async def project_name(): # We still want to validate that the REST API access is also enabled. client = endpoints.AsyncClient() projects = await client.oapi.v1.projects.get() # If REST API access is not enabled the list of projects will be empty # as we should at least see our own project. if not projects.items: logging.fatal('OpenShift REST API access not enabled. To enable ' 'access, run the command "oc policy add-role-to-user ' 'view -z default"') return # We also need to check though that our project is in the list which is # returned because wrong permissions on other projects in the cluster # could expose them to us even if REST API access is enabled. with open('/run/secrets/kubernetes.io/serviceaccount/namespace') as fp: name = fp.read() for project in projects.items: if project.metadata.name == name: return name logging.fatal('OpenShift REST API access not enabled. To enable ' 'access, run the command "oc policy add-role-to-user ' 'view -z default"')
async def run_query(): namespace = sys.argv[1] print('namespace=%r' % namespace) client = endpoints.AsyncClient() pods = await client.api.v1.namespaces(namespace=namespace).pods.get() for pod in pods.items: print(' OBJECT %s pod=%r' % (pod.metadata.resource_version, pod.metadata.name)) resource_version = pods.metadata.resource_version while True: try: async with client.api.v1.namespaces(namespace=namespace).pods.get( watch='', resource_version=resource_version, timeout_seconds=10) as items: async for item in items: action = item['type'] pod = item['object'] print(' %s %s pod=%r' % (action, pod.metadata.resource_version, pod.metadata.name)) resource_version = pod.metadata.resource_version except Exception: pass
async def get_pods(namespace=None): if namespace is None: namespace = await project_name() client = endpoints.AsyncClient() pods = await client.api.v1.namespaces(namespace=namespace).pods.get() return pods.items
async def get_routes(namespace=None): if namespace is None: namespace = await project_name() client = endpoints.AsyncClient() routes = await client.oapi.v1.namespaces(namespace=namespace).routes.get() return routes.items
async def get_services(namespace=None): if namespace is None: namespace = await project_name() if namespace is None: return None client = endpoints.AsyncClient() services = await client.api.v1.namespaces(namespace=namespace ).services.get() return services
async def project_name(): # Can look up name of project from service account secrets. with open('/run/secrets/kubernetes.io/serviceaccount/namespace') as fp: project = fp.read() # We still want to validate that the REST API access is also enabled. client = endpoints.AsyncClient() projects = await client.oapi.v1.projects.get() # If REST API access is not enabled the list of projects will be empty # as we should at least see our own project. if not projects.items: logging.fatal('OpenShift REST API access not enabled. To enable ' 'access, run the command "oc adm policy add-role-to-group ' 'view system:serviceaccounts:%s"' % project) return project
import asyncio import powershift.endpoints as endpoints import powershift.resources as resources client = endpoints.AsyncClient() async def run_query(): projects = await client.oapi.v1.projects.get() #print(projects) #print(resources.dumps(projects, indent=4, sort_keys=True)) #print() for project in projects.items: namespace = project.metadata.name print('namespace=%r' % namespace) pods = await client.api.v1.namespaces(namespace=namespace).pods.get() for pod in pods.items: names.append(pod.metadata.name) print(' pod=%r' % pod.metadata.name) # We are given the pod definition already, but this is just to # show how you can also query by the name of the pod. pod = await client.api.v1.namespaces(namespace=namespace).pods(name=pod.metadata.name).get() print(' resource_version=%r' % pod.metadata.resource_version)