anyone ever tried to learn how k8s works?
My suggestion would be to start looking at things like https://github.com/kubernetes/client-go first in order to get a feel for the API and how data plane k8s components interact with the apiserver (it's the same thing that kubelet uses). Then move on to trying to build your own k8s operator to get a feel for how people expand and customize k8s functionality without having to modify upstream at all. IMO the codebase itself is too messy and in constant flux to make too much sense of it unless you are planning to contribute to upstream.
-
Can't override Kubernetes config in Kubernetes Go client
GitHub related issue https://github.com/kubernetes/client-go/issues/735
-
CUE compared to helm/kustomize...
CUE is cool and all but as soon as I start writing real code structures I want to reach for client-go.
-
Go 1.21 will (probably) download newer toolchains on demand by default
I'm... really not sure I agree with this, from a philosophical point of view. It feels like this is making "eh, we'll just upgrade our Go version next quarter" too easy; ultimately some responsibility toward updating your application's Go version to work with what new dependencies require should fall on Us, the application developers. Sure, we're bad at it. Everyone's lived through running years-old versions of some toolchain. But I think this just makes the problem worse, not better.
Its compounded by the problem that, when you're setting up a new library, the `go` directive in the mod file defaults to your current toolchain; most likely a very current one. It would take a not-insignificant effort on the library author's part to change that to assert the true-minimum version of Go required, based on libraries and language features and such. That's an effort most devs won't take on.
I'd also guess that many developers, up-to this point if not indefinitely because education is hard, interpreted that `go` directive to mean more-of "the version of go this was built with"; not necessarily "the version of go minimally required". There are really major libraries (kubernetes/client-go [1]) which assert a minimum go version of 1.20; the latest version (see, for comparison, the aws-sdk, which specifies a more reasonable go1.11 [2]). I haven't, you know, fully audited these libraries, but 1.20 wasn't exactly a major release with huge language and library changes; do they really need 1.20? If devs haven't traditionally operated in this world where keeping this value super-current results in actually significant downstream costs in network bandwidth (go1.20 is 100mb!) and CI runtime, do we have confidence that the community will adapt? There's millions of Go packages out there.
Or, will a future version of Go patch a security update, not backport it more than one version or so, and libraries have to specify the newest `go` directive version, because manifest security scanning and policy and whatever? Like, yeah, I get the rosy worldview of "your minimum version encodes required language and library features", but its not obvious to me that this is how this field is, or even will be, used.
Just a LOT of tertiary costs to this change which I hope the team has thought through.
[1] https://github.com/kubernetes/client-go/blob/master/go.mod#L...
[2] https://github.com/aws/aws-sdk-go/blob/main/go.mod
-
How to list all kubernetes objects with specific label using client-go
I looked at dynamic package, but it seems like it needs GroupVersionResource, which is different for, say, Service objects and Deployment objects. Also when I pass schema.GroupVersionResource{Group: "apps", Version: "v1"} it doesn't find anything, when I pass schema.GroupVersionResource{Version: "v1"} it finds only namespace object and also doesn't looks for labels, though I provided label options:
-
What's the best way to get notified when kubernetes Deployments change using the k8s.io/client-go library?
I'm writing a script that uses the k8s.io/client-go library (godocs here) to manipulate Deployments. In particular, I want to add a label selector to every Deployment in my cluster. Deployment label selectors are immutable. So my approach is to:
- K8S Get deployment liveness probe status
-
Learning kubebuilder - good examples of Golang watching/manipulating k8s objects?
Actually, kubebuilder is not using the standard Go libraries, but one using reflection to dynamically resolve the client based on the type you hand it (which is arguably better). The "official" client is k8s.io/client-go.
-
My LFX Mentorship experience with OpenELB
Then on June 18th, 2022, I got a chance to meet our mentors and the other mentee of OpenELB (the mentee and the mentors of OpenFunction were also there). There I was informed about how to start working on the project, so I started learning about using the Kubernetes API client. After experimenting with the official Kubernetes Client, I learned that it's not very feasible to use that for dealing with CRDs (custom resource definitions), so I explored the controller-runtime client as per what I found in many sources, and found that it was a great fit for the backend of our project. During that time, I also built a simple project to see if everything would work as expected or not (as this was the first time I dealt with a Kubernetes client, I considered that debugging would be easier in a smaller project).
Vault
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
-
Top Secrets Management Tools for 2024
HashiCorp Vault
-
Keep it cool and secure: do's and don'ts for managing Web App secrets
For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.
-
Kubernetes Secret Management
HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.
-
Champion Building - How to successfully adopt a developer tool
So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…
-
AWS Secrets Manager for on-premise and other cloud accounts scaled architecture
You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.
-
Show HN: Anchor – developer-friendly private CAs for internal TLS
https://github.com/openwrt/luci/blob/master/applications/luc...
https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :
> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.
-
The Complete Microservices Guide
Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.
-
Horcrux: Split your file into encrypted fragments
The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.
[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...
-
OpenTF Announces Fork of Terraform
Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
What are some alternatives?
kubebuilder - Kubebuilder - SDK for building Kubernetes APIs using CRDs
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
controller-runtime - Repo for the controller-runtime subproject of kubebuilder (sig-apimachinery)
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
kustomize - Customization of kubernetes YAML configurations
sops - Simple and flexible tool for managing secrets
celery - Distributed Task Queue (development branch)
etcd - Distributed reliable key-value store for the most critical data of a distributed system
apimachinery
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
k3s - Lightweight Kubernetes
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]