def delete_pod(self, o):
md = o.metadata
log('Deleting {kind} {namespace}/{name}'.format(kind=o.kind,
namespace=md.namespace,
name=md.name))
body = client.V1DeleteOptions()
self.core_v1.delete_namespaced_pod(md.name, md.namespace, body)
def create_third_party_resource():
ext_v1beta1 = kubernetes.client.ExtensionsV1beta1Api()
tpr = kubernetes.client.V1beta1ThirdPartyResource(
description='Kubernetes Clair Vulnerability Report',
metadata=kubernetes.client.V1ObjectMeta(name=TPR_NAME),
versions=[kubernetes.client.V1beta1APIVersion(name='v1')])
try:
res = ext_v1beta1.create_third_party_resource(tpr)
log('Created ThirdPartyResource %s' % TPR_NAME)
except kubernetes.client.rest.ApiException as ex:
if ex.status != 409 and ex.reason.lower() != 'conflict':
raise
log('ThirdPartyResource %s already exists' % TPR_NAME)
def main():
log('Started NamespaceWatcher')
import os
if 'SERVICE_TOKEN_FILENAME' in os.environ:
InClusterConfigLoader(
token_filename=os.environ.get('SERVICE_TOKEN_FILENAME'),
cert_filename=os.environ.get(
'SERVICE_CERT_FILENAME')).load_and_set()
else:
config.load_incluster_config()
client.configuration.verify_ssl = False
nw = NamespaceWatcher(watch)
nw.start()
def main():
log('Started JobPrunner')
import os
deadline_hours = int(os.environ.get('DEADLINE_HOURS', 24))
log('Job deadline {}h'.format(deadline_hours))
if 'SERVICE_TOKEN_FILENAME' in os.environ:
InClusterConfigLoader(
token_filename=os.environ.get('SERVICE_TOKEN_FILENAME'),
cert_filename=os.environ.get(
'SERVICE_CERT_FILENAME')).load_and_set()
else:
config.load_incluster_config()
client.configuration.verify_ssl = False
jp = JobPrunner(watch=watch.Watch())
jp.start(deadline_hours * 60 * 60)
def main():
log('Started Openshift Clair Controller {}'.format(
version.CLAIR_CONTROLLER_VERSION))
if 'SERVICE_TOKEN_FILENAME' in os.environ:
kubernetes.config.incluster_config.InClusterConfigLoader(
token_filename=os.environ.get('SERVICE_TOKEN_FILENAME'),
cert_filename=os.environ.get(
'SERVICE_CERT_FILENAME')).load_and_set()
else:
kubernetes.config.load_incluster_config()
kubernetes.client.configuration.verify_ssl = False
create_third_party_resource()
dockercfg_path = os.environ.get('DOCKERCFG_PATH', '/.docker/.dockercfg')
with open(dockercfg_path, 'r') as df:
dockercfg = json.load(df)
kk = controller.ClairController(kubernetes.client,
kubernetes.watch,
dockercfg=dockercfg)
kk.start()
def process_objects(self, objs, booting=False):
if booting:
for uid, o in objs.items():
log('>>>', oid(o))
return
busy = False
log('Processing {} jobs'.format(len(objs)))
for uid, o in objs.items():
if self.expired(o):
log('Expired', oid(o), o.metadata.creation_timestamp)
try:
self.delete_job_and_pods(o)
except client.rest.ApiException as ex:
if ex.status != 404:
raise
log('{} {}: {}'.format(ex.status, ex.reason, ex))
busy = True
return busy
def deleted_object(self, o):
log('-->', oid(o), o.metadata.creation_timestamp)
def modified_object(self, old, new):
log('xx>', oid(old), '-->', oid(new), '@',
new.metadata.creation_timestamp)
def added_object(self, o):
log('++>', oid(o), o.metadata.creation_timestamp)
def process_objects(self, objs, booting=False):
if booting:
for uid, o in objs.items():
log('>>>', oid(o))
else:
log('>>> found %i objects' % len(objs))