def whitelist(policy_name, event_name): policy = { 'metadata': { 'name': policy_name }, 'spec': { 'pod_selector': { 'match_labels': {} }, 'ingress': [ client.V1beta1NetworkPolicyIngressRule(_from=[ client.V1beta1NetworkPolicyPeer( namespace_selector=client.V1LabelSelector( match_labels={'name': 'kube-system'})), client.V1beta1NetworkPolicyPeer( pod_selector=client.V1LabelSelector(match_labels={})) ]) ] } } try: kubernetesbetav1.read_namespaced_network_policy( policy_name, event_name) except Exception: try: kubernetesbetav1.create_namespaced_network_policy( event_name, policy) except Exception: print('Failed creating network policy in namespace %s' % event_name)
def create_deployment(self, namespace=None, *args, **kwargs): deploy_name = kwargs.get("name") deployment_metadata = client.V1ObjectMeta(name=deploy_name) template_spec = self._generate_pod_template(*args, **kwargs) body = client.V1Deployment( api_version="apps/v1", kind="Deployment", metadata=deployment_metadata, spec=client.V1DeploymentSpec( selector=client.V1LabelSelector(match_labels={ "app": kwargs.get("name"), }), template=template_spec), ) api_instance = client.AppsV1Api() try: api_instance.create_namespaced_deployment(namespace=namespace, body=body, pretty="true") except ApiException as e: LOG.error("Exception when call AppsV1beta1Api: %s", e) raise e return True
def get_obj(self): """ :description: Generate ingress obj. """ return client.NetworkingV1beta1Ingress( api_version=self.api_version, kind=self.kind, metadata=client.V1ObjectMeta(name=self.slug, annotations=self.annotations), spec=client.NetworkingV1beta1IngressSpec( selector=client.V1LabelSelector(match_labels=self.selector), rules=[ client.NetworkingV1beta1IngressRule( host=self.hostname, http=client. NetworkingV1beta1HTTPIngressRuleValue(paths=[ client.NetworkingV1beta1HTTPIngressPath( path=self.path, backend=client.NetworkingV1beta1IngressBackend( service_port=self.target_service.port, service_name=self.target_service.slug), ) ]), ) ], ), )
def create_iperf_deploy(self, name): self.apps_v1_api.create_namespaced_deployment( namespace='default', body=client.V1Deployment( api_version="apps/v1", kind="Deployment", metadata=client.V1ObjectMeta( name=name, namespace="default", labels={'app': name} ), spec=client.V1DeploymentSpec( replicas=10, selector=client.V1LabelSelector(match_labels={'app': name}), template=client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={'app': name}), spec=client.V1PodSpec( containers=[ client.V1Container( name=name, tty=True, image="zhuangweikang/k8stc:latest", image_pull_policy="IfNotPresent", security_context=client.V1SecurityContext( capabilities=client.V1Capabilities(add=["NET_ADMIN"])), resources=client.V1ResourceRequirements( limits={"cpu": "100m", "memory": "1Gi"}, requests={"cpu": "100m", "memory": "1Gi"}) ) ] ) ) ) ) )
def create_stateful_set_object(): container = client.V1Container( name="sts-redis", image="redis", image_pull_policy="IfNotPresent", ports=[client.V1ContainerPort(container_port=6379)], ) # Template template = client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={"app": "redis"}), spec=client.V1PodSpec(containers=[container])) # Spec spec = client.V1StatefulSetSpec( replicas=1, service_name="redis-test-svc", selector=client.V1LabelSelector(match_labels={"app": "redis"}), template=template) # StatefulSet statefulset = client.V1StatefulSet( api_version="apps/v1", kind="StatefulSet", metadata=client.V1ObjectMeta(name="statefulset-redis"), spec=spec) return statefulset
def _create_pvc_for_pv(self, vol): name = vol.metadata.name namespace = self.get_user_namespace() pvcname = name pvd = client.V1PersistentVolumeClaim( spec=client.V1PersistentVolumeClaimSpec( volume_name=name, access_modes=vol.spec.access_modes, resources=client.V1ResourceRequirements( requests=vol.spec.capacity), selector=client.V1LabelSelector(match_labels={"name": name}), storage_class_name=vol.spec.storage_class_name)) md = client.V1ObjectMeta(name=pvcname, labels={"name": pvcname}) pvd.metadata = md self.log.info("Creating PVC '%s' in namespace '%s'" % (pvcname, namespace)) try: self.api.create_namespaced_persistent_volume_claim(namespace, pvd) except ApiException as e: if e.status != 409: self.log.exception("Create PVC '%s' " % pvcname + "in namespace '%s' " % namespace + "failed: %s" % str(e)) raise else: self.log.info("PVC '%s' " % pvcname + "in namespace '%s' " % namespace + "already exists.")
def simple_replicaset(): """Return the Kubernetes config matching the simple-replicaset.yaml manifest.""" return client.V1ReplicaSet( api_version="apps/v1", kind="ReplicaSet", metadata=client.V1ObjectMeta( name="frontend", labels={ "app": "guestbook", "tier": "frontend", }, ), spec=client.V1ReplicaSetSpec( replicas=3, selector=client.V1LabelSelector(match_labels={ "tier": "frontend", }, ), template=client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={ "tier": "frontend", }, ), spec=client.V1PodSpec(containers=[ client.V1Container( name="php-redis", image="gcr.io/google_samples/gb-frontend:v3", ), ], ), ), ), )
def _build_deployment(self, metadata): """Build deployment Kubernetes object. :param metadata: Common Kubernetes metadata for the interactive deployment. """ container = client.V1Container(name=self.deployment_name, image=self.image) pod_spec = client.V1PodSpec( containers=[container], node_selector=REANA_RUNTIME_SESSIONS_KUBERNETES_NODE_LABEL, ) template = client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={"app": self.deployment_name}), spec=pod_spec, ) spec = client.V1DeploymentSpec( selector=client.V1LabelSelector(match_labels={"app": self.deployment_name}), replicas=1, template=template, ) deployment = client.V1Deployment( api_version="apps/v1", kind="Deployment", metadata=metadata, spec=spec, ) return deployment
def create_deployment(apps_v1_api): container = client.V1Container( name="deployment", image="gcr.io/google-appengine/fluentd-logger", image_pull_policy="Never", ports=[client.V1ContainerPort(container_port=5678)], ) # Template template = client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={"app": "deployment"}), spec=client.V1PodSpec(containers=[container])) # Spec spec = client.V1DeploymentSpec( replicas=1, selector=client.V1LabelSelector(match_labels={"app": "deployment"}), template=template) # Deployment deployment = client.V1Deployment( api_version="apps/v1", kind="Deployment", metadata=client.V1ObjectMeta(name="deployment"), spec=spec) # Creation of the Deployment in specified namespace # (Can replace "default" with a namespace you may have created) apps_v1_api.create_namespaced_deployment(namespace="default", body=deployment)
def _build_deployment(self, metadata): """Build deployment Kubernetes object. :param metadata: Common Kubernetes metadata for the interactive deployment. """ container = client.V1Container(name=self.deployment_name, image=self.image) pod_spec = client.V1PodSpec( containers=[container], node_selector=REANA_RUNTIME_SESSIONS_KUBERNETES_NODE_LABEL, # Disable service discovery with env variables, so that the environment is # not polluted with variables like `REANA_SERVER_SERVICE_HOST` enable_service_links=False, ) template = client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={"app": self.deployment_name}), spec=pod_spec, ) spec = client.V1DeploymentSpec( selector=client.V1LabelSelector( match_labels={"app": self.deployment_name}), replicas=1, template=template, ) deployment = client.V1Deployment( api_version="apps/v1", kind="Deployment", metadata=metadata, spec=spec, ) return deployment
def create_deployment(namespace, name, cpulim, memlim, podlim,priorityclass): try: config.load_kube_config() except: config.load_incluster_config() api = client.ExtensionsV1beta1Api() container = client.V1Container( name=name, image="ansi/lookbusy", resources=client.V1ResourceRequirements( requests={'memory': memlim, 'cpu': cpulim})) body = client.ExtensionsV1beta1Deployment( api_version="extensions/v1beta1", kind="Deployment", metadata=client.V1ObjectMeta(name=name, namespace=namespace), spec = client.V1DeploymentSpec( selector=client.V1LabelSelector(match_labels={"app":name}), template = client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(name=name, namespace=namespace,labels={"app": name}), spec=client.V1PodSpec(containers=[container],priority_class_name=priorityclass) ) ) ) pretty = 'true' try: api_response = api.create_namespaced_deployment(namespace, body, pretty=pretty) except ApiException as e: pprint("Exception when calling AppsV1Api->create_namespaced_deployment: %s\n" % e)
def create_k8s_deployment(namespace: str, name: str, replicas: int, match_labels: dict, template: dict, user): """ Create a Kubernetes deployment in the cluster. Returns the new deployment. """ apps_v1 = get_user_apps_v1(user) logger.info(f"Creating Kubernetes deployment '{name}'") k8s_containers = [ client.V1Container(name=c["name"], image=c["image"]) for c in template["containers"] ] k8s_labels = {item['key']: item['value'] for item in template['labels']} k8s_pod_template = client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(name=template['name'], labels=k8s_labels), spec=client.V1PodSpec(containers=k8s_containers)) k8s_match_labels = {item['key']: item['value'] for item in match_labels} k8s_deployment = client.V1Deployment( metadata=client.V1ObjectMeta(name=name), spec=client.V1DeploymentSpec( replicas=replicas, selector=client.V1LabelSelector(match_labels=k8s_match_labels), template=k8s_pod_template)) apps_v1.create_namespaced_deployment(namespace, k8s_deployment)
def create_policy(namespace, use_kubectl=USE_KUBECTL): if use_kubectl: response = kubemunch('create', '-n', namespace, '-f', POLICY_FILENAME) else: md = client.V1ObjectMeta(name=AWS_NETWORK_POLICY_NAME, namespace=namespace) match_expression = client.V1LabelSelectorRequirement( key='k8s-app', operator='DoesNotExist') pod_selector = client.V1LabelSelector( match_expressions=[match_expression]) ip_block = client.V1beta1IPBlock( cidr='0.0.0.0/0', _except=['169.254.0.0/16']) peer = client.V1beta1NetworkPolicyPeer(ip_block=ip_block) egress = client.V1beta1NetworkPolicyEgressRule(to=[peer]) spec = client.V1beta1NetworkPolicySpec( pod_selector=pod_selector, egress=[egress], policy_types=['Egress']) policy = client.V1beta1NetworkPolicy(metadata=md, spec=spec) networkingv1 = client.NetworkingV1Api() response = networkingv1.create_namespaced_network_policy(namespace, policy) print("\tCreated {} in ns {}".format(response.metadata.name, response.metadata.namespace))
def create_deployment(self, deployment_object): container_port = client.V1ContainerPort( container_port=deployment_object.container_port, name=deployment_object.name ) container = client.V1Container( image=deployment_object.image, name=deployment_object.name, env=deployment_object.env, ports=[container_port], ) metadata = client.V1ObjectMeta( name=deployment_object.name, labels=deployment_object.labels ) template = client.V1PodTemplateSpec( metadata=metadata, spec=client.V1PodSpec(containers=[container]) ) strategy = client.ExtensionsV1beta1DeploymentStrategy( type=deployment_object.strategy_type ) selector = client.V1LabelSelector(match_labels=deployment_object.labels) spec = client.ExtensionsV1beta1DeploymentSpec( selector=selector, strategy=strategy, template=template ) deployment = client.ExtensionsV1beta1Deployment( api_version="apps/v1beta2", kind="Deployment", metadata=metadata, spec=spec ) api_client = client.AppsV1beta2Api() api_client.create_namespaced_deployment(body=deployment, namespace="default")
def _define_webserver_deployment() -> k8s.V1Deployment: # Define Pod container template container = k8s.V1Container( name='echo', image='hashicorp/http-echo', command=['/http-echo', '-listen=:{}'.format(CONTAINER_PORT), '-text="Echo server on port {}"'.format(CONTAINER_PORT)], ports=[k8s.V1ContainerPort(container_port=CONTAINER_PORT)], resources=k8s.V1ResourceRequirements( requests={'cpu': '100m', 'memory': '200Mi'}, limits={'cpu': '500m', 'memory': '500Mi'}, ), ) # Create and configure a spec section template = k8s.V1PodTemplateSpec( metadata=k8s.V1ObjectMeta(labels={'app': APP_NAME}), spec=k8s.V1PodSpec(containers=[container]), ) # Create the specification of deployment spec = k8s.V1DeploymentSpec( replicas=1, template=template, selector=k8s.V1LabelSelector(match_labels={'app': APP_NAME})) # Instantiate the deployment object deployment = k8s.V1Deployment( metadata=k8s.V1ObjectMeta(name=DEPLOYMENT_NAME), spec=spec, ) return deployment
def createDeployment(applyName, image, servicePort): V1ContainerPort = client.V1ContainerPort( container_port=int(servicePort), protocol="TCP") V1Container = client.V1Container(name=applyName, image=image, ports=[V1ContainerPort]) V1PodTemplateSpec = client.V1PodTemplateSpec( spec=client.V1PodSpec(containers=[V1Container]), metadata={"labels": { 'k8s-app': applyName }}) V1beta2DeploymentSpec = client.V1beta2DeploymentSpec( replicas=1, selector=client.V1LabelSelector( match_labels={"k8s-app": applyName}), template=V1PodTemplateSpec) V1ObjectMeta = client.V1ObjectMeta(namespace="default", name=applyName) V1beta2Deployment = client.V1beta2Deployment( spec=V1beta2DeploymentSpec, api_version="apps/v1beta2", kind="Deployment", metadata=V1ObjectMeta) pprint(V1beta2Deployment) k8s_api = client.AppsV1beta2Api() deployment = k8s_api.create_namespaced_deployment( body=V1beta2Deployment, namespace="default") pprint("Deployment create. status= '%s'" % deployment) return deployment
def __init__(self, name, storage_pvc): internal_volume_name = 'nfs-server-volume' mount_path = '/exports' ctr = client.V1Container( name=name, image=self.IMAGE, ports=[ client.V1ContainerPort(name=k, container_port=v) for k, v in self.PORTS.items() ], security_context=client.V1SecurityContext(privileged=True), volume_mounts=[ client.V1VolumeMount(mount_path=mount_path, name=internal_volume_name) ]) volume_source = client.V1PersistentVolumeClaimVolumeSource( claim_name=storage_pvc) volume = client.V1Volume(name=internal_volume_name, persistent_volume_claim=volume_source) pod_spec = client.V1PodSpec(containers=[ctr], volumes=[volume]) pod_metadata = client.V1ObjectMeta(labels=self.LABELS) pod_template = client.V1PodTemplateSpec(metadata=pod_metadata, spec=pod_spec) rs_spec = client.V1ReplicaSetSpec( replicas=1, selector=client.V1LabelSelector(match_labels=self.LABELS), template=pod_template) metadata = client.V1ObjectMeta(name=name, labels=self.LABELS) super(NFSDeployment, self).__init__(metadata=metadata, spec=rs_spec)
def simple_replicaset(): """Return the Kubernetes config matching the simple-replicaset.yaml manifest.""" return client.V1ReplicaSet( api_version='apps/v1', kind='ReplicaSet', metadata=client.V1ObjectMeta( name='frontend', labels={ 'app': 'guestbook', 'tier': 'frontend', }, ), spec=client.V1ReplicaSetSpec( replicas=3, selector=client.V1LabelSelector(match_labels={ 'tier': 'frontend', }, ), template=client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={ 'tier': 'frontend', }, ), spec=client.V1PodSpec(containers=[ client.V1Container( name='php-redis', image='gcr.io/google_samples/gb-frontend:v3', ), ], ), ), ), )
def _create_deployment(self): REPLICAS = 1 container_port = k8s.V1ContainerPort(name=self.uid[-14:], container_port=os.getenv( "OPENVAS_OMP_PORT", 9390)) resources = k8s.V1ResourceRequirements( limits={ "cpu": KubernetesDeployer.CONTAINER_USE_CPU_LIMIT, "memory": KubernetesDeployer.CONTAINER_USE_MEMORY_LIMIT, }) readiness_probe = k8s.V1Probe( _exec=k8s.V1ExecAction( command=KubernetesDeployer.OPENVAS_HEALTHCHECK_COMMAND), initial_delay_seconds=300, period_seconds=30, ) liveness_probe = k8s.V1Probe( tcp_socket=k8s.V1TCPSocketAction( port=container_port.container_port), initial_delay_seconds=180, period_seconds=30, failure_threshold=3, timeout_seconds=5, ) container = k8s.V1Container( image=KubernetesDeployer.OPENVAS_CONTAINER_IMAGE, name=self.uid, image_pull_policy="IfNotPresent", ports=[container_port], resources=resources, readiness_probe=readiness_probe, liveness_probe=liveness_probe, ) toleration = k8s.V1Toleration(effect="NoSchedule", key="Scanners", operator="Exists") pod_spec = k8s.V1PodSpec(containers=[container], tolerations=[toleration]) pod_metadata = k8s.V1ObjectMeta( name=self.uid, labels={"app.kubernetes.io/name": self.uid}, annotations={ "cluster-autoscaler.kubernetes.io/safe-to-evict": "false" }, ) pod_template = k8s.V1PodTemplateSpec(spec=pod_spec, metadata=pod_metadata) selector = k8s.V1LabelSelector( match_labels={"app.kubernetes.io/name": self.uid}) deployment_spec = k8s.V1DeploymentSpec(replicas=REPLICAS, selector=selector, template=pod_template) deployment_metadata = k8s.V1ObjectMeta( name=self.uid, labels={"app.kubernetes.io/name": self.uid}) deployment = k8s.V1Deployment(spec=deployment_spec, metadata=deployment_metadata) return k8s.AppsV1Api(self.client).create_namespaced_deployment( self.namespace, deployment)
def create_k8s_nfs_resources(self) -> bool: """ Create NFS resources such as PV and PVC in Kubernetes. """ from kubernetes import client as k8sclient pv_name = "nfs-ckpt-pv-{}".format(uuid.uuid4()) persistent_volume = k8sclient.V1PersistentVolume( api_version="v1", kind="PersistentVolume", metadata=k8sclient.V1ObjectMeta( name=pv_name, labels={'app': pv_name} ), spec=k8sclient.V1PersistentVolumeSpec( access_modes=["ReadWriteMany"], nfs=k8sclient.V1NFSVolumeSource( path=self.params.path, server=self.params.server ), capacity={'storage': '10Gi'}, storage_class_name="" ) ) k8s_api_client = k8sclient.CoreV1Api() try: k8s_api_client.create_persistent_volume(persistent_volume) self.params.pv_name = pv_name except k8sclient.rest.ApiException as e: print("Got exception: %s\n while creating the NFS PV", e) return False pvc_name = "nfs-ckpt-pvc-{}".format(uuid.uuid4()) persistent_volume_claim = k8sclient.V1PersistentVolumeClaim( api_version="v1", kind="PersistentVolumeClaim", metadata=k8sclient.V1ObjectMeta( name=pvc_name ), spec=k8sclient.V1PersistentVolumeClaimSpec( access_modes=["ReadWriteMany"], resources=k8sclient.V1ResourceRequirements( requests={'storage': '10Gi'} ), selector=k8sclient.V1LabelSelector( match_labels={'app': self.params.pv_name} ), storage_class_name="" ) ) try: k8s_api_client.create_namespaced_persistent_volume_claim(self.params.namespace, persistent_volume_claim) self.params.pvc_name = pvc_name except k8sclient.rest.ApiException as e: print("Got exception: %s\n while creating the NFS PVC", e) return False return True
def get_affinity(self): """Determine the affinity term for the build pod. There are a two affinity strategies, which one is used depends on how the BinderHub is configured. In the default setup the affinity of each build pod is an "anti-affinity" which causes the pods to prefer to schedule on separate nodes. In a setup with docker-in-docker enabled pods for a particular repository prefer to schedule on the same node in order to reuse the docker layer cache of previous builds. """ resp = self.api.list_namespaced_pod( self.namespace, label_selector="component=dind,app=binder", _request_timeout=KUBE_REQUEST_TIMEOUT, _preload_content=False, ) dind_pods = json.loads(resp.read()) if self.sticky_builds and dind_pods: node_names = [ pod["spec"]["nodeName"] for pod in dind_pods["items"] ] ranked_nodes = rendezvous_rank(node_names, self.repo_url) best_node_name = ranked_nodes[0] affinity = client.V1Affinity(node_affinity=client.V1NodeAffinity( preferred_during_scheduling_ignored_during_execution=[ client.V1PreferredSchedulingTerm( weight=100, preference=client.V1NodeSelectorTerm( match_expressions=[ client.V1NodeSelectorRequirement( key="kubernetes.io/hostname", operator="In", values=[best_node_name], ) ]), ) ])) else: affinity = client.V1Affinity( pod_anti_affinity=client.V1PodAntiAffinity( preferred_during_scheduling_ignored_during_execution=[ client.V1WeightedPodAffinityTerm( weight=100, pod_affinity_term=client.V1PodAffinityTerm( topology_key="kubernetes.io/hostname", label_selector=client.V1LabelSelector( match_labels=dict( component=self._component_label)), ), ) ])) return affinity
def get_persistent_volume_claim_spec(volume, access_modes='ReadWriteOnce', ): access_modes = to_list(access_modes) resources = client.V1ResourceRequirements(requests={'storage': STORAGE_BY_VOLUME[volume]}) selector = client.V1LabelSelector(match_labels=get_labels(volume)) return client.V1PersistentVolumeClaimSpec( access_modes=access_modes, resources=resources, selector=selector)
def _add_kubetest_labels(self): """Add a kubetest label to the Deployment object. This allows kubetest to more easily and reliably search for and aggregate API objects, such as getting the Pods for a Deployment. The kubetest label key is "kubetest/<obj kind>" where the obj kind is the lower-cased kind of the obj. """ self.klabel_key = 'kubetest/deployment' if self.obj.metadata.labels: self.klabel_uid = self.obj.metadata.labels.get( self.klabel_key, None) else: self.klabel_uid = None if not self.klabel_uid: self.klabel_uid = str(uuid.uuid4()) # fixme: it would be nice to clean up this label setting logic a bit # and possibly abstract it out to something more generalized, but # that is difficult to do given the differences in object attributes # Set the base metadata label if self.obj.metadata is None: self.obj.metadata = client.V1ObjectMeta() if self.obj.metadata.labels is None: self.obj.metadata.labels = {} if self.klabel_key not in self.obj.metadata.labels: self.obj.metadata.labels[self.klabel_key] = self.klabel_uid # If no spec is set, there is nothing to set additional labels on if self.obj.spec is None: log.warning('deployment spec not set - cannot set kubetest label') return # Set the selector label if self.obj.spec.selector is None: self.obj.spec.selector = client.V1LabelSelector() if self.obj.spec.selector.match_labels is None: self.obj.spec.selector.match_labels = {} if self.klabel_key not in self.obj.spec.selector.match_labels: self.obj.spec.selector.match_labels[ self.klabel_key] = self.klabel_uid # Set the template label if self.obj.spec.template is None: self.obj.spec.template = client.V1PodTemplateSpec() if self.obj.spec.template.metadata is None: self.obj.spec.template.metadata = client.V1ObjectMeta(labels={}) if self.klabel_key not in self.obj.spec.template.metadata.labels: self.obj.spec.template.metadata.labels[ self.klabel_key] = self.klabel_uid
def create_deployment_sample(self, api_instance, deployment_sample_data): labels = { 'alicek106_love_is_you': 'ls' } # Default Label for matching ReplicaSets labels.update(deployment_sample_data.labels) env_vars = [ client.V1EnvVar(name=env['name'], value=env['value']) for env in deployment_sample_data.env_vars ] publish_ports = [ client.V1ContainerPort(name=port['name'], container_port=int(port['port'])) for port in deployment_sample_data.publish_ports ] metadata = client.V1ObjectMeta( namespace=deployment_sample_data.namespace, name=deployment_sample_data.deployment_name, labels=labels) spec_pod = client.V1PodSpec(containers=[ client.V1Container( name=deployment_sample_data.deployment_name, image=deployment_sample_data.image, env=env_vars, ports=publish_ports, image_pull_policy="Always", resources=client.V1ResourceRequirements( limits=deployment_sample_data.resources['limit'], requests=deployment_sample_data.resources['request'])) ]) spec_deployment = client.V1DeploymentSpec( replicas=deployment_sample_data.replicas, selector=client.V1LabelSelector( match_labels={'alicek106_love_is_you': 'ls'}, # Default Label for matching ReplicaSets ), template=client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels=labels), spec=spec_pod)) deployment_body = client.AppsV1beta1Deployment(kind='Deployment', metadata=metadata, spec=spec_deployment) try: api_instance.create_namespaced_deployment( namespace=deployment_sample_data.namespace, body=deployment_body) return GeneralError(200, 'success').serialize(), 200 except ApiException as e: error = json.loads(e.body) return GeneralError( 409, 'Reason: %s, %s' % (error['reason'], error['message'])).serialize(), 409
def simple_networkpolicy(): """Return the Kubernetes config matching the simple-networkpolicy.yaml manifest.""" return client.V1NetworkPolicy( api_version='networking.k8s.io/v1', kind='NetworkPolicy', metadata=client.V1ObjectMeta(name='default-deny'), spec=client.V1NetworkPolicySpec( pod_selector=client.V1LabelSelector(), policy_types=["Egress", "Ingress"], ))
def create_affinity_term(item): return client.V1WeightedPodAffinityTerm( weight=item['weight'], pod_affinity_term=client.V1PodAffinityTerm( topology_key=item['label'], namespaces=item['namespaces'], label_selector=client.V1LabelSelector(match_expressions=[ create_affinity_selector(s) for s in item['selectors'] ], ), ))
def generate_deployment_spec(self, pod_template_spec): return k8s_client.V1Deployment(api_version="apps/v1", kind="Deployment", metadata=k8s_client.V1ObjectMeta( generate_name="fairing-deployer-"), spec=k8s_client.V1DeploymentSpec( selector=k8s_client.V1LabelSelector( match_labels=self.labels, ), template=pod_template_spec, ))
def create_namespace(self, body, message): """ Listen to the `exchange` namespace, | and create the namespace accordly to the messages. | Idempotent. :param body: The message's content. :type body: dict :param message: The namespace to create. :type message: kombu.message.Message :returns: The creation state :rtype: bool """ payload = client.V1Namespace() payload.metadata = client.V1ObjectMeta(name=body['namespace']) core_v1 = client.CoreV1Api() network_v1 = client.NetworkingV1Api() policy = client.V1NetworkPolicy(api_version='networking.k8s.io/v1', kind='NetworkPolicy') policy.metadata = client.V1ObjectMeta(name='deny-namespaces-traffic', namespace=body['namespace']) policy.spec = client.V1NetworkPolicySpec( pod_selector=client.V1LabelSelector(match_labels={}), ingress=[ client.V1NetworkPolicyIngressRule(_from=[ client.V1NetworkPolicyPeer( pod_selector=client.V1LabelSelector()) ]) ]) #Idempotent try: core_v1.create_namespace(payload) core_v1.patch_namespaced_service_account( 'default', body['namespace'], {'automount_service_account_token': False}) network_v1.create_namespaced_network_policy( body['namespace'], policy) except ApiException as e: LOGGER.error(e) if e.status != 409: # 409 == Conclict => Already exist raise message.ack() return True
def test_network_policy_hairpin_traffic(self): namespace_name, namespace = self.create_namespace() self.addCleanup(self.delete_namespace, namespace_name) svc_name, svc_pods = self.create_setup_for_service_test( namespace=namespace_name, cleanup=False, save=False, pod_num=1) self.check_service_internal_connectivity(namespace=namespace_name, pod_num=1, service_name=svc_name, pod_name=svc_pods[0]) policy_name = data_utils.rand_name(prefix='kuryr-policy') np = k8s_client.V1NetworkPolicy( kind='NetworkPolicy', api_version='networking.k8s.io/v1', metadata=k8s_client.V1ObjectMeta(name=policy_name, namespace=namespace_name), spec=k8s_client.V1NetworkPolicySpec( pod_selector=k8s_client.V1LabelSelector(), policy_types=['Egress', 'Ingress'], ingress=[ k8s_client.V1NetworkPolicyIngressRule(_from=[ k8s_client.V1NetworkPolicyPeer( pod_selector=k8s_client.V1LabelSelector(), ), ], ), ], egress=[ k8s_client.V1NetworkPolicyEgressRule(to=[ k8s_client.V1NetworkPolicyPeer( pod_selector=k8s_client.V1LabelSelector(), ), ], ), ], ), ) k8s_client.NetworkingV1Api().create_namespaced_network_policy( namespace=namespace_name, body=np) # Just to wait for SGs. self.get_sg_rules_for_np(namespace_name, policy_name) self.check_service_internal_connectivity(namespace=namespace_name, pod_num=1, service_name=svc_name, pod_name=svc_pods[0])
def create_deployment(self, node_name, deployment_name, pod_label, image_name, container_name, cpu_requests=None, cpu_limits=None, container_port=7000, env=None, volume=None): # Load config from default location config.load_kube_config() extension = client.ExtensionsV1beta1Api() if cpu_limits is None and cpu_requests is None: container_resource = None else: container_resource = client.V1ResourceRequirements( limits={'cpu': cpu_limits}, requests={'cpu': cpu_requests}) container = client.V1Container( name=container_name, image=image_name, image_pull_policy='IfNotPresent', ports=[client.V1ContainerPort(container_port=container_port)], resources=container_resource, tty=True, stdin=True, env=env, volume_mounts=volume) # Create and configurate a spec section template = client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={"app": pod_label}), spec=client.V1PodSpec(node_name=node_name, containers=[container])) selector = client.V1LabelSelector(match_labels={'app': pod_label}) # Create the specification of deployment spec = client.ExtensionsV1beta1DeploymentSpec(replicas=1, selector=selector, template=template) # Instantiate the deployment object deployment = client.ExtensionsV1beta1Deployment( api_version="extensions/v1beta1", kind="Deployment", metadata=client.V1ObjectMeta(name=deployment_name), spec=spec) # create deployment extension.create_namespaced_deployment(namespace="default", body=deployment)