Example #1
0
 def delete_pod(self, o):
     md = o.metadata
     log('Deleting {kind} {namespace}/{name}'.format(kind=o.kind,
                                                     namespace=md.namespace,
                                                     name=md.name))
     body = client.V1DeleteOptions()
     self.core_v1.delete_namespaced_pod(md.name, md.namespace, body)
def create_third_party_resource():
    ext_v1beta1 = kubernetes.client.ExtensionsV1beta1Api()
    tpr = kubernetes.client.V1beta1ThirdPartyResource(
        description='Kubernetes Clair Vulnerability Report',
        metadata=kubernetes.client.V1ObjectMeta(name=TPR_NAME),
        versions=[kubernetes.client.V1beta1APIVersion(name='v1')])
    try:
        res = ext_v1beta1.create_third_party_resource(tpr)
        log('Created ThirdPartyResource %s' % TPR_NAME)
    except kubernetes.client.rest.ApiException as ex:
        if ex.status != 409 and ex.reason.lower() != 'conflict':
            raise
        log('ThirdPartyResource %s already exists' % TPR_NAME)
Example #3
0
def main():
    log('Started NamespaceWatcher')

    import os

    if 'SERVICE_TOKEN_FILENAME' in os.environ:
        InClusterConfigLoader(
            token_filename=os.environ.get('SERVICE_TOKEN_FILENAME'),
            cert_filename=os.environ.get(
                'SERVICE_CERT_FILENAME')).load_and_set()
    else:
        config.load_incluster_config()

    client.configuration.verify_ssl = False

    nw = NamespaceWatcher(watch)
    nw.start()
Example #4
0
def main():
    log('Started JobPrunner')

    import os
    deadline_hours = int(os.environ.get('DEADLINE_HOURS', 24))
    log('Job deadline {}h'.format(deadline_hours))

    if 'SERVICE_TOKEN_FILENAME' in os.environ:
        InClusterConfigLoader(
            token_filename=os.environ.get('SERVICE_TOKEN_FILENAME'),
            cert_filename=os.environ.get(
                'SERVICE_CERT_FILENAME')).load_and_set()
    else:
        config.load_incluster_config()

    client.configuration.verify_ssl = False

    jp = JobPrunner(watch=watch.Watch())
    jp.start(deadline_hours * 60 * 60)
def main():
    log('Started Openshift Clair Controller {}'.format(
        version.CLAIR_CONTROLLER_VERSION))

    if 'SERVICE_TOKEN_FILENAME' in os.environ:
        kubernetes.config.incluster_config.InClusterConfigLoader(
            token_filename=os.environ.get('SERVICE_TOKEN_FILENAME'),
            cert_filename=os.environ.get(
                'SERVICE_CERT_FILENAME')).load_and_set()
    else:
        kubernetes.config.load_incluster_config()

    kubernetes.client.configuration.verify_ssl = False

    create_third_party_resource()

    dockercfg_path = os.environ.get('DOCKERCFG_PATH', '/.docker/.dockercfg')
    with open(dockercfg_path, 'r') as df:
        dockercfg = json.load(df)

    kk = controller.ClairController(kubernetes.client,
                                    kubernetes.watch,
                                    dockercfg=dockercfg)
    kk.start()
Example #6
0
    def process_objects(self, objs, booting=False):
        if booting:
            for uid, o in objs.items():
                log('>>>', oid(o))
            return

        busy = False
        log('Processing {} jobs'.format(len(objs)))

        for uid, o in objs.items():
            if self.expired(o):
                log('Expired', oid(o), o.metadata.creation_timestamp)
                try:
                    self.delete_job_and_pods(o)
                except client.rest.ApiException as ex:
                    if ex.status != 404:
                        raise
                    log('{} {}: {}'.format(ex.status, ex.reason, ex))
                busy = True
        return busy
Example #7
0
 def deleted_object(self, o):
     log('-->', oid(o), o.metadata.creation_timestamp)
Example #8
0
 def modified_object(self, old, new):
     log('xx>', oid(old), '-->', oid(new), '@',
         new.metadata.creation_timestamp)
Example #9
0
 def added_object(self, o):
     log('++>', oid(o), o.metadata.creation_timestamp)
Example #10
0
 def process_objects(self, objs, booting=False):
     if booting:
         for uid, o in objs.items():
             log('>>>', oid(o))
     else:
         log('>>> found %i objects' % len(objs))