How do I get/update a Kubernetes custom resource from a go program?

Question

I'm looking for the go equivalent of:

kubectl get some-custom-resource-kind some-custom-resource -o yaml > file.yaml
Modify the yaml file...
kubectl apply -f file.yaml

Kubernetes has a client go library for standard resource kinds.

And various vendors have client go libraries for their custom resources.

But I need to get/update a resource kind that doesn't have a publicly available client go library. The logic is implemented in bash script today and I'm trying to move that function to a go controller.

Seems like it there should be a straightforward way in go to do the equivalent of kubectl.

Thanks, Paul

Answer 1

I am creating a CRD (securitycontextconstraint) as follows:

import(
    v1 "github.com/openshift/api/security/v1"
    corev1 "k8s.io/api/core/v1"
    "k8s.io/apimachinery/pkg/api/resource"
    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func (c *ClusterClient) CreateSCC() {
name := "ssc-test"
scc := v1.SecurityContextConstraints{
    TypeMeta: metav1.TypeMeta{
        Kind:       "SecurityContextConstraints",
        APIVersion: "security.openshift.io/v1",
    },

    ObjectMeta: metav1.ObjectMeta{
        Name: name,
    },
    RequiredDropCapabilities: []corev1.Capability{"KILL", "MKNOD", "SETUID", "SETGID"},
    AllowHostPorts:           false,
    AllowPrivilegedContainer: false,
    AllowHostDirVolumePlugin: false,
    AllowHostIPC:             false,
    ReadOnlyRootFilesystem:   false,
    DefaultAddCapabilities:   nil,
    AllowHostPID:             false,
    AllowHostNetwork:         false,
    AllowedCapabilities:      nil,
    Volumes:                  []v1.FSType{v1.FSTypeConfigMap, v1.FSTypeDownwardAPI, v1.FSTypeEmptyDir, v1.FSTypePersistentVolumeClaim, v1.FSProjected, v1.FSTypeSecret},
    SELinuxContext: v1.SELinuxContextStrategyOptions{
        Type: v1.SELinuxStrategyMustRunAs,
    },
    RunAsUser: v1.RunAsUserStrategyOptions{
        Type: v1.RunAsUserStrategyMustRunAsRange,
    },
    SupplementalGroups: v1.SupplementalGroupsStrategyOptions{
        Type: v1.SupplementalGroupsStrategyRunAsAny,
    },

    Users:  []string{},
    Groups: []string{"system:authenticated"},
}

// To check if scc is already created or not
_, err := c.kubeClient.CoreV1().RESTClient().
    Get().
    AbsPath("/apis/security.openshift.io/v1/securitycontextconstraints/ssc-test").
    DoRaw(context.Background())

// scc is not present in cluster
if err != nil {
    //Creating SCC
    _, err = c.kubeClient.CoreV1().RESTClient().
        Post().
        AbsPath("/apis/security.openshift.io/v1").
        Resource("securitycontextconstraints").
        // VersionedParams(&metav1.CreateOptions{}, scheme.ParameterCodec).
        Body(&scc).
        DoRaw(context.Background())

    if err != nil {
        fmt.Printf("Failed to create SecurityContextConstraints: %v\n", err)
        // return Failure, err
    }
    fmt.Printf("Successfully created SecurityContextConstraints %s\n", name)
}

}

Answer 2

For any type, including your CRDs, use client.Client.

From the documentation:

// Using a typed object.
pod := &corev1.Pod{}
// c is a created client.
_ = c.Get(context.Background(), client.ObjectKey{
    Namespace: "namespace",
    Name:      "name",
}, pod)
pod.SetFinalizers(append(pod.GetFinalizers(), "new-finalizer"))
_ = c.Update(context.Background(), pod)

// Using a unstructured object.
u := &unstructured.Unstructured{}
u.SetGroupVersionKind(schema.GroupVersionKind{
    Group:   "apps",
    Kind:    "Deployment",
    Version: "v1",
})
_ = c.Get(context.Background(), client.ObjectKey{
    Namespace: "namespace",
    Name:      "name",
}, u)
u.SetFinalizers(append(u.GetFinalizers(), "new-finalizer"))
_ = c.Update(context.Background(), u)

You could just as easily swap in SomeCustomResourceKind:

myCR := &v1alpha1.SomeCustomResourceKind{}

// c is a created client.Client
_ = c.Get(context.TODO(), client.ObjectKey{
  Namespace: "namespace",
  Name:      "some-custom-resource", }, myCR)

myCR.MyProperty = "NewValue"

_ = c.Update(context.TODO(), myCR)

You mentioned you're trying to move this functionality from a bash script to a Go controller, so it would be worth checking out the Kubebuilder project, which can scaffold out a controller for you (and any additional APIs you might need). It creates fully functional controllers with the controller-runtime Client and wires up all the reconciliation logic to manage your CRDs.