def rollout_status(kind, name, namespace=None, watch=False):
"""
Queries a resource for its rollout status.
By default, it will not follow (watch) the status.
If kubectl exits with non-zero, an exception will be raised. The exception will still contain the output from kubectl for upstream parsing.
Args:
kind: The type of resource to check. Must be either deployment, statefulset or daemonset
name: The name of the resource to query
namespace: The namespace of the resource to query (Optional)
watch: If True, kubectl will wait for the rollout to complete
Returns: The output from kubectl
"""
(rc, output) = baseutils.exe_cmd(
'{kubectl} rollout status {kind} {name} {namespace} --watch={watch}'.
format(kubectl=kubectl_binary,
kind=baseutils.shell_escape(kind),
name=baseutils.shell_escape(name),
namespace='-n {namespace}'.format(
namespace=baseutils.shell_escape(namespace))
if namespace else '',
watch='true' if watch else 'false'),
raise_exception=False)
if rc:
# If an error occurred, put the error message in the exception
raise Exception(output)
return output
def target(region=None, resource_group=None, org=None, space=None):
"""
Configure the cli to target a specific aspect such as a resource group or region.
Args:
region: The region of IBM Cloud to target (Optional)
resource_group: IBMCloud resource group to target (Optional)
target_org: Cloud Foundary org to use (Optional)
target_space: Cloud Foundary space to use (Optional)
Returns: If no parameters are passed, a Target object representing the currently configured target information, otherwise None
"""
target = None
if region or resource_group or (org and space):
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud target {region} {resource_group} {cf}'.
format(region='-r {region}'.format(
region=baseutils.shell_escape(region)) if region else '',
resource_group='-g {resource_group}'.format(
resource_group=baseutils.shell_escape(resource_group))
if resource_group else '',
cf='--cf -o {org} -s {space}'.format(
org=baseutils.shell_escape(org),
space=baseutils.shell_escape(space)) if
(org and space) else ''))
else:
(rc, output
) = baseutils.exe_cmd('/usr/local/bin/ibmcloud target --output json')
target = Target(json.loads(output))
return target
def describe(kind, namespace=None, name=None, labels=None):
"""
Describe one or more resources of a specific kind in Kubernetes.
An exception is thrown for invalid types or a name of a resource that does not exist.
Args:
kind: The kind of the resource, eg. deployment
namespace: The namespace of the resources. Setting to "all" triggers the flag --all-namespaces (Optional, default is as per kubecfg configuration)
name: The name of an individual resource (Optional, default: retrieve all)
labels: A label selector query to be passed to kubectl. Can either be a string of the form "label1=value1,labe2=value2" or a dictionary with "key: value" pairs (Optional)
Returns: Human readable output from the describe sub-command of kubectl
"""
if isinstance(labels, dict):
labels = ','.join('{key}={value}'.format(key=key, value=value)
for (key, value) in labels.items())
(rc, output) = baseutils.exe_cmd(
'{kubectl} describe {kind} {name} {namespace} {labels}'.format(
kubectl=kubectl_binary,
kind=baseutils.shell_escape(kind),
name=baseutils.shell_escape(name) if name else '',
namespace='--all-namespaces' if namespace == 'all' else
('-n {namespace}'.format(
namespace=baseutils.shell_escape(namespace))
if namespace else ''),
labels='-l {labels}'.format(
labels=baseutils.shell_escape(labels)) if labels else ''),
log_level=logging.NOTSET if 'secret' in kind.lower() else logging.INFO)
return output
def create_resource_service_key(name,
role,
instance_id,
service_endpoint=None,
parameters=None):
"""
Creates a resource service key via the ibmcli.
A service key is attached to a service instance and there can be many keys to a single instance.
Args:
name: The name of the service key to create
role: The role to grant the key. This will be service type-specific. Examples are Reader, Writer, Manager
instance_id: The ID of the service instance to associate the key to
service_endpoint: Type of service endpoint, 'public' or 'private' (Optional)
paramaters: JSON paramaters (as a dictionary) that can be passed to the key creation call (Optional)
"""
(rc, output) = baseutils.exe_cmd(
'/usr/local/bin/ibmcloud resource service-key-create {name} {role} --instance-id {instance_id} {service_endpoint} {parameters}'
.format(
name=baseutils.shell_escape(name),
role=baseutils.shell_escape(role),
instance_id=baseutils.shell_escape(instance_id),
service_endpoint='--service-endpoint {service_endpoint}'.format(
service_endpoint=baseutils.shell_escape(service_endpoint))
if service_endpoint else '',
parameters='--parameters {parameters}'.format(
parameters=baseutils.shell_escape(json.dumps(parameters)))
if parameters else ''))
def get_resource_service_instances(name=None,
service=None,
type=None,
location=None):
"""
Retrieves a list of resource service instances from IBM Cloud using "ibmcloud resource service-instances".
The output is scoped to the currently configured resource group.
If name, type or location is provided, the resultant list is filtered to those that match.
Args:
name: The name of the service instance to filter by. Names are non-unique (Optional)
service: The service that the instance is an instance of, eg. logdna, kms, cloud-object-storage (Optional)
location: The location of the instances to query. "global" is a valid location (Optional)
Returns: A list of ServiceInstance objects
"""
(rc, output) = baseutils.exe_cmd(
'/usr/local/bin/ibmcloud resource service-instances {service} {location} --output json'
.format(service='--service-name {service}'.format(
service=baseutils.shell_escape(service)) if service else '',
location='--location {location}'.format(
location=baseutils.shell_escape(location))
if location else ''))
instances = ServiceInstance.parse_service_instances(
json.loads(output) or [])
if name:
instances = [
instance for instance in instances if instance.name == name
]
return instances
def test_shell_escape(self):
if os.name == 'nt':
self.assertEqual(baseutils.shell_escape('ab'), '"ab"')
self.assertEqual(baseutils.shell_escape('a"b'), '"a\\"b"')
self.assertEqual(baseutils.shell_escape('a\'b'), '"a\'b\"')
else:
self.assertEqual(baseutils.shell_escape('a\'b'), '\'a\'"\'"\'b\'')
def upgrade_chart(chart, version, values, release, namespace, dry_run=False, debug=False):
"""
Upgrade a specific release of a chart. This could be due to a new chart version being available or updated values for the chart.
Args:
chart: The name of the chart to upgrade
version: The version of the chart to upgrade to
values: A dictionary of values to be substituted into Helm
release: The name of the deployed release to upgrade
namespace: The namespace to deploy the release into
dry_run: Perform the upgrade in dry-run mode. No changes will be made in the Kubernetes cluster (Optional, default: False)
debug: Perform the upgrade in debug mode, increasing logging output (Optional, default: False)
"""
logger.info('Upgrading chart {chart} (release: {release}) to version {version}'.format(chart=chart, release=release, version=version))
values_file = create_values_file(values)
try:
deploy_cmd = '{helm} upgrade --values {values_file} {release} {chart} --version {version} --namespace {namespace} {dry_run} {debug}'.format(
helm=helm_binary,
values_file=baseutils.shell_escape(values_file),
release=baseutils.shell_escape(release),
chart=baseutils.shell_escape(chart),
version=baseutils.shell_escape(version),
namespace=baseutils.shell_escape(namespace),
dry_run='--dry-run' if dry_run else '',
debug='--debug' if debug else '')
_attempt_chart_deploy(deploy_cmd)
finally:
os.remove(values_file)
logger.info('Upgrade request for chart {chart} (release: {release}) to version {version} passed to Kubernetes'.format(chart=chart, release=release, version=version))
def ks_enable_key_protect(cluster_name, region, key_protect_instance_guid,
key_id):
"""
Enables Key Protect on a given IKS cluster.
Key Protect will add additional security to the use of Kubernetes secrets.
If Key Protect is already enabled for the cluster, no action will be taken.
This function will wait until Key Protect is fully enabled in the environment before returning.
Args:
cluster_name: The name of the cluster to update
region: The region of the Key Protect instance
key_protect_instance_guid; The GUID of the Key Protect instance
key_id: The ID of the key inside Key Protect to use. This should be a root key
"""
cluster = baseutils.retry(ks_cluster_get,
cluster_name,
interval=30,
retry=40)
if not cluster.key_protect_enabled:
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks key-protect-enable --cluster {cluster} --key-protect-url {kp_url} --key-protect-instance {kp_guid} --crk {key_id}'
.format(cluster=baseutils.shell_escape(cluster_name),
kp_url=baseutils.shell_escape(
'{region}.kms.cloud.ibm.com'.format(region=region)),
kp_guid=baseutils.shell_escape(key_protect_instance_guid),
key_id=baseutils.shell_escape(key_id)))
while not cluster.key_protect_enabled or cluster.master_status != 'Ready':
time.sleep(30)
cluster = baseutils.retry(ks_cluster_get,
cluster_name,
interval=30,
retry=40)
def upgrade_tiller(namespace):
"""
Updates the version of Tiller in a namespace to match the currently configured Helm client.
An exception will be thrown if Tiller is not present.
Args:
namespace: The namespace of the Tiller deployment
"""
# Check if Tiller is already at the correct version
(rc, output) = baseutils.exe_cmd('{helm} version --tiller-namespace {namespace} --short'.format(
helm=helm_binary,
namespace=baseutils.shell_escape(namespace)))
output = output.strip().splitlines()
client_version = output[0].strip().split()[1]
tiller_version = output[1].strip().split()[1]
if client_version != tiller_version:
deployment = k8s.get('deployment', namespace=namespace, name='tiller-deploy')
pod_spec = deployment['spec']['template']['spec']
service_account_name = pod_spec['serviceAccountName']
container_spec = pod_spec['containers'][0]
override = None
if 'command' in container_spec:
override = '"spec.template.spec.containers[0].command"="{{{{{command}}}}}"'.format(command=','.join(container_spec['command']))
baseutils.exe_cmd('{helm} init --history-max 20 --tiller-namespace {namespace} --service-account {service_account_name} {override} --upgrade'.format(
helm=helm_binary,
namespace=baseutils.shell_escape(namespace),
service_account_name=baseutils.shell_escape(service_account_name),
override='--override {override}'.format(override=baseutils.shell_escape(override)) if override else ''))
def ks_worker_pool_create_classic(cluster_name,
worker_pool_name,
machine_type,
size_per_zone,
hardware,
labels=None):
"""
Creates a new worker pool for a cluster.
Args:
cluster_name: The name of the cluster
worker_pool_name: The name of the worker pool to create
machine_type: The machine type for the worker pool. See "ibmcloud ks flavors --zone <zone>"
size_per_zone: The number of nodes per zone in the worker pool
hardware: Deploy the nodes to either "dedicated" or "shared" infrastructure servers
labels: A dictionary of key-value pairs representing labels to apply to workers in the worker pool (Optional)
Returns: The IKSWorkerPool model for the newly created worker pool
"""
baseutils.exe_cmd((
'/usr/local/bin/ibmcloud ks worker-pool create classic --cluster {cluster_name} --machine-type {machine_type} --name {worker_pool_name} '
'--size-per-zone {size_per_zone} --hardware {hardware} {labels}'
).format(cluster_name=baseutils.shell_escape(cluster_name),
worker_pool_name=baseutils.shell_escape(worker_pool_name),
machine_type=baseutils.shell_escape(machine_type),
size_per_zone=int(size_per_zone),
hardware=baseutils.shell_escape(hardware),
labels=' '.join([
'--label {label}'.format(label=baseutils.shell_escape(
'{key}={value}'.format(key=key, value=value)))
for (key, value) in labels.items()
]) if labels else ''))
def csutil_cluster_setup(cluster_name, service_name, cname):
"""
Configure (deploy) the SOS IKS tooling into an IKS cluster.
This will retrieve and reserve an ovpn file from Vault if one is not yet reserved for the cluster.
Args:
cluster_name: The name of the cluster to configure
service_name: The SOS application name that the cluster will be registered under in the SOS Inventory DB
cname: Must be ether "bluemix" or "staging" depending on whether the cluster is produciton or non-production respectively
"""
iks_ovpn_config_name = _reserve_iks_ovpn_config_name(cluster_name)
iks_ovpn_config = vault.read(
'{vault_path}/files/{config_name}'.format(
vault_path=vault_iks_ovpn_path, config_name=iks_ovpn_config_name),
'content')
tmp_dir = tempfile.mkdtemp()
try:
config_path = os.path.join(tmp_dir, iks_ovpn_config_name)
with open(config_path, 'w') as fh:
fh.write(iks_ovpn_config)
baseutils.exe_cmd((
'/usr/local/bin/ibmcloud csutil cluster-setup --crn-service-name {service_name} --crn-cname {cname} '
'--sos-config-path {config_path} --skip-prometheus=true {cluster_name} --silent'
).format(service_name=baseutils.shell_escape(service_name),
cname=baseutils.shell_escape(cname),
config_path=baseutils.shell_escape(config_path),
cluster_name=baseutils.shell_escape(cluster_name)),
env=_get_csutil_env())
finally:
shutil.rmtree(tmp_dir)
def plugin_install(plugin_name, repository='IBM Cloud', version=None):
"""
Installs a plugin into the IBM Cloud cli.
This is a no-op if the plugin is already installed.
Args:
plugin_name: The name of the plugin to install
repository: The repository containing the plugin. If None is passed, no repository flag will be passed to the CLI (Optional, default: IBM Cloud)
version: The version to install. This does not need to be an exact match, for example, it can just specify the major.minor version
to pull in the latest associated patch version (Optional, default: latest available if no version present, otherwise no action)
"""
plugins_dir = os.path.join(
os.environ.get('IBMCLOUD_HOME', os.environ['HOME']), '.bluemix',
'plugins')
logger.info(
'Acquiring lock to query status of IBM Cloud plugin "{plugin}"'.format(
plugin=plugin_name))
with baseutils.local_lock(lock_name=cli_update_lock_name):
if version or plugin_name.startswith('/') or not os.path.exists(
os.path.join(plugins_dir, plugin_name)):
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud plugin install {plugin_name} {repository} {version} -f'
.format(plugin_name=baseutils.shell_escape(plugin_name),
repository='-r {repository}'.format(
repository=baseutils.shell_escape(repository))
if repository else '',
version='-v {version}'.format(
version=baseutils.shell_escape(version))
if version else ''))
def add_cluster_subnet(cluster_name, subnet_id):
"""
Add (binds) a subnet to an IKS cluster.
Args:
cluster_name: The name of the IKS cluster to bind it to or its ID
subnet_id: The ID of the subnet to add
"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks cluster subnet add --cluster {cluster_name} --subnet-id {subnet_id}'
.format(cluster_name=baseutils.shell_escape(cluster_name),
subnet_id=baseutils.shell_escape(subnet_id)))
def ks_worker_pool_rm(cluster_name, worker_pool_name):
"""
Delete a worker pool from a cluster.
Args:
cluster_name: The name of the cluster to process
worker_pool_name: The name of the worker pool to remove
"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks worker-pool rm --cluster {cluster} --worker-pool {worker_pool} -f'
.format(cluster=baseutils.shell_escape(cluster_name),
worker_pool=baseutils.shell_escape(worker_pool_name)))
def ks_cluster_master_auditwebhook_set(cluster_name, remote_url):
"""
Set the audit webhook configuration for a cluster's Kubernetes API server.
The webhook backend forwards API server audit logs to a remote server.
Args:
cluster_name: The name of the IKS cluster to configure
remote_url: The remove url to send webhooks to, including http:// as appropriate
"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks cluster master audit-webhook set --cluster {cluster_name} --remote-server {remote_url}'
.format(cluster_name=baseutils.shell_escape(cluster_name),
remote_url=baseutils.shell_escape(remote_url)))
def install_chart(chart, version, values, release, namespace, validate_manifest=True, dry_run=False, debug=False):
"""
Install a new chart with a specified release name.
Args:
chart: The name of the chart to install
version: The version of the chart to install
values: A dictionary of values to be substituted into Helm
release: The name to assign to the deployed release
namespace: The namespace to deploy the release into
validate_manifest: Validate the manifest meets a predermined set of criteria. See #validate_manifest_requirements for details (Optional, default: True)
dry_run: Perform the install in dry-run mode. No changes will be made in the Kubernetes cluster (Optional, default: False)
debug: Perform the install in debug mode, increasing logging output (Optional, default: False)
"""
logger.info('Installing chart {chart} (release: {release}) with version {version}'.format(chart=chart, release=release, version=version))
values_file = create_values_file(values)
try:
(rc, output) = baseutils.exe_cmd('{helm} install --values {values_file} --name {release} {chart} --version {version} --namespace {namespace} --dry-run --debug'.format(
helm=helm_binary,
values_file=baseutils.shell_escape(values_file),
release=baseutils.shell_escape(release),
chart=baseutils.shell_escape(chart),
version=baseutils.shell_escape(version),
namespace=baseutils.shell_escape(namespace)),
working_dir=os.environ.get('HELM_HOME'), log_level=logging.NOTSET, raise_exception=False) # Logging is disabled as output can contain secrets
if rc:
helm_error = output.strip().splitlines()[-1] if output else ''
if helm_error:
logger.error(helm_error)
raise Exception('Failed to parse Helm template. {helm_error}'.format(helm_error=helm_error))
elif validate_manifest:
# Remove non-yaml output, everything above first "MANIFEST:"
manifest = output.partition('MANIFEST:')[2]
# Remove non-yaml output after the manifest
manifest = manifest.partition('[{year}'.format(year=datetime.now().year))[0]
errors = validate_manifest_requirements(manifest)
if len(errors) > 0:
for error in errors:
logger.error(error)
raise Exception('Chart pre-approval validation failed. Reason: {failure_reasons}'.format(failure_reasons='. '.join(errors)))
deploy_cmd = '{helm} install --values {values_file} --name {release} {chart} --version {version} --namespace {namespace} {dry_run} {debug}'.format(
helm=helm_binary,
values_file=baseutils.shell_escape(values_file),
release=baseutils.shell_escape(release),
chart=baseutils.shell_escape(chart),
version=baseutils.shell_escape(version),
namespace=baseutils.shell_escape(namespace),
dry_run='--dry-run' if dry_run else '',
debug='--debug' if debug else '')
_attempt_chart_deploy(deploy_cmd)
finally:
os.remove(values_file)
logger.info('Install request for chart {chart} (release: {release}) with version {version} passed to Kubernetes'.format(chart=chart, release=release, version=version))
def ks_infra_credentials(username, api_key):
"""
Set classic infrastructure credentials for the kubernetes service sub-command.
This requires that a region has been previously set in the cli.
Args:
infra_username: Username for access to SoftLayer infrastructure (Optional)
infra_api_key: API key for SoftLayer infrastructure (Optional)
"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks credential set classic --infrastructure-username {username} --infrastructure-api-key {api_key}'
.format(username=baseutils.shell_escape(username),
api_key=baseutils.shell_escape(api_key)),
obfuscate=baseutils.shell_escape(api_key))
def ks_worker_pool_get(cluster_name, worker_pool_name):
"""
Retrieve a worker pools for a cluster.
Args:
cluster_name: The name of the cluster to query
worker_pool_name: The name of the worker pool to retrieve
Returns: An IKSWorkerPool model representing the worker pool
"""
(rc, output) = baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks worker-pool get --cluster {cluster} --worker-pool {worker_pool} --json'
.format(cluster=baseutils.shell_escape(cluster_name),
worker_pool=baseutils.shell_escape(worker_pool_name)))
return IKSWorkerPool(json.loads(output))
def cordon(node=None, labels=None):
"""
Cordons a specified Kubernetes node by name or a selection of nodes based on label.
Args:
node: The node to cordon (Optional)
labels: A label selector query for nodes to cordon. Can either be a string of the form "label1=value1,labe2=value2" or a dictionary with "key: value" pairs (Optional)
"""
if isinstance(labels, dict):
labels = ','.join('{key}={value}'.format(key=key, value=value)
for (key, value) in labels.items())
baseutils.exe_cmd('{kubectl} cordon {node} {labels}'.format(
kubectl=kubectl_binary,
node=baseutils.shell_escape(node) if node else '',
labels='-l {labels}'.format(
labels=baseutils.shell_escape(labels)) if labels else ''))
def ks_worker_ls(cluster_name, worker_pool_name=None):
"""
Retrieves a list of worker nodes in an IKS cluster.
If worker_pool is provided, only workers belonging to that pool will be returned.
Args:
cluster_name. The name of the cluster to retrieve workers for
worker_pool. The name of a worker pool to limit the retrieval for (Optional, default: all pools)
Returns: A list of IKSWroker objects
"""
(rc, output) = baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks worker ls --cluster {cluster} {worker_pool} --json'
.format(cluster=baseutils.shell_escape(cluster_name),
worker_pool='--worker-pool {pool_name}'.format(
pool_name=baseutils.shell_escape(worker_pool_name))
if worker_pool_name else ''))
return IKSWorker.parse_iks_workers(json.loads(output))
def label(label, kind, namespace=None, name=None):
"""
Applies labels to a Kubernetes resource.
Args:
kind: The type of resource to label
namespace: The namespace of the resource to label. Not all resources will be namespaced (Optional)
name: The name of the resource to label (Optional)
"""
baseutils.exe_cmd(
'{kubectl} label {kind} {name} {namespace} {label} --overwrite'.format(
kubectl=kubectl_binary,
kind=baseutils.shell_escape(kind),
name=baseutils.shell_escape(name) if name else '',
namespace='-n {namespace}'.format(
namespace=baseutils.shell_escape(namespace))
if namespace else '',
label=baseutils.shell_escape(label)))
def apply_pull_secret(cluster_name):
"""
Triggers the application of default image pull secrets to an IKS cluster.
Args:
cluster_name: The name of the cluster to apply the pull secrets to
"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks cluster pull-secret apply --cluster {cluster}'
.format(cluster=baseutils.shell_escape(cluster_name)))
def history(release):
"""
Retrieves the revision history for a specified release.
Args:
release: The name of the release to retrieve the revision history for
Returns: A list of ReleaseRevision objects
"""
cmd = '{helm} history {release} -o json'.format(helm=helm_binary, release=baseutils.shell_escape(release))
(rc, output) = baseutils.retry(baseutils.exe_cmd, cmd, interval=10, retry=6)
return ReleaseRevision.parse_release_revisions(json.loads(output))
def list_releases(filter=None):
"""
Executes helm list and returns the output. A filter can be optionally specified.
Args:
filter: A regex filter that will be passed through to the "helm list <filter>" command
Returns: The output from the helm list command
"""
cmd = '{helm} list {filter}'.format(helm=helm_binary, filter=baseutils.shell_escape(filter or ''))
(rc, output) = baseutils.retry(baseutils.exe_cmd, cmd, interval=10, retry=6)
return output
def ks_cluster_remove(cluster_name):
"""
Destroy an IKS cluster.
This action is irreversible.
Args:
cluster_name: The name of the cluster to destroy
"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks cluster rm --cluster {cluster} -f'.format(
cluster=baseutils.shell_escape(cluster_name)))
def ks_alb_cert_ls(cluster_name):
"""
List the current ALB certificates deployed for a cluster.
Args:
cluster_name: The name of the IKS cluster to check
"""
(rc, output) = baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks alb cert ls --cluster {cluster_name} --json'
.format(cluster_name=baseutils.shell_escape(cluster_name)))
return ALBCertificate.parse_alb_certificates(json.loads(output) or [])
def ks_alb_cert_deploy(cluster_name, secret_name, cert_crn):
"""
Create or update a certificate from IBM Cloud Certificate Manager as a secret in the Kubernetes cluster for to the Ingress Controller.
This creates a secret containing the cert in the ibm-cert-store namespace and a reference to it in the default namespace.
The ALB follows the reference in the default namespace to find the certificate.
Args:
cluster_name: The name of the IKS cluster to configure
secret_name: The name to assign to the secret that is created to contain the certificate
cert_crn: The CRN of the certificate in Certificate Manager
"""
current_alb_certificates = ks_alb_cert_ls(cluster_name)
update_flow = any(alb_certificate.secret_name == secret_name
for alb_certificate in current_alb_certificates)
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks alb cert deploy --cluster {cluster_name} --secret-name {secret_name} --cert-crn {cert_crn} {update}'
.format(cluster_name=baseutils.shell_escape(cluster_name),
secret_name=baseutils.shell_escape(secret_name),
cert_crn=baseutils.shell_escape(cert_crn),
update='--update' if update_flow else ''))
def sl_block_volume_cancel(volume_id):
"""Delete block volume
Args:
Volume IDs taken from flagged orphans
EXAMPLE:
ibmcloud.sl_block_volume_cancel(12345678)
This command cancels volume with ID 12345678 immediately and without asking for confirmation"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud sl block volume-cancel {volume_id} --immediate -f'
.format(volume_id=baseutils.shell_escape(volume_id)))
def ks_cluster_master_refresh(cluster_name):
"""
Triggers a refresh of the master components of an IKS cluster to apply new configuration.
There is no outage of the applications in the cluster.
Args:
cluster_name: The name of the IKS cluster to refresh
"""
baseutils.exe_cmd(
'/usr/local/bin/ibmcloud ks cluster master refresh --cluster {cluster_name}'
.format(cluster_name=baseutils.shell_escape(cluster_name)))
def delete(release_name, purge=True):
"""
Deletes a deployed release.
Args:
release_name: The release to delete
purge: Whether to purge all Helm history for the release (Optional, default: True)
"""
baseutils.exe_cmd('{helm} delete {release_name} {purge}'.format(
helm=helm_binary,
release_name=baseutils.shell_escape(release_name),
purge='--purge' if purge else ''))
