def _get_config(self) -> Configuration:
"""Get the Kubernetes cluster config."""
if not self.cluster_ip and not self.cluster_cert:
cluster_manager_client = ClusterManagerClient()
cluster = cluster_manager_client.get_cluster(
name=f"projects/{self.project_id}/locations/{self.zone}/clusters/{self.cluster_id}"
)
self.cluster_ip = cluster.endpoint
self.cluster_cert = str(cluster.master_auth.cluster_ca_certificate)
elif not (self.cluster_ip and self.cluster_cert):
raise Exception(
"Cluster IP and cluster certificate required when cluster configuration "
"is provided explicitly."
)
creds, projects = google.auth.default(
scopes=["https://www.googleapis.com/auth/cloud-platform"]
)
auth_req = google.auth.transport.requests.Request()
creds.refresh(auth_req) # refresh token
with NamedTemporaryFile(delete=False) as ca_cert:
ca_cert.write(base64.b64decode(self.cluster_cert))
return Configuration(
host=f"https://{self.cluster_ip}",
ssl_ca_cert=ca_cert.name,
authorization_key_prefix="Bearer",
authorization_key=creds.token, # valid for one hour
)
def configmap_fetcher(request):
"""Gets configuration from a config-map in a GKE cluster."""
cluster_region = os.environ.get("GKE_CLUSTER_REGION", "europe-west1")
cluster_name = os.environ.get("GKE_CLUSTER_NAME", "config-cluster")
namespace = os.environ.get("KUBERNETES_NAMESPACE", "default")
# GCP_PROJECT env is set automatically by Cloud Function runtime.
project_id = os.environ.get("GCP_PROJECT")
credentials, _ = google.auth.default()
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster_resource_name = (
f"projects/{project_id}/locations/{cluster_region}/clusters/{cluster_name}"
)
cluster = cluster_manager_client.get_cluster("",
"",
"",
name=cluster_resource_name)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
configmaps = v1.list_namespaced_config_map(namespace, watch=False)
return jsonify(configmaps.to_dict())
def test_gke(data, context):
project_id = "[PROJECT-ID]"
zone = "[ZONE]"
cluster_id = "[CLUSTER-NAME]"
credentials = compute_engine.Credentials()
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.AppsV1Api()
#Try to list all the deployments.
try:
deployments = v1.list_deployment_for_all_namespaces()
except ApiException as e:
print("Exception when calling AppsV1Api->list_deployment_for_all_namespaces: %s\n" % e)
#Loop through the deployments to find the specfic hello-server deployment and update accordingly.
for deployment in deployments.items:
if 'hello' in deployment.metadata.name:
print("%s\t%s" % (deployment.metadata.namespace, deployment.metadata.name))
update_deployment(v1,deployment)
return("Ok")
def gcloud_operations_cancel_command(client: ClusterManagerClient,
project: str, zone: str,
operation: str) -> COMMAND_OUTPUT:
""" Cancel operation by operation name.
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
operation: Operation name.
Returns:
str: Human readable.
dict: Operation entry context - will be empty.
dict: Operation raw response - will be empty.
"""
# Query operation status
client.cancel_operation(project_id=project,
zone=zone,
operation_id=operation,
timeout=API_TIMEOUT)
# Human readable
human_readable: str = f'Project {project} - Zone {zone} - Operation {operation} canceled'
return human_readable, {}, {}
def main():
# config.load_kube_config()
project_id = "conductive-fold-275020"
zone = "us-central1-c"
cluster_id = "launch-cluster"
# config.load_kube_config()
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
path = os.getenv('GOOGLE_APPLICATION_CREDENTIALS')
credentials = service_account.Credentials.from_service_account_file(
path, scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.AppsV1Api()
# if sys.argv[1]:
# name = sys.argv[1]
# else:
name = 'cir-anders-openmp'
resp = v1.delete_namespaced_deployment(name=name, namespace="default")
print("Deployment {} deleted.".format(name))
def test_module_command(client: ClusterManagerClient, project: str, zone: str):
""" Test Google Kubernetes Engine client connection using gcloud-clusters-list command:
1. project.
2. zone.
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
Returns:
str: Human readable.
dict: Cluster entry context.
dict: Cluster raw response.
"""
# Query and gPRC unpack - will raise exception if not succeed
try:
client.list_clusters(project_id=project,
zone=zone,
timeout=API_TIMEOUT)
except Exception:
raise DemistoException(
'Unsuccessfull integration test - check configuration...')
return 'ok', {}, {}
def test_gke():
project_id = "wn-cloud-275704"
zone = "us-central1-c"
cluster_id = "wn-cloud-portal-qa"
# Use a service account configured in GCP console,
# authenticating with a JSON key
credentials = service_account.Credentials \
.from_service_account_file('wn-cloud-275704-24c84de6f442.json')
print('Authentication done------------------------------>')
# Get cluster details
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id=project_id,
zone=zone,
cluster_id=cluster_id)
print('cluster info received------------------------------>')
# Save cluster certificate for SSL verification
cert = base64.b64decode(cluster.master_auth.cluster_ca_certificate)
cert_filename = 'cluster_ca_cert'
cert_file = open(cert_filename, 'w')
cert_file.write(cert)
cert_file.close()
# Configure hostname for SSL verification
hosts = Hosts()
hosts.add([
HostsEntry(entry_type='ipv4',
address=cluster.endpoint,
names=['kubernetes'])
])
hosts.write()
# Get a token with the scopes required by GKE
kubeconfig_creds = credentials.with_scopes([
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/userinfo.email'
])
auth_req = google.auth.transport.requests.Request()
kubeconfig_creds.refresh(auth_req)
configuration = client.Configuration()
configuration.host = "https://kubernetes"
configuration.ssl_ca_cert = cert_filename
kubeconfig_creds.apply(configuration.api_key)
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
pods = v1.list_pod_for_all_namespaces(watch=False)
for i in pods.items:
print("%s\t%s\t%s" %
(i.status.pod_ip, i.metadata.namespace, i.metadata.name))
def start_k8s_client(service_account_cred, scope, proj_id, zone, cluster_id):
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
credentials = service_account.Credentials.from_service_account_file(
service_account_cred, scopes=scope)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(proj_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
return client
def cluster_exist(self) -> bool:
credentials = self.get_credentials()[0]
region, project_id = self.get_cluster_env()
cluster_name = self.layer.get_cluster_name()
gke_client = ClusterManagerClient(credentials=credentials)
try:
gke_client.get_cluster(
name=
f"projects/{project_id}/locations/{region}/clusters/{cluster_name}"
)
return True
except NotFound:
return False
def gcloud_operations_describe_command(client: ClusterManagerClient,
project: str, zone: str,
operation: str) -> COMMAND_OUTPUT:
""" Retrieve operation information by name.
https://cloud.google.com/sdk/gcloud/reference/container/operations/describe
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
operation: Operation name.
Returns:
str: Human readable.
dict: Operation entry context.
dict: Operation raw response.
"""
# Query operation status
raw_response_msg: Message = client.get_operation(project_id=project,
zone=zone,
operation_id=operation,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
operations: dict = parse_operation(raw_response_dict)
entry_context = {
OPERATION_CONTEXT: operations,
}
# Human readable
human_readable: str = tableToMarkdown(
t=operations,
headers=OPERATION_TABLE,
name=f'Project {project} - Zone {zone} - Operation {operation}')
return human_readable, entry_context, raw_response_dict
def gcloud_clusters_list_command(client: ClusterManagerClient, project: str,
zone: str) -> COMMAND_OUTPUT:
""" Lists all clusters owned by a project in either the specified zone or all zones.
Original command - https://cloud.google.com/sdk/gcloud/reference/container/clusters/list
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
Returns:
str: Human readable.
dict: Cluster entry context.
dict: Cluster raw response.
"""
# Query and gPRC unpack
raw_response_msg: Message = client.list_clusters(project_id=project,
zone=zone,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
clusters_ec: List[dict] = [
parse_cluster(cluster)
for cluster in raw_response_dict.get('clusters', [])
]
entry_context = {
CLUSTER_CONTEXT: clusters_ec,
}
# Human readable
human_readable: str = tableToMarkdown(
t=[parse_cluster_table(entry) for entry in clusters_ec],
name=f'Clusters (Project={project}, Zone={zone})')
return human_readable, entry_context, raw_response_dict
def __init__(self, args):
super().__init__(args)
self.codalab_username = os.environ.get('CODALAB_USERNAME')
self.codalab_password = os.environ.get('CODALAB_PASSWORD')
if not self.codalab_username or not self.codalab_password:
raise EnvironmentError(
'Valid credentials need to be set as environment variables: CODALAB_USERNAME and CODALAB_PASSWORD'
)
# Authenticate via GCP
credentials: service_account.Credentials = service_account.Credentials.from_service_account_file(
self.args.credentials_path, scopes=['https://www.googleapis.com/auth/cloud-platform']
)
cluster_manager_client: ClusterManagerClient = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(
name=f'projects/{self.args.project}/locations/{self.args.zone}/clusters/{self.args.cluster}'
)
# Save SSL certificate to connect to the GKE cluster securely
cert_path = os.path.join(self.args.cert_path, 'gke.crt')
with open(cert_path, 'wb') as f:
f.write(base64.b64decode(cluster.master_auth.cluster_ca_certificate))
# Configure and initialize Kubernetes client
configuration: client.Configuration = client.Configuration()
configuration.host = f'https://{cluster.endpoint}:443'
configuration.api_key = {'authorization': f'Bearer {credentials.token}'}
configuration.verify_ssl = True
configuration.ssl_ca_cert = cert_path
client.Configuration.set_default(configuration)
self.k8_client: client.ApiClient = client.ApiClient(configuration)
self.k8_api: client.CoreV1Api = client.CoreV1Api(self.k8_client)
def gcloud_node_pool_describe_command(client: ClusterManagerClient,
project: str, zone: str, cluster: str,
node_pool: str) -> COMMAND_OUTPUT:
""" gcloud container node-pools list - list existing node pools for a cluster
https://cloud.google.com/sdk/gcloud/reference/container/node-pools/describe
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
node_pool: Node pool id, e.g. "dmst-gke-pool-1".
Returns:
str: Human readable.
dict: Cluster entry context.
dict: Cluster raw response.
"""
# Query and gPRC unpack
raw_response_msg: Message = client.get_node_pool(project_id=project,
zone=zone,
cluster_id=cluster,
node_pool_id=node_pool,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
node_pools_ec: dict = parse_node_pool(raw_response_dict)
entry_context = {NODE_POOL_CONTEXT: node_pools_ec}
# Human readable
human_readable: str = tableToMarkdown(
t=parse_node_pool_table(node_pools_ec),
name=f'Node-pools (Project={project}, Zone={zone},'
f' Cluster={cluster}, Node pool={node_pool})')
return human_readable, entry_context, raw_response_dict
def __init__(self, project_id, zone, cluster_id):
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
credentials = service_account.Credentials.from_service_account_file(
os.getenv('GOOGLE_APPLICATION_CREDENTIALS'), scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone,
cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {
"authorization": "Bearer " + credentials.token
}
client.Configuration.set_default(configuration)
self.api_client = client.ApiClient()
self.v1 = client.CoreV1Api()
def gcloud_clusters_set_addons_command(
client: ClusterManagerClient,
project: str,
cluster: str,
zone: str,
http_load_balancing: Optional[str] = None,
kubernetes_dashboard: Optional[str] = None,
network_policy: Optional[str] = None) -> COMMAND_OUTPUT:
""" Sets the addons for a specific cluster.
https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--update-addons
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
http_load_balancing: "enable" or "disable".
kubernetes_dashboard: "enable" or "disable".
network_policy: "enable" or "disable".
Returns:
str: Human readable.
dict: Operation entry context.
dict: Operation raw response.
"""
# Perform cluster update
update = {}
if http_load_balancing:
update['http_load_balancing'] = {
"disabled": http_load_balancing != 'enable'
}
if kubernetes_dashboard:
update['kubernetes_dashboard'] = {
"disabled": kubernetes_dashboard != 'enable'
}
if network_policy:
update['network_policy_config'] = {
"disabled": network_policy != 'enable'
}
raw_response_msg: Message = client.set_addons_config(project_id=project,
zone=zone,
cluster_id=cluster,
addons_config=update,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
operation: dict = parse_operation(raw_response_dict)
entry_context = {
OPERATION_CONTEXT: operation,
}
# Human readable
human_readable: str = tableToMarkdown(
t=operation,
headers=OPERATION_TABLE,
name=f'Set addons - Operation: {operation.get("Name")}')
return human_readable, entry_context, raw_response_dict
def gcloud_set_node_pool_management(
client: ClusterManagerClient,
project: str,
zone: str,
cluster: str,
node_pool: str,
auto_repair: Optional[str] = None,
auto_upgrade: Optional[str] = None) -> COMMAND_OUTPUT:
""" Disbale or Enable node-pool functionallity:
1. auto-repair.
2. auto-upgrade.
https://cloud.google.com/sdk/gcloud/reference/container/node-pools/update
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
node_pool: Node pool id, e.g. "dmst-gke-pool-1".
auto_repair: A flag that specifies whether the node auto-repair is enabled for the node pool.
auto_upgrade: A flag that specifies whether node auto-upgrade is enabled for the node pool.
Returns:
str: Human readable.
dict: Operation entry context.
dict: Operation raw response.
"""
# Perform node pools update
update = {}
if auto_repair:
update['auto_repair'] = auto_repair == 'enable'
if auto_upgrade:
update['auto_upgrade'] = auto_upgrade == 'enable'
raw_response_msg: Message = client.set_node_pool_management(
project_id=project,
zone=zone,
cluster_id=cluster,
node_pool_id=node_pool,
management=update,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
operation: dict = parse_operation(raw_response_dict)
entry_context = {
OPERATION_CONTEXT: operation,
}
# Human readable
human_readable: str = tableToMarkdown(
t=operation,
headers=OPERATION_TABLE,
name=
f'Project {project} - Zone {zone} - Cluster {cluster} - {operation.get("Name")}'
)
return human_readable, entry_context, raw_response_dict
def test_gke(credentials):
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
print("CLUSTER END POINT: ", cluster.endpoint)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
pods = v1.list_pod_for_all_namespaces(watch=False)
for i in pods.items:
print("%s\t%s\t%s" %
(i.status.pod_ip, i.metadata.namespace, i.metadata.name))
def createDeployment(credentials):
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
print("CLUSTER END POINT: ", cluster.endpoint)
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
with open(path.join(path.dirname(__file__), "nginx-deployment.yaml")) as f:
dep = yaml.safe_load(f)
k8s_apps_v1 = client.AppsV1Api()
resp = k8s_apps_v1.create_namespaced_deployment(body=dep,
namespace="default")
print("Deployment created. status='%s'" % resp.metadata.name)
def initialize_client():
project_id = "tough-canto-314909"
zone = "europe-west1-b"
cluster_id = "cluster-1"
credentials = service_account.Credentials.from_service_account_file(
"C:/Users/bogda/OneDrive/Desktop/shegoto/shigoto_q/keyfiles/gke_service_account.json"
)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(
name=f'projects/{project_id}/locations/{zone}/clusters/{cluster_id}')
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
def _set_gke_cluster(self) -> bool:
"""sets the gke cluster for this instance
Returns:
True on success, False otherwise
"""
if self._gke_cluster is not None:
return True
self._cluster_client = ClusterManagerClient(
credentials=self.credentials)
if self._cluster_client is None:
logging.error('error getting cluster management client')
return False
cluster_list = utils.get_gke_clusters(self._cluster_client,
self.project_id, self.zone)
if cluster_list is None:
return False
if len(cluster_list) < 1:
return False
if self.name is None and len(cluster_list) > 1:
logging.error('multiple clusters found, please specify:')
for c in cluster_list:
logging.info(c.name)
return False
if self.name is None:
self._gke_cluster = cluster_list[0]
return True
cluster_dict = dict([(c.name, c) for c in cluster_list])
if self.name not in cluster_dict:
logging.error('cluster {} not found'.format(self.name))
return False
self._gke_cluster = cluster_dict[self.name]
return True
def google_authenticate(project_id, zone, cluster_id):
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
f = open('/Users/dylanblake/key.json', "r")
key = f.read()
try:
fw = open('key.json', 'r')
fw.close()
except:
fw = open('key.json', 'w')
fw.write(key)
fw.close()
credentials = service_account.Credentials.from_service_account_file(
"key.json", scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://" + cluster.endpoint + ":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
return configuration
def gcloud_clusters_set_master_authorized_network_command(
client: ClusterManagerClient,
project: str,
cluster: str,
zone: str,
enable: Optional[str] = None,
cidrs: Optional[str] = None) -> COMMAND_OUTPUT:
""" Enable or Disable authorized CIDRs to master node and add cidrs.
https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--master-authorized-networks
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
enable: "true" or "false"
cidrs: Comma seprated list of CIDRs 192.160.0.0/24,10.0.0.0/24,
Returns:
str: Human readable.
dict: Operation entry context.
dict: Operation raw response.
"""
# Perform cluster update
update = {
'desired_master_authorized_networks_config': {
'enabled':
enable == 'true',
'cidr_blocks': [{
'cidr_block': cidr_block
} for cidr_block in argToList(cidrs)]
}
}
raw_response_msg: Message = client.update_cluster(project_id=project,
zone=zone,
cluster_id=cluster,
update=update,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
operation: dict = parse_operation(raw_response_dict)
entry_context = {
OPERATION_CONTEXT: operation,
}
# Human readable
human_readable: str = tableToMarkdown(
t=operation,
headers=OPERATION_TABLE,
name=
f'Set master authorized networks - Operation: {operation.get("Name")}')
return human_readable, entry_context, raw_response_dict
def main():
project_id = "conductive-fold-275020"
zone = "us-central1-c"
cluster_id = "launch-cluster"
# config.load_kube_config()
SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
path = os.getenv('GOOGLE_APPLICATION_CREDENTIALS')
credentials = service_account.Credentials.from_service_account_file(path, scopes=SCOPES)
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id)
configuration = client.Configuration()
configuration.host = "https://"+cluster.endpoint+":443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + credentials.token}
client.Configuration.set_default(configuration)
with open("cir-anders-deployment.yaml") as f:
dep = yaml.safe_load(f)
v1 = client.AppsV1Api()
resp = v1.create_namespaced_deployment(body=dep, namespace="default")
print("Deployment created. Status='%s'" % resp.metadata.name)
def get_k8_api(gcp_project,
zone,
cluster_id,
client_version='ExtensionsV1beta1Api'):
# TODO: use service account instead of creating token with ClusterManagerClient
credentials = compute_engine.Credentials()
cluster_manager_client = ClusterManagerClient(credentials=credentials, )
location_type = get_location_type(zone)
if location_type == LOCATION_TYPES['ZONAL']:
cluster = cluster_manager_client.get_cluster(project_id=gcp_project,
zone=zone,
cluster_id=cluster_id)
elif location_type == LOCATION_TYPES['REGIONAL']:
cluster = cluster_manager_client.get_cluster(
project_id=gcp_project,
cluster_id=cluster_id,
zone='',
name='projects/{gcp_project}/locations/{zone}/cluster/{cluster_id}'
.format(
gcp_project=gcp_project,
zone=zone,
cluster_id=cluster_id,
))
configuration = client.Configuration()
configuration.host = 'https://{endpoint}:443'.format(
endpoint=cluster.endpoint, )
configuration.verify_ssl = False
configuration.api_key = {
'authorization': 'Bearer {token}'.format(token=credentials.token, )
}
# configuration.ssl_ca_cert = "/path/to/ca_chain.crt"
client.Configuration.set_default(configuration)
if client_version == 'CoreV1Api':
return client.CoreV1Api()
if client_version == 'AppsV1beta1':
return client.AppsV1beta1()
if client_version == 'ExtensionsV1beta1Api':
return client.ExtensionsV1beta1Api()
def get_gke_clusters(client: ClusterManagerClient,
project_id: str,
zone: str = '-') -> Optional[List[GKECluster]]:
"""gets list of gcp clusters for given project, zone
Args:
client: cluster api client
project_id: project id
zone: zone, - = all zones
Returns:
list of clusters on success, None otherwise
"""
return client.list_clusters(project_id=project_id, zone=zone).clusters
def google_client_setup(json_configuration: str) -> ClusterManagerClient:
""" Setup client for service acount in google cloud - For more information:
https://cloud.google.com/iam/docs/service-accounts
Args:
json_configuration: Json configuration file content from IAM.
Returns:
ClusterManagerClient: client manager.
"""
credentials = service_account.Credentials.from_service_account_info(
json.loads(json_configuration))
client = ClusterManagerClient(credentials=credentials)
return client
def gcloud_clusters_set_k8s_stackdriver_command(
client: ClusterManagerClient,
project: str,
cluster: str,
zone: str,
enable: Optional[str] = None) -> COMMAND_OUTPUT:
""" Enable or Disable k8s stackdriver.
https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--enable-stackdriver-kubernetes
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
enable: "true" or "false"
Returns:
str: Human readable.
dict: Operation entry context.
dict: Operation raw response.
Notes:
1. The monitoring and logging should be configured to same resource and it can done only via gcp console.
"""
# Perform cluster update
update = "monitoring.googleapis.com/kubernetes" if enable == 'true' else ''
raw_response_msg: Message = client.set_monitoring_service(
project_id=project,
zone=zone,
cluster_id=cluster,
monitoring_service=update,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
operation: dict = parse_operation(raw_response_dict)
entry_context = {
OPERATION_CONTEXT: operation,
}
# Human readable
human_readable: str = tableToMarkdown(
t=operation,
headers=OPERATION_TABLE,
name=f'Set kubernetes stackdriver - Operation: {operation.get("Name")}'
)
return human_readable, entry_context, raw_response_dict
def gcloud_clusters_set_binary_auth(
client: ClusterManagerClient,
project: str,
cluster: str,
zone: str,
enable: Optional[str] = None) -> COMMAND_OUTPUT:
""" Enable or Disable binary authorize.
https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--enable-binauthz
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
enable: "true" or "false"
Returns:
str: Human readable.
dict: Operation entry context.
dict: Operation raw response.
"""
# Perform cluster update
update = {
'desired_binary_authorization': {
'enabled': enable == 'enable',
}
}
raw_response_msg: Message = client.update_cluster(project_id=project,
zone=zone,
cluster_id=cluster,
update=update,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
operation: dict = parse_operation(raw_response_dict)
entry_context = {
OPERATION_CONTEXT: operation,
}
# Human readable
human_readable: str = tableToMarkdown(
t=operation,
headers=OPERATION_TABLE,
name=
f'Set kubernetes binary authorization - Operation: {operation.get("Name")}'
)
return human_readable, entry_context, raw_response_dict
def gcloud_clusters_set_master_auth(
client: ClusterManagerClient,
project: str,
cluster: str,
zone: str,
basic_auth: Optional[str] = None) -> COMMAND_OUTPUT:
""" Enable basic (username/password) auth for the cluster. Enable will create user admin with generated password.
https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--enable-basic-auth
Args:
client: Google container client.
project: GCP project from console.
zone: Project query zone, e.g. "europe-west2-a".
cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1".
basic_auth: "enable" or "disable".
Returns:
str: Human readable.
dict: Operation entry context.
dict: Operation raw response.
"""
# Perform cluster update
upadte = {"username": "******" if basic_auth == "enable" else ""}
raw_response_msg: Message = client.set_master_auth(
action=enums.SetMasterAuthRequest.Action.SET_USERNAME,
project_id=project,
zone=zone,
cluster_id=cluster,
update=upadte,
timeout=API_TIMEOUT)
raw_response_dict: dict = MessageToDict(raw_response_msg)
# Entry context
operation: dict = parse_operation(raw_response_dict)
entry_context = {OPERATION_CONTEXT: operation}
# Human readable
human_readable: str = tableToMarkdown(
t=operation,
headers=OPERATION_TABLE,
name=f'Set master-auth operation - {operation.get("Name")}')
return human_readable, entry_context, raw_response_dict
def list(project_id: str,
creds: Credentials,
zone: str = '-') -> Optional[List[str]]:
"""gets a list of clusters for given project and zone
Args:
project_id: gke project id
creds: credentials
zone: zone, - = all zones
Returns:
list of cluster names on success, None otherwise
"""
client = ClusterManagerClient(credentials=creds)
if client is None:
logging.error('error getting cluster management client')
return False
clusters = utils.get_gke_clusters(client, project_id, zone)
return [c.name for c in clusters] if clusters is not None else None
