def _get_api(cluster):
""" Get custom objects api associated with a cluster specifier.
"""
if cluster is None:
load_incluster_config()
api = CustomObjectsApi()
elif cluster == 'remote_transcode':
host = os.getenv('REMOTE_TRANSCODE_HOST')
port = os.getenv('REMOTE_TRANSCODE_PORT')
token = os.getenv('REMOTE_TRANSCODE_TOKEN')
cert = os.getenv('REMOTE_TRANSCODE_CERT')
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
api = CustomObjectsApi(api_client)
else:
cluster_obj = JobCluster.objects.get(pk=cluster)
host = cluster_obj.host
port = cluster_obj.port
token = cluster_obj.token
fd, cert = tempfile.mkstemp(text=True)
with open(fd, 'w') as f:
f.write(cluster_obj.cert)
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
api = CustomObjectsApi(api_client)
return api
def translate_marathon(self, key: str, value: str, full_path: str) -> None:
if self.object is None:
raise Exception("self.object is not set; this is a bug")
labels = self.object.get('labels', {})
dcos_package_framework_name = labels.get("DCOS_PACKAGE_FRAMEWORK_NAME")
if dcos_package_framework_name:
logging.warning('Not translating app %s: it runs Mesos framework %s', value, dcos_package_framework_name)
return
settings = Settings(
container_defaults=ContainerDefaults("alpine:latest", "/"),
app_secret_mapping=self._secret_mapping,
)
self.manifest = Manifest(pluginName="marathon", manifestName=self.dnsify(value))
assert self.object is not None
translated = translate_app(self.object, settings)
kc = ApiClient()
if translated.deployment['kind'] == "StatefulSet":
sleeper_stateful_set = make_sleeper_stateful_set(translated.deployment)
dapp = kc._ApiClient__deserialize(sleeper_stateful_set, V1StatefulSetWithComment)
try:
configure_stateful_migrate(original_marathon_app=self.object,
k8s_translate_result=translated.deployment)
except:
print("Unexpected error while preparing Marathon stateful migration:", sys.exc_info()[0])
raise
else:
dapp = kc._ApiClient__deserialize(translated.deployment, V1DeploymentWithComment)
dapp.set_comment(translated.warnings)
self.manifest.append(dapp)
self._node_label_tracker.add_app_node_labels(self.object['id'], translated.required_node_labels)
service, service_warnings = translate_service(dapp.metadata.labels['app'], self.object)
if service:
kc2 = ApiClient()
dservice = kc2._ApiClient__deserialize(service, V1ServiceWithComment)
dservice.set_comment(service_warnings)
self.manifest.append(dservice)
for remapping in self._secret_mapping.get_secrets_to_remap():
secret = _create_remapped_secret(self.manifest_list, remapping, self.object['id'])
if secret is not None:
self.manifest.append(secret)
def new_client_from_dict(conf: dict, context: str):
client_config = type.__call__(Configuration)
config.load_kube_config_from_dict(config_dict=conf,
context=context,
persist_config=False,
client_configuration=client_config)
return ApiClient(configuration=client_config)
def create_kube_api_client(kubeconfig_path: Optional[str] = None) -> ApiClient:
kubeconfig_path = kubeconfig_path or "~/.kube/config"
logger.info('creating kube client with config file: %s', kubeconfig_path)
conf = Configuration()
load_kube_config(config_file=kubeconfig_path, client_configuration=conf)
return ApiClient(configuration=conf)
def load_kube_config(
self,
config_file: str = None,
context: str = None,
is_in_cluster: bool = False,
extra_config_locations: List[str] = None,
persist: bool = False,
):
"""Loads a kubernetes configuration from file.
Args:
config_file (str, optional): The configuration file path. Defaults to None = search for config.
is_in_cluster (bool, optional): If true, the client will expect to run inside a cluster
and to load the cluster config. Defaults to None = auto detect.
extra_config_locations (List[str], optional): Extra locations to search for a configuration.
Defaults to None.
context (str, optional): The context name to run in. Defaults to None = active context.
persist (bool, optional): If True, config file will be updated when changed
(e.g GCP token refresh).
"""
self._kube_config: kube_config.Configuration = KubeApiConfiguration.load_kubernetes_configuration(
config_file=config_file,
is_in_cluster=is_in_cluster,
extra_config_locations=extra_config_locations,
context=context,
persist=persist,
)
assert self._kube_config is not None, KubeApiClientException(
"Failed to load kubernetes configuration. Not found.")
self._api_client: ApiClient = ApiClient(configuration=self.kube_config)
def get_clients(cluster):
'''
:param cluster: k8s集群对象
:return: 一个apiclient对象,一个coreV1Api对象
'''
api_client = ApiClient( get_config( cluster ) )
return api_client, CoreV1Api( api_client )
def template_chart(args):
current_dir = os.getcwd()
chart_dir = os.path.join(current_dir, args.chart[0])
api = ApiClient()
templates = []
fnames = []
try:
templates_dir = os.path.join(chart_dir, 'templates')
for fname in os.listdir(templates_dir):
full_path = os.path.join(templates_dir, fname)
if os.path.isfile(full_path):
parts = os.path.splitext(fname)
if parts[1] == '.py':
tname = parts[0]
spec = importlib.util.spec_from_file_location(
tname, full_path)
mod = importlib.util.module_from_spec(spec)
spec.loader.exec_module(mod)
t = mod.template()
if not isinstance(t, (list, tuple)):
t = [t]
templates.extend(t)
fnames += [full_path] * len(t)
t_sanitized = api.sanitize_for_serialization(templates)
output = '\n'.join([
'---\n{}\n{}'.format(
'# Source: {}'.format(os.path.relpath(fname, current_dir)),
yaml.dump(t, default_flow_style=False))
for t, fname in zip(t_sanitized, fnames)
])
print(output)
except FileNotFoundError:
print('No templates directory found')
def kubernetes_api_client():
config = client.Configuration()
config.host = "http://dummy"
config.api_key_prefix["authorization"] = "Bearer"
config.api_key["authorization"] = "dummy"
config.verify_ssl = False
return ApiClient(config)
def build_client(self):
configuration = Configuration()
configuration.api_key['authorization'] = "Bearer {}".format(self.auth_info['K8S-Token'])
configuration.host = self.auth_info['K8S-Endpoint']
configuration.verify_ssl = self._verify_ssl
api_client = ApiClient(configuration)
return K8sClient(api_client)
def __init__(self, alg):
""" Intializes the connection. If algorithm object includes
a remote cluster, use that. Otherwise, use this cluster.
"""
if alg.cluster:
host = alg.cluster.host
port = alg.cluster.port
token = alg.cluster.token
fd, cert = tempfile.mkstemp(text=True)
with open(fd, 'w') as f:
f.write(alg.cluster.cert)
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'{PROTO}{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
self.corev1 = CoreV1Api(api_client)
self.custom = CustomObjectsApi(api_client)
else:
load_incluster_config()
self.corev1 = CoreV1Api()
self.custom = CustomObjectsApi()
# Read in the manifest.
if alg.manifest:
self.manifest = yaml.safe_load(alg.manifest.open(mode='r'))
# Save off the algorithm.
self.alg = alg
def __init__(self):
""" Intializes the connection. If environment variables for
remote transcode are defined, connect to that cluster.
"""
host = os.getenv('REMOTE_TRANSCODE_HOST')
port = os.getenv('REMOTE_TRANSCODE_PORT')
token = os.getenv('REMOTE_TRANSCODE_TOKEN')
cert = os.getenv('REMOTE_TRANSCODE_CERT')
self.remote = host is not None
if self.remote:
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
self.corev1 = CoreV1Api(api_client)
self.custom = CustomObjectsApi(api_client)
else:
load_incluster_config()
self.corev1 = CoreV1Api()
self.custom = CustomObjectsApi()
self.setup_common_steps()
def objects_to_yaml(self):
client = ApiClient()
return '\n---\n'.join(
# Use a generator here to avoid building an intermediate list.
yaml.dump(client.sanitize_for_serialization(obj))
for obj in self.objects)
def _get_client(self, server, token):
opts = dict(
api_key={'authorization': f'Bearer {token}'},
host=server,
verify_ssl=False,
# default timeout seems to be 1+ minutes
retries=5)
if self.jump_host:
# the ports could be parameterized, but at this point
# we only have need of 1 tunnel for 1 service
self.jump_host.create_ssh_tunnel()
local_port = self.jump_host.local_port
opts['proxy'] = f'http://localhost:{local_port}'
configuration = Configuration()
# the kubernetes client configuration takes a limited set
# of parameters during initialization, but there are a lot
# more options that can be set to tweak the behavior of the
# client via instance variables. We define a set of options
# above in the format of var_name:value then set them here
# in the configuration object with setattr.
for k, v in opts.items():
setattr(configuration, k, v)
k8s_client = ApiClient(configuration)
try:
return DynamicClient(k8s_client)
except urllib3.exceptions.MaxRetryError as e:
raise StatusCodeError(f"[{self.server}]: {e}")
def _refresh_oidc(self, provider):
config = Configuration()
if 'idp-certificate-authority-data' in provider['config']:
ca_cert = tempfile.NamedTemporaryFile(delete=True)
if PY3:
cert = base64.b64decode(
provider['config']['idp-certificate-authority-data']
).decode('utf-8')
else:
cert = base64.b64decode(
provider['config']['idp-certificate-authority-data'] + "=="
)
with open(ca_cert.name, 'w') as fh:
fh.write(cert)
config.ssl_ca_cert = ca_cert.name
else:
config.verify_ssl = False
client = ApiClient(configuration=config)
response = client.request(
method="GET",
url="%s/.well-known/openid-configuration"
% provider['config']['idp-issuer-url']
)
if response.status != 200:
return
response = json.loads(response.data)
request = OAuth2Session(
client_id=provider['config']['client-id'],
token=provider['config']['refresh-token'],
auto_refresh_kwargs={
'client_id': provider['config']['client-id'],
'client_secret': provider['config']['client-secret']
},
auto_refresh_url=response['token_endpoint']
)
try:
refresh = request.refresh_token(
token_url=response['token_endpoint'],
refresh_token=provider['config']['refresh-token'],
auth=(provider['config']['client-id'],
provider['config']['client-secret']),
verify=config.ssl_ca_cert if config.verify_ssl else None
)
except oauthlib.oauth2.rfc6749.errors.InvalidClientIdError:
return
provider['config'].value['id-token'] = refresh['id_token']
provider['config'].value['refresh-token'] = refresh['refresh_token']
def __init__(self, name, version, values):
super(HelmChart, self).__init__()
self.name = name
self.version = version
self.values = values
self.api = ApiClient()
self.templates = {}
self.init()
def get_api_client(self):
configuration = Configuration()
configuration.verify_ssl = False
configuration.host = self.cluster.api
configuration.api_key['authorization'] = self.cluster.token
configuration.api_key_prefix['authorization'] = 'Bearer'
api_client = ApiClient(configuration)
return api_client
def client(self, group, version):
client_config = Configuration()
config.load_kube_config(self.config_file, client_configuration=client_config)
client_config.proxy = self.http_proxy
api_client = ApiClient(configuration=client_config)
log.info('connecting to %s' % (api_client.configuration.host))
# e.g. client.CoreV1Api()
return getattr(client, '%s%sApi' % (group, version))(api_client)
def getResourceYaml(self):
logger.setLevel()
k8s_client = ApiClient().apiclient() # type: ApiClient
dyn_client = DynamicClient(k8s_client)
v1_resources = dyn_client.resources.get(api_version='v1',
kind=self.resource_type)
resource = v1_resources.get(namespace=self.namespace, name=self.name)
return resource
def __init__(self, host, token):
configuration = client.Configuration()
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = token
configuration.host = "https://{}:6443".format(host)
configuration.verify_ssl = False
configuration.debug = False
self.client = ApiClient(configuration)
def _build_base_pod(self) -> k8s.V1Pod:
from kubernetes.client import ApiClient
basis_pod_yaml = target(self.pod_yaml).read()
basis_pod_dict = yaml.safe_load(basis_pod_yaml) or {}
api_client = ApiClient()
return api_client._ApiClient__deserialize_model(
basis_pod_dict, k8s.V1Pod)
def client(self):
configuration = Configuration()
configuration.api_key['authorization'] = "Bearer {}".format(
self.headers['K8S-Token'])
configuration.host = self.headers['K8S-Endpoint']
configuration.verify_ssl = self._verify_ssl
api_client = ApiClient(configuration)
return CoreV1Api(api_client)
def _convert_from_dict(obj, new_class):
if isinstance(obj, new_class):
return obj
elif isinstance(obj, dict):
api_client = ApiClient()
return api_client._ApiClient__deserialize_model(obj, new_class)
else:
raise AirflowException(f"Expected dict or {new_class}, got {type(obj)}")
def kubernetes_api_client(rancher_client, cluster_name):
c = rancher_client.by_id_cluster(cluster_name)
kc = c.generateKubeconfig()
loader = KubeConfigLoader(config_dict=yaml.load(kc.config))
client_configuration = type.__call__(Configuration)
loader.load_and_set(client_configuration)
k8s_client = ApiClient(configuration=client_configuration)
return k8s_client
def new_client_from_config(config_file=None, context=None):
"""Loads configuration the same as load_kube_config but returns an ApiClient
to be used with any API object. This will allow the caller to concurrently
talk with multiple clusters."""
client_config = ConfigurationObject()
load_kube_config(config_file=config_file, context=context,
client_configuration=client_config)
return ApiClient(config=client_config)
def test_node_selector(self):
node_selector = {'beta.kubernetes.io/os': 'linux'}
k = KubernetesPodOperator(
namespace='default',
image="ubuntu:16.04",
cmds=["bash", "-cx"],
arguments=["echo 10"],
labels={"foo": "bar"},
name="name",
task_id="task",
in_cluster=False,
do_xcom_push=False,
cluster_context='default',
node_selector=node_selector,
)
result = k.create_pod_request_obj()
client = ApiClient()
self.assertEqual(type(result.spec.node_selector), dict)
self.assertEqual(
client.sanitize_for_serialization(result)['spec']['nodeSelector'],
node_selector)
# repeat tests using deprecated parameter
k = KubernetesPodOperator(
namespace='default',
image="ubuntu:16.04",
cmds=["bash", "-cx"],
arguments=["echo 10"],
labels={"foo": "bar"},
name="name",
task_id="task",
in_cluster=False,
do_xcom_push=False,
cluster_context='default',
node_selectors=node_selector,
)
result = k.create_pod_request_obj()
client = ApiClient()
self.assertEqual(type(result.spec.node_selector), dict)
self.assertEqual(
client.sanitize_for_serialization(result)['spec']['nodeSelector'],
node_selector)
def create_kube_api_client(kubeconfig_path: Optional[str] = None) -> ApiClient:
if not kubeconfig_path:
kubeconfig_path = env_variables['installer_kubeconfig_path']
logger.info('creating kube client with config file: %s', kubeconfig_path)
conf = Configuration()
load_kube_config(config_file=kubeconfig_path, client_configuration=conf)
return ApiClient(configuration=conf)
def getResourceName(self):
logger.setLevel()
k8s_client = ApiClient().apiclient() # type: ApiClient
dyn_client = DynamicClient(k8s_client)
v1_resources = dyn_client.resources.get(api_version='v1',
kind=self.resource_type)
resource = v1_resources.get(namespace=self.namespace, name=self.name)
logging.info('Resource name is ' + resource.metadata.name)
return resource.metadata.name
def test_ensure_config_loaded_proxy_prefers_https(self):
with patch.dict(
os.environ, {
'HTTPS_PROXY': 'http://localhost:12345',
'HTTP_PROXY': 'http://localhost:6789'
}):
ensure_config_loaded()
self.assertEqual('http://localhost:12345',
ApiClient().configuration.proxy)
def client_from_config(config_file, context):
# TODO(fabianvf): probably want to break this branch out or refactor method names
try:
return config.new_client_from_config(config_file, context)
except (IOError, config.ConfigException):
if not config_file:
return ApiClient(configuration=Configuration())
else:
raise
def setUp(self):
self.namespace = "default"
self.yml_file = "{}/files/spark.yml".format(os.path.abspath('.'))
self.group = 'sparkoperator.k8s.io'
self.version = 'v1beta1'
self.plural = 'sparkapplications'
self.job_name = "{}-{}".format("spark-test-job", int(time.time()))
config = kube_config.load_kube_config()
self.api_instance = CustomObjectsApi(ApiClient(config))
