def admissionregistartion_api_client_from_config(config):
if config is None:
k8sconfig.load_incluster_config()
return k8sclient.AdmissionregistrationV1beta1Api()
else:
client = k8sclient.ApiClient(configuration=config)
return k8sclient.AdmissionregistrationV1beta1Api(api_client=client)
def init_vwc(namespace, magtape_tls_byoc):
"""Function to handle the k8s validating webhook configuration"""
try:
config.load_incluster_config()
except Exception as exception:
logging.info(f"Exception loading incluster configuration: {exception}")
try:
logging.info("Loading local kubeconfig")
config.load_kube_config()
except Exception as exception:
logging.error(f"Exception loading local kubeconfig: {exception}")
sys.exit(1)
configuration = client.Configuration()
core_api = client.CoreV1Api(client.ApiClient(configuration))
admission_api = client.AdmissionregistrationV1beta1Api(
client.ApiClient(configuration))
vwc = read_vwc(admission_api)
write_vwc(
namespace,
magtape_tls_rootca_secret_name,
vwc,
configuration,
admission_api,
core_api,
)
def __init__(self):
check_microk8s_kube_config_file()
load_kubernetes_config()
self.api_client = client.ApiClient()
self.custom_def_cli = client.CustomObjectsApi()
self.core_cli = client.CoreV1Api()
self.apps_cli = client.AppsV1Api()
self.rbac_cli = client.RbacAuthorizationV1Api()
self.extenstion_cli = client.ExtensionsV1beta1Api()
self.crd_cli = client.ApiextensionsV1beta1Api()
self.storage_cli = client.StorageV1Api()
self.admission_cli = client.AdmissionregistrationV1beta1Api()
self.delete_options = client.V1DeleteOptions()
self.delete_options.grace_period_seconds = 2
self.delete_options.propagation_policy = 'Foreground'
self.core_cli.api_client.configuration.assert_hostname = False
self.apps_cli.api_client.configuration.assert_hostname = False
def _get_kubernetesclient_admission_registration(self):
if not self._kube_client_admission_registration:
self._load_kube_config()
self._kube_client_admission_registration = client.AdmissionregistrationV1beta1Api(
)
return self._kube_client_admission_registration
import argparse
import copy
import base64
parser = argparse.ArgumentParser(description="Options to Program")
parser.add_argument(
'-a',
default="managed.openshift.io/inject-cabundle-from",
dest='annotation_name',
help=
'What is the annotation that has a reference to a namespace/configmap for the caBundle. The cert must be stored in pem format in a key called service-ca.crt'
)
parsed = parser.parse_args()
config.load_incluster_config()
admission_client = client.AdmissionregistrationV1beta1Api()
cm_client = client.CoreV1Api()
def get_cert_from_configmap(client,
namespace,
configmap_name,
key="service-ca.crt"):
try:
o = client.read_namespaced_config_map(configmap_name, namespace)
if key in o.data:
return o.data[key].rstrip()
except:
return None
return None
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
formatter = TextFormatter(datefmt="Z", colorize=True)
ch = logging.StreamHandler()
ch.setLevel(logging.DEBUG)
ch.setFormatter(formatter)
logger.addHandler(ch)
config.load_kube_config()
corev1_api = client.CoreV1Api(client.ApiClient())
apps_v1_api = client.AppsV1Api(client.ApiClient())
webhook_api = client.AdmissionregistrationV1beta1Api(client.ApiClient())
cert_api = client.CertificatesV1beta1Api(client.ApiClient())
APP_NAME = "maglev-admission-webhook"
SECRET = "shhhh!donottell"
NAMESPACE = "default"
CSR_NAME = "{}.{}".format(APP_NAME, NAMESPACE)
IMAGE = "harshanarayana/sanic-webhook:v0.2"
TEMPLATE_ENV = Environment(loader=BaseLoader)
RESOURCE_CREATION_MAP = {
"Deployment": {
"handler": apps_v1_api.create_namespaced_deployment
},
"Service": {
"handler": corev1_api.create_namespaced_service