def cluster_exist(self) -> bool:
credentials = self.get_credentials()[0]
region, project_id = self.get_cluster_env()
cluster_name = self.layer.get_cluster_name()
gke_client = ClusterManagerClient(credentials=credentials)
try:
gke_client.get_cluster(
name=
f"projects/{project_id}/locations/{region}/clusters/{cluster_name}"
)
return True
except NotFound:
return False
def _get_config(self) -> Configuration:
"""Get the Kubernetes cluster config."""
if not self.cluster_ip and not self.cluster_cert:
cluster_manager_client = ClusterManagerClient()
cluster = cluster_manager_client.get_cluster(
name=f"projects/{self.project_id}/locations/{self.zone}/clusters/{self.cluster_id}"
)
self.cluster_ip = cluster.endpoint
self.cluster_cert = str(cluster.master_auth.cluster_ca_certificate)
elif not (self.cluster_ip and self.cluster_cert):
raise Exception(
"Cluster IP and cluster certificate required when cluster configuration "
"is provided explicitly."
)
creds, projects = google.auth.default(
scopes=["https://www.googleapis.com/auth/cloud-platform"]
)
auth_req = google.auth.transport.requests.Request()
creds.refresh(auth_req) # refresh token
with NamedTemporaryFile(delete=False) as ca_cert:
ca_cert.write(base64.b64decode(self.cluster_cert))
return Configuration(
host=f"https://{self.cluster_ip}",
ssl_ca_cert=ca_cert.name,
authorization_key_prefix="Bearer",
authorization_key=creds.token, # valid for one hour
)
def main():
# config.load_kube_config()
project_id = "conductive-fold-275020"
zone = "us-central1-c"
cluster_id = "launch-cluster"
# config.load_kube_config()
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
path = os.getenv('GOOGLE_APPLICATION_CREDENTIALS')
credentials = service_account.Credentials.from_service_account_file(
path, scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.AppsV1Api()
# if sys.argv[1]:
# name = sys.argv[1]
# else:
name = 'cir-anders-openmp'
resp = v1.delete_namespaced_deployment(name=name, namespace="default")
print("Deployment {} deleted.".format(name))
def test_gke(data, context):
project_id = "[PROJECT-ID]"
zone = "[ZONE]"
cluster_id = "[CLUSTER-NAME]"
credentials = compute_engine.Credentials()
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.AppsV1Api()
#Try to list all the deployments.
try:
deployments = v1.list_deployment_for_all_namespaces()
except ApiException as e:
print("Exception when calling AppsV1Api->list_deployment_for_all_namespaces: %s\n" % e)
#Loop through the deployments to find the specfic hello-server deployment and update accordingly.
for deployment in deployments.items:
if 'hello' in deployment.metadata.name:
print("%s\t%s" % (deployment.metadata.namespace, deployment.metadata.name))
update_deployment(v1,deployment)
return("Ok")
def configmap_fetcher(request):
"""Gets configuration from a config-map in a GKE cluster."""
cluster_region = os.environ.get("GKE_CLUSTER_REGION", "europe-west1")
cluster_name = os.environ.get("GKE_CLUSTER_NAME", "config-cluster")
namespace = os.environ.get("KUBERNETES_NAMESPACE", "default")
# GCP_PROJECT env is set automatically by Cloud Function runtime.
project_id = os.environ.get("GCP_PROJECT")
credentials, _ = google.auth.default()
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster_resource_name = (
f"projects/{project_id}/locations/{cluster_region}/clusters/{cluster_name}"
)
cluster = cluster_manager_client.get_cluster("",
"",
"",
name=cluster_resource_name)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
configmaps = v1.list_namespaced_config_map(namespace, watch=False)
return jsonify(configmaps.to_dict())
def test_gke():
project_id = "wn-cloud-275704"
zone = "us-central1-c"
cluster_id = "wn-cloud-portal-qa"
# Use a service account configured in GCP console,
# authenticating with a JSON key
credentials = service_account.Credentials \
.from_service_account_file('wn-cloud-275704-24c84de6f442.json')
print('Authentication done------------------------------>')
# Get cluster details
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id=project_id,
zone=zone,
cluster_id=cluster_id)
print('cluster info received------------------------------>')
# Save cluster certificate for SSL verification
cert = base64.b64decode(cluster.master_auth.cluster_ca_certificate)
cert_filename = 'cluster_ca_cert'
cert_file = open(cert_filename, 'w')
cert_file.write(cert)
cert_file.close()
# Configure hostname for SSL verification
hosts = Hosts()
hosts.add([
HostsEntry(entry_type='ipv4',
address=cluster.endpoint,
names=['kubernetes'])
])
hosts.write()
# Get a token with the scopes required by GKE
kubeconfig_creds = credentials.with_scopes([
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/userinfo.email'
])
auth_req = google.auth.transport.requests.Request()
kubeconfig_creds.refresh(auth_req)
configuration = client.Configuration()
configuration.host = "https://kubernetes"
configuration.ssl_ca_cert = cert_filename
kubeconfig_creds.apply(configuration.api_key)
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
pods = v1.list_pod_for_all_namespaces(watch=False)
for i in pods.items:
print("%s\t%s\t%s" %
(i.status.pod_ip, i.metadata.namespace, i.metadata.name))
def start_k8s_client(service_account_cred, scope, proj_id, zone, cluster_id):
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
credentials = service_account.Credentials.from_service_account_file(
service_account_cred, scopes=scope)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(proj_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
return client
def get_k8_api(gcp_project,
zone,
cluster_id,
client_version='ExtensionsV1beta1Api'):
# TODO: use service account instead of creating token with ClusterManagerClient
credentials = compute_engine.Credentials()
cluster_manager_client = ClusterManagerClient(credentials=credentials, )
location_type = get_location_type(zone)
if location_type == LOCATION_TYPES['ZONAL']:
cluster = cluster_manager_client.get_cluster(project_id=gcp_project,
zone=zone,
cluster_id=cluster_id)
elif location_type == LOCATION_TYPES['REGIONAL']:
cluster = cluster_manager_client.get_cluster(
project_id=gcp_project,
cluster_id=cluster_id,
zone='',
name='projects/{gcp_project}/locations/{zone}/cluster/{cluster_id}'
.format(
gcp_project=gcp_project,
zone=zone,
cluster_id=cluster_id,
))
configuration = client.Configuration()
configuration.host = 'https://{endpoint}:443'.format(
endpoint=cluster.endpoint, )
configuration.verify_ssl = False
configuration.api_key = {
'authorization': 'Bearer {token}'.format(token=credentials.token, )
}
# configuration.ssl_ca_cert = "/path/to/ca_chain.crt"
client.Configuration.set_default(configuration)
if client_version == 'CoreV1Api':
return client.CoreV1Api()
if client_version == 'AppsV1beta1':
return client.AppsV1beta1()
if client_version == 'ExtensionsV1beta1Api':
return client.ExtensionsV1beta1Api()
def __init__(self, project_id, zone, cluster_id):
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
credentials = service_account.Credentials.from_service_account_file(
os.getenv('GOOGLE_APPLICATION_CREDENTIALS'), scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone,
cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {
"authorization": "Bearer " + credentials.token
}
client.Configuration.set_default(configuration)
self.api_client = client.ApiClient()
self.v1 = client.CoreV1Api()
def initialize_client():
project_id = "tough-canto-314909"
zone = "europe-west1-b"
cluster_id = "cluster-1"
credentials = service_account.Credentials.from_service_account_file(
"C:/Users/bogda/OneDrive/Desktop/shegoto/shigoto_q/keyfiles/gke_service_account.json"
)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(
name=f'projects/{project_id}/locations/{zone}/clusters/{cluster_id}')
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
def createDeployment(credentials):
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
print("CLUSTER END POINT: ", cluster.endpoint)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
with open(path.join(path.dirname(__file__), "nginx-deployment.yaml")) as f:
dep = yaml.safe_load(f)
k8s_apps_v1 = client.AppsV1Api()
resp = k8s_apps_v1.create_namespaced_deployment(body=dep,
namespace="default")
print("Deployment created. status='%s'" % resp.metadata.name)
def test_gke(credentials):
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
print("CLUSTER END POINT: ", cluster.endpoint)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
pods = v1.list_pod_for_all_namespaces(watch=False)
for i in pods.items:
print("%s\t%s\t%s" %
(i.status.pod_ip, i.metadata.namespace, i.metadata.name))
def google_authenticate(project_id, zone, cluster_id):
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
f = open('/Users/dylanblake/key.json', "r")
key = f.read()
try:
fw = open('key.json', 'r')
fw.close()
except:
fw = open('key.json', 'w')
fw.write(key)
fw.close()
credentials = service_account.Credentials.from_service_account_file(
"key.json", scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
return configuration
def main():
project_id = "conductive-fold-275020"
zone = "us-central1-c"
cluster_id = "launch-cluster"
# config.load_kube_config()
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
path = os.getenv('GOOGLE_APPLICATION_CREDENTIALS')
credentials = service_account.Credentials.from_service_account_file(path, scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://"+cluster.endpoint+":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
with open("cir-anders-deployment.yaml") as f:
dep = yaml.safe_load(f)
v1 = client.AppsV1Api()
resp = v1.create_namespaced_deployment(body=dep, namespace="default")
print("Deployment created. Status='%s'" % resp.metadata.name)
def gcloud_clusters_describe_command(client: ClusterManagerClient,
project: str = "",
cluster: str = "",
zone: str = "") -> COMMAND_OUTPUT:
""" Gets the details of a specific cluster.
https://cloud.google.com/sdk/gcloud/reference/container/clusters/describe
Args:
client: Google container client.
project: GCP project from console.
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
zone: Project query zone, e.g. "europe-west2-a".
Returns:
str: Human readable.
dict: Cluster entry context.
dict: Cluster raw response.
"""
# Query and gPRC unpack
raw_response_msg: Message = client.get_cluster(cluster_id=cluster,
project_id=project,
zone=zone,
timeout=API_TIMEOUT)
# Entry context
raw_response_dict: dict = MessageToDict(raw_response_msg)
cluster_ec = parse_cluster(raw_response_dict)
entry_context = {
CLUSTER_CONTEXT: cluster_ec,
}
# Human readable
human_readable: str = tableToMarkdown(
t=parse_cluster_table(cluster_ec),
name=f'Clusters (Project={project}, Zone={zone}, Cluster={cluster})',
)
return human_readable, entry_context, raw_response_dict
from flask import Flask, request, Response, jsonify
from flask_expects_json import expects_json
from kubernetes import client
from google.cloud.container_v1 import ClusterManagerClient
from google.oauth2 import service_account
import requests
app = Flask(__name__)
datastore_client = datastore.Client()
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
credentials = service_account.Credentials.from_service_account_file(os.getenv('GOOGLE_APPLICATION_CREDENTIALS'),
scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id=config("PROJECT_ID"), zone=config("ZONE"),
cluster_id=config("CLUSTER_ID"))
cluster_configuration = client.Configuration()
cluster_configuration.host = "https://" + cluster.endpoint + ":443"
cluster_configuration.verify_ssl = False
cluster_configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(cluster_configuration)
kubernetes_client = client.CoreV1Api()
root = logging.getLogger()
root.setLevel(logging.DEBUG)
handler = logging.StreamHandler(sys.stdout)
handler.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
handler.setFormatter(formatter)
root.addHandler(handler)
def cluster(options: Dict[str, Any]) -> Iterator[Optional[str]]:
if options["cluster"] is None:
load_kube_config()
if options["project"] is None:
options["project"] = "test"
yield None
else:
credentials, project = google.auth.default()
if options["project"] is None:
options["project"] = project
gke = ClusterManagerClient(credentials=credentials)
# create cluster
parent = f"projects/{options['project']}/locations/{options['location']}"
name = f"{parent}/clusters/{options['cluster']}"
try:
operation = gke.create_cluster(
cluster=Cluster(
name=options["cluster"],
logging_service=None,
monitoring_service=None,
node_pools=[
NodePool(
initial_node_count=1,
name="test",
config={
"preemptible": options["preemptible"],
"machine_type": "n1-highcpu-2",
},
)
],
),
parent=parent,
)
except AlreadyExists:
pass
else:
# wait for operation to complete
request = GetOperationRequest(
name=operation.self_link.split("projects").pop())
while gke.get_operation(
request).status <= Operation.Status.RUNNING:
time.sleep(15)
# set kube credentials
cluster = gke.get_cluster(name=name)
config = kube.Configuration()
config.host = f"https://{cluster.endpoint}:443"
config.verify_ssl = False
config.api_key = {"authorization": f"Bearer {credentials.token}"}
kube.Configuration.set_default(config)
# delete cluster after test completes
try:
yield options["cluster"]
finally:
try:
# delete persistent volumes because gke cluster delete won't do it
# https://cloud.google.com/kubernetes-engine/docs/how-to/deleting-a-cluster#overview
api = kube.CoreV1Api()
for pv in api.list_persistent_volume().items:
try:
pv.spec.persistent_volume_reclaim_policy = "Delete"
api.patch_persistent_volume(
name=pv.metadata.name,
body=pv,
)
api.delete_persistent_volume(
name=pv.metadata.name,
grace_period_seconds=0,
propagation_policy="Foreground",
)
except ApiException:
print_exc()
# wait for pv deletes to complete
for _ in range(60):
if not api.list_persistent_volume().items:
break
time.sleep(1)
else:
print("FAILED TO CLEANUP PERSISTENT VOLUMES")
finally:
gke.delete_cluster(name=name)
def set_kube_config(self) -> None:
ensure_installed("gcloud")
kube_config_file_name = self.layer.get_kube_config_file_name()
if exists(kube_config_file_name):
if getmtime(kube_config_file_name) > time.time() - ONE_WEEK_UNIX:
constants.GENERATED_KUBE_CONFIG = kube_config_file_name
return
else:
remove(kube_config_file_name)
credentials = self.get_credentials()[0]
region, project_id = self.get_cluster_env()
cluster_name = self.layer.get_cluster_name()
if not self.cluster_exist():
raise Exception(
"The GKE cluster name could not be determined -- please make sure it has been applied in the environment."
)
gke_client = ClusterManagerClient(credentials=credentials)
cluster_data = gke_client.get_cluster(
name=
f"projects/{project_id}/locations/{region}/clusters/{cluster_name}"
)
cluster_ca_certificate = cluster_data.master_auth.cluster_ca_certificate
cluster_endpoint = f"https://{cluster_data.endpoint}"
gcloud_path = which("gcloud")
kube_context_name = self.get_kube_context_name()
cluster_config = {
"apiVersion":
"v1",
"kind":
"Config",
"clusters": [{
"cluster": {
"server": cluster_endpoint,
"certificate-authority-data": cluster_ca_certificate,
},
"name": kube_context_name,
}],
"contexts": [{
"context": {
"cluster": kube_context_name,
"user": kube_context_name
},
"name": kube_context_name,
}],
"current-context":
kube_context_name,
"preferences": {},
"users": [{
"name": kube_context_name,
"user": {
"auth-provider": {
"name": "gcp",
"config": {
"cmd-args": "config config-helper --format=json",
"cmd-path": gcloud_path,
"expiry-key": "{.credential.token_expiry}",
"token-key": "{.credential.access_token}",
},
}
},
}],
}
with open(kube_config_file_name, "w") as f:
yaml.dump(cluster_config, f)
constants.GENERATED_KUBE_CONFIG = kube_config_file_name
return
def node_pools(options: Dict[str, Any]) -> Iterator[List[str]]:
credentials, project = google.auth.default()
if options["project"] is None:
options["project"] = project
gke = ClusterManagerClient(credentials=credentials)
# build node pool configurations
pools = {}
if options["generator"]:
if options["load_balancer"] is None or options[
"server_uri"] is not None:
pools["generator"] = NodePool(initial_node_count=1)
pools["generator"].config.machine_type = "n1-highcpu-2"
if options["load_balancer"] is None:
pools["server"] = NodePool(initial_node_count=4)
pools["server"].config.machine_type = "n1-highcpu-2"
if options["emulator"]:
pools["emulator"] = NodePool(initial_node_count=1)
else:
# need pubsub permissions
pools["server"].config.oauth_scopes.append(
"https://www.googleapis.com/auth/pubsub")
# add labels
for name, pool in pools.items():
pool.name = name
pool.config.preemptible = options["preemptible"]
pool.config.labels["name"] = name
if options["location"][-2] == "-":
# triple node count for single zone cluster
pool.initial_node_count *= 3
# create cluster
if not pools:
yield [] # nothing to create
else:
kwargs = {
"cluster":
Cluster(
name=options["cluster"],
logging_service=None,
monitoring_service=None,
node_pools=list(pools.values()),
),
"parent":
f"projects/{options['project']}/locations/{options['location']}",
}
name = f"{kwargs['parent']}/clusters/{options['cluster']}"
try:
operation = gke.create_cluster(**kwargs)
except AlreadyExists:
pass
else:
# wait for operation to complete
request = GetOperationRequest(
name=operation.self_link.split("projects").pop())
while gke.get_operation(
request).status <= Operation.Status.RUNNING:
time.sleep(15)
# set kube credentials
cluster = gke.get_cluster(name=name)
config = kube.Configuration()
config.host = f"https://{cluster.endpoint}:443"
config.verify_ssl = False
config.api_key = {"authorization": f"Bearer {credentials.token}"}
kube.Configuration.set_default(config)
# delete cluster after test completes
try:
yield list(pools)
finally:
gke.delete_cluster(name=name)