def test_to_volume_secret(self, mock_uuid): mock_uuid.return_value = '0' secret = Secret('volume', '/etc/foo', 'secret_b') assert secret.to_volume_secret() == ( k8s.V1Volume(name='secretvol0', secret=k8s.V1SecretVolumeSource(secret_name='secret_b')), k8s.V1VolumeMount(mount_path='/etc/foo', name='secretvol0', read_only=True), )
def to_volume_secret(self) -> Tuple[k8s.V1Volume, k8s.V1VolumeMount]: """Converts to volume secret""" vol_id = f'secretvol{uuid.uuid4()}' volume = k8s.V1Volume(name=vol_id, secret=k8s.V1SecretVolumeSource(secret_name=self.secret)) if self.items: volume.secret.items = self.items return (volume, k8s.V1VolumeMount(mount_path=self.deploy_target, name=vol_id, read_only=True))
def get_kubeconfig_volume(release: OpenshiftRelease): return k8s.V1Volume( name="kubeconfig", secret=k8s.V1SecretVolumeSource( secret_name=f"{release.get_release_name()}-kubeconfig" ) )
def to_volume_secret(self) -> Tuple[k8s.V1Volume, k8s.V1VolumeMount]: vol_id = 'secretvol{}'.format(uuid.uuid4()) return (k8s.V1Volume( name=vol_id, secret=k8s.V1SecretVolumeSource(secret_name=self.secret)), k8s.V1VolumeMount(mount_path=self.deploy_target, name=vol_id, read_only=True))
def get_kubeconfig_volume(release: OpenshiftRelease, task_group): prefix=f"{task_group}-" return k8s.V1Volume( name="kubeconfig", secret=k8s.V1SecretVolumeSource( secret_name=f"{release.get_release_name()}-{prefix if 'hosted' in task_group else ''}kubeconfig" ) )
def _get_volumes(self) -> List[k8s.V1Volume]: def _construct_volume(name, claim, host) -> k8s.V1Volume: volume = k8s.V1Volume(name=name) if claim: volume.persistent_volume_claim = k8s.V1PersistentVolumeClaimVolumeSource( claim_name=claim) elif host: volume.host_path = k8s.V1HostPathVolumeSource(path=host, type='') else: volume.empty_dir = {} return volume volumes = { self.dags_volume_name: _construct_volume(self.dags_volume_name, self.kube_config.dags_volume_claim, self.kube_config.dags_volume_host), self.logs_volume_name: _construct_volume(self.logs_volume_name, self.kube_config.logs_volume_claim, self.kube_config.logs_volume_host) } if self.kube_config.dags_in_image: del volumes[self.dags_volume_name] # Get the SSH key from secrets as a volume if self.kube_config.git_ssh_key_secret_name: volumes[self.git_sync_ssh_secret_volume_name] = k8s.V1Volume( name=self.git_sync_ssh_secret_volume_name, secret=k8s.V1SecretVolumeSource( secret_name=self.kube_config.git_ssh_key_secret_name, items=[ k8s.V1KeyToPath(key=self.git_ssh_key_secret_key, path='ssh', mode=0o440) ])) if self.kube_config.git_ssh_known_hosts_configmap_name: volumes[self.git_sync_ssh_known_hosts_volume_name] = k8s.V1Volume( name=self.git_sync_ssh_known_hosts_volume_name, config_map=k8s.V1ConfigMapVolumeSource( name=self.kube_config.git_ssh_known_hosts_configmap_name, default_mode=0o440)) # Mount the airflow.cfg file via a configmap the user has specified if self.kube_config.airflow_configmap: config_volume_name = 'airflow-config' volumes[config_volume_name] = k8s.V1Volume( name=config_volume_name, config_map=k8s.V1ConfigMapVolumeSource( name=self.kube_config.airflow_configmap)) return list(volumes.values())
def test_only_mount_sub_secret(self, mock_uuid): mock_uuid.return_value = '0' items = [k8s.V1KeyToPath(key="my-username", path="/extra/path")] secret = Secret('volume', '/etc/foo', 'secret_b', items=items) assert secret.to_volume_secret() == ( k8s.V1Volume( name='secretvol0', secret=k8s.V1SecretVolumeSource(secret_name='secret_b', items=items) ), k8s.V1VolumeMount(mount_path='/etc/foo', name='secretvol0', read_only=True), )
def test_to_volume_secret(self, mock_uuid): static_uuid = uuid.UUID('cf4a56d2-8101-4217-b027-2af6216feb48') mock_uuid.return_value = static_uuid secret = Secret('volume', '/etc/foo', 'secret_b') self.assertEqual( secret.to_volume_secret(), (k8s.V1Volume( name='secretvol' + str(static_uuid), secret=k8s.V1SecretVolumeSource(secret_name='secret_b')), k8s.V1VolumeMount(mount_path='/etc/foo', name='secretvol' + str(static_uuid), read_only=True)))
def to_volume_secret(secret: "Secret") -> typing.Tuple[k8s.V1Volume, k8s.V1VolumeMount]: """Converts to volume secret""" vol_id = f"secretvol{uuid.uuid4()}" volume = k8s.V1Volume( name=vol_id, secret=k8s.V1SecretVolumeSource(secret_name=secret.secret) ) # if secret.items: # volume.secret.items = self.items return ( volume, k8s.V1VolumeMount(mount_path=secret.deploy_target, name=vol_id, read_only=True), )
def to_volume_secret(self): import kubernetes.client.models as k8s vol_id = 'secretvol{}'.format(uuid.uuid4()) if self.deploy_target: volume_mount = k8s.V1VolumeMount(mount_path=self.deploy_target, name=vol_id, read_only=True) else: volume_mount = None return (k8s.V1Volume( name=vol_id, secret=k8s.V1SecretVolumeSource(secret_name=self.secret)), volume_mount)
def get_kubeconfig_volume(version, platform, profile): return k8s.V1Volume( name="kubeconfig", secret=k8s.V1SecretVolumeSource( secret_name=f"{version}-{platform}-{profile}-kubeconfig"))
def test_convert_to_airflow_pod(self): input_pod = k8s.V1Pod( metadata=k8s.V1ObjectMeta(name="foo", namespace="bar"), spec=k8s.V1PodSpec( init_containers=[ k8s.V1Container(name="init-container", volume_mounts=[ k8s.V1VolumeMount(mount_path="/tmp", name="init-secret") ]) ], containers=[ k8s.V1Container( name="base", command=["foo"], image="myimage", env=[ k8s.V1EnvVar( name="AIRFLOW_SECRET", value_from=k8s.V1EnvVarSource( secret_key_ref=k8s.V1SecretKeySelector( name="ai", key="secret_key"))) ], ports=[ k8s.V1ContainerPort( name="myport", container_port=8080, ) ], volume_mounts=[ k8s.V1VolumeMount(name="myvolume", mount_path="/tmp/mount", read_only="True"), k8s.V1VolumeMount(name='airflow-config', mount_path='/config', sub_path='airflow.cfg', read_only=True), k8s.V1VolumeMount(name="airflow-secret", mount_path="/opt/mount", read_only=True) ]) ], security_context=k8s.V1PodSecurityContext( run_as_user=0, fs_group=0, ), volumes=[ k8s.V1Volume(name="myvolume"), k8s.V1Volume( name="airflow-config", config_map=k8s.V1ConfigMap(data="airflow-data")), k8s.V1Volume(name="airflow-secret", secret=k8s.V1SecretVolumeSource( secret_name="secret-name", )), k8s.V1Volume(name="init-secret", secret=k8s.V1SecretVolumeSource( secret_name="init-secret", )) ])) result_pod = _convert_to_airflow_pod(input_pod) expected = Pod( name="foo", namespace="bar", envs={}, init_containers=[{ 'name': 'init-container', 'volumeMounts': [{ 'mountPath': '/tmp', 'name': 'init-secret' }] }], cmds=["foo"], image="myimage", ports=[Port(name="myport", container_port=8080)], volume_mounts=[ VolumeMount(name="myvolume", mount_path="/tmp/mount", sub_path=None, read_only="True"), VolumeMount(name="airflow-config", read_only=True, mount_path="/config", sub_path="airflow.cfg"), VolumeMount(name="airflow-secret", mount_path="/opt/mount", sub_path=None, read_only=True) ], secrets=[Secret("env", "AIRFLOW_SECRET", "ai", "secret_key")], security_context={ 'fsGroup': 0, 'runAsUser': 0 }, volumes=[ Volume(name="myvolume", configs={'name': 'myvolume'}), Volume(name="airflow-config", configs={ 'configMap': { 'data': 'airflow-data' }, 'name': 'airflow-config' }), Volume(name='airflow-secret', configs={ 'name': 'airflow-secret', 'secret': { 'secretName': 'secret-name' } }), Volume(name='init-secret', configs={ 'name': 'init-secret', 'secret': { 'secretName': 'init-secret' } }) ], ) expected_dict = expected.as_dict() result_dict = result_pod.as_dict() print(result_pod.volume_mounts) parsed_configs = self.pull_out_volumes(result_dict) result_dict['volumes'] = parsed_configs self.assertEqual(result_dict['secrets'], expected_dict['secrets']) self.assertDictEqual(expected_dict, result_dict)