def new_client_from_dict(self, context: str) -> ApiClient:
client_config = type.__call__(Configuration)
config.load_kube_config_from_dict(config_dict=self.config,
context=context,
persist_config=False,
client_configuration=client_config)
return ApiClient(configuration=client_config)
def _get_client(self, server, token):
opts = dict(
api_key={'authorization': f'Bearer {token}'},
host=server,
verify_ssl=False,
# default timeout seems to be 1+ minutes
retries=5)
if self.jump_host:
# the ports could be parameterized, but at this point
# we only have need of 1 tunnel for 1 service
self.jump_host.create_ssh_tunnel()
local_port = self.jump_host.local_port
opts['proxy'] = f'http://localhost:{local_port}'
configuration = Configuration()
# the kubernetes client configuration takes a limited set
# of parameters during initialization, but there are a lot
# more options that can be set to tweak the behavior of the
# client via instance variables. We define a set of options
# above in the format of var_name:value then set them here
# in the configuration object with setattr.
for k, v in opts.items():
setattr(configuration, k, v)
k8s_client = ApiClient(configuration)
try:
return DynamicClient(k8s_client)
except urllib3.exceptions.MaxRetryError as e:
raise StatusCodeError(f"[{self.server}]: {e}")
def kubernetes_api_client():
config = client.Configuration()
config.host = "http://dummy"
config.api_key_prefix["authorization"] = "Bearer"
config.api_key["authorization"] = "dummy"
config.verify_ssl = False
return ApiClient(config)
def put(self, build_id: str = None): # pragma: no cover
"""Trigger build start hook."""
build_schema = BuildInfoSchema()
kube_client = ApiClient()
event: V1Event = kube_client.deserialize(request,
response_type='V1Event')
build_data, validation_errors = build_schema.dump(
BuildInfo.from_event(event, build_id))
# store in Ceph
build_data['build_log'] = None
build_aggregator.store_build_data(build_data)
return request_accepted(errors=validation_errors)
def create_kube_api_client(kubeconfig_path: Optional[str] = None) -> ApiClient:
kubeconfig_path = kubeconfig_path or "~/.kube/config"
logger.info('creating kube client with config file: %s', kubeconfig_path)
conf = Configuration()
load_kube_config(config_file=kubeconfig_path, client_configuration=conf)
return ApiClient(configuration=conf)
def __init__(self):
""" Intializes the connection. If environment variables for
remote transcode are defined, connect to that cluster.
"""
host = os.getenv('REMOTE_TRANSCODE_HOST')
port = os.getenv('REMOTE_TRANSCODE_PORT')
token = os.getenv('REMOTE_TRANSCODE_TOKEN')
cert = os.getenv('REMOTE_TRANSCODE_CERT')
self.remote = host is not None
if self.remote:
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
self.corev1 = CoreV1Api(api_client)
self.custom = CustomObjectsApi(api_client)
else:
load_incluster_config()
self.corev1 = CoreV1Api()
self.custom = CustomObjectsApi()
self.setup_common_steps()
def __init__(self, alg):
""" Intializes the connection. If algorithm object includes
a remote cluster, use that. Otherwise, use this cluster.
"""
if alg.cluster:
host = alg.cluster.host
port = alg.cluster.port
token = alg.cluster.token
fd, cert = tempfile.mkstemp(text=True)
with open(fd, 'w') as f:
f.write(alg.cluster.cert)
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
self.corev1 = CoreV1Api(api_client)
self.custom = CustomObjectsApi(api_client)
else:
load_incluster_config()
self.corev1 = CoreV1Api()
self.custom = CustomObjectsApi()
# Read in the mainfest.
if alg.manifest:
self.manifest = yaml.safe_load(alg.manifest.open(mode='r'))
# Save off the algorithm name.
self.name = alg.name
def _list_k8s_proxy(self, version, resource):
client_configuration = type.__call__(Configuration)
client_configuration.host = self.Auth.k8s_proxy_url
client_configuration.verify_ssl = False
rancher_client = ApiClient(configuration=client_configuration)
resp = rancher_client.call_api(
"api/" + version + "/" + resource,
"GET",
header_params={
'Accept': 'application/json',
'Authorization': 'Bearer ' + self.Auth.token
},
_return_http_data_only=True,
response_type='object'
)
return resp
def get_clients(cluster):
'''
:param cluster: k8s集群对象
:return: 一个apiclient对象,一个coreV1Api对象
'''
api_client = ApiClient( get_config( cluster ) )
return api_client, CoreV1Api( api_client )
def load_kube_config(
self,
config_file: str = None,
context: str = None,
is_in_cluster: bool = False,
extra_config_locations: List[str] = None,
persist: bool = False,
):
"""Loads a kubernetes configuration from file.
Args:
config_file (str, optional): The configuration file path. Defaults to None = search for config.
is_in_cluster (bool, optional): If true, the client will expect to run inside a cluster
and to load the cluster config. Defaults to None = auto detect.
extra_config_locations (List[str], optional): Extra locations to search for a configuration.
Defaults to None.
context (str, optional): The context name to run in. Defaults to None = active context.
persist (bool, optional): If True, config file will be updated when changed
(e.g GCP token refresh).
"""
self._kube_config: kube_config.Configuration = KubeApiConfiguration.load_kubernetes_configuration(
config_file=config_file,
is_in_cluster=is_in_cluster,
extra_config_locations=extra_config_locations,
context=context,
persist=persist,
)
assert self._kube_config is not None, KubeApiClientException(
"Failed to load kubernetes configuration. Not found.")
self._api_client: ApiClient = ApiClient(configuration=self.kube_config)
def call_api(self,
resource_path,
method,
path_params=None,
query_params=None,
header_params=None,
body=None,
post_params=None,
files=None,
response_type=None,
auth_settings=None,
async_req=None,
_return_http_data_only=None,
collection_formats=None,
_preload_content=True,
_request_timeout=None):
if auth_settings == ['BearerToken']:
auth_settings = self.configuration.auth_settings()
return ApiClient.call_api(self, resource_path, method, path_params,
query_params, header_params, body,
post_params, files, response_type,
auth_settings, async_req,
_return_http_data_only, collection_formats,
_preload_content, _request_timeout)
def build_client(self):
configuration = Configuration()
configuration.api_key['authorization'] = "Bearer {}".format(self.auth_info['K8S-Token'])
configuration.host = self.auth_info['K8S-Endpoint']
configuration.verify_ssl = self._verify_ssl
api_client = ApiClient(configuration)
return CoreV1Api(api_client)
def test_tolerations(self):
k8s_api_tolerations = [
k8s.V1Toleration(key="key", operator="Equal", value="value")
]
tolerations = [{'key': "key", 'operator': 'Equal', 'value': 'value'}]
k = KubernetesPodOperator(
namespace='default',
image="ubuntu:16.04",
cmds=["bash", "-cx"],
arguments=["echo 10"],
labels={"foo": "bar"},
name="name",
task_id="task",
in_cluster=False,
do_xcom_push=False,
cluster_context='default',
tolerations=tolerations,
)
result = k.create_pod_request_obj()
client = ApiClient()
self.assertEqual(type(result.spec.tolerations[0]), k8s.V1Toleration)
self.assertEqual(
client.sanitize_for_serialization(result)['spec']['tolerations'],
tolerations)
k = KubernetesPodOperator(
namespace='default',
image="ubuntu:16.04",
cmds=["bash", "-cx"],
arguments=["echo 10"],
labels={"foo": "bar"},
name="name",
task_id="task",
in_cluster=False,
do_xcom_push=False,
cluster_context='default',
tolerations=k8s_api_tolerations,
)
result = k.create_pod_request_obj()
self.assertEqual(type(result.spec.tolerations[0]), k8s.V1Toleration)
self.assertEqual(
client.sanitize_for_serialization(result)['spec']['tolerations'],
tolerations)
def __init__(self, name, version, values):
super(HelmChart, self).__init__()
self.name = name
self.version = version
self.values = values
self.api = ApiClient()
self.templates = {}
self.init()
def getResourceYaml(self):
logger.setLevel()
k8s_client = ApiClient().apiclient() # type: ApiClient
dyn_client = DynamicClient(k8s_client)
v1_resources = dyn_client.resources.get(api_version='v1',
kind=self.resource_type)
resource = v1_resources.get(namespace=self.namespace, name=self.name)
return resource
def new_client_from_config(config_file=None, context=None):
"""Loads configuration the same as load_kube_config but returns an ApiClient
to be used with any API object. This will allow the caller to concurrently
talk with multiple clusters."""
client_config = ConfigurationObject()
load_kube_config(config_file=config_file, context=context,
client_configuration=client_config)
return ApiClient(config=client_config)
def get_api_client(self):
configuration = Configuration()
configuration.verify_ssl = False
configuration.host = self.cluster.api
configuration.api_key['authorization'] = self.cluster.token
configuration.api_key_prefix['authorization'] = 'Bearer'
api_client = ApiClient(configuration)
return api_client
def kubernetes_api_client(rancher_client, cluster_name):
c = rancher_client.by_id_cluster(cluster_name)
kc = c.generateKubeconfig()
loader = KubeConfigLoader(config_dict=yaml.load(kc.config))
client_configuration = type.__call__(Configuration)
loader.load_and_set(client_configuration)
k8s_client = ApiClient(configuration=client_configuration)
return k8s_client
def __init__(self, host, token):
configuration = client.Configuration()
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = token
configuration.host = "https://{}:6443".format(host)
configuration.verify_ssl = False
configuration.debug = False
self.client = ApiClient(configuration)
def client(self, group, version):
client_config = Configuration()
config.load_kube_config(self.config_file, client_configuration=client_config)
client_config.proxy = self.http_proxy
api_client = ApiClient(configuration=client_config)
log.info('connecting to %s' % (api_client.configuration.host))
# e.g. client.CoreV1Api()
return getattr(client, '%s%sApi' % (group, version))(api_client)
def getResourceName(self):
logger.setLevel()
k8s_client = ApiClient().apiclient() # type: ApiClient
dyn_client = DynamicClient(k8s_client)
v1_resources = dyn_client.resources.get(api_version='v1',
kind=self.resource_type)
resource = v1_resources.get(namespace=self.namespace, name=self.name)
logging.info('Resource name is ' + resource.metadata.name)
return resource.metadata.name
def client_from_config(config_file, context):
# TODO(fabianvf): probably want to break this branch out or refactor method names
try:
return config.new_client_from_config(config_file, context)
except (IOError, config.ConfigException):
if not config_file:
return ApiClient(configuration=Configuration())
else:
raise
def create_kube_api_client(kubeconfig_path: Optional[str] = None) -> ApiClient:
if not kubeconfig_path:
kubeconfig_path = env_variables['installer_kubeconfig_path']
logger.info('creating kube client with config file: %s', kubeconfig_path)
conf = Configuration()
load_kube_config(config_file=kubeconfig_path, client_configuration=conf)
return ApiClient(configuration=conf)
def setUp(self):
self.namespace = "default"
self.yml_file = "{}/files/spark.yml".format(os.path.abspath('.'))
self.group = 'sparkoperator.k8s.io'
self.version = 'v1beta1'
self.plural = 'sparkapplications'
self.job_name = "{}-{}".format("spark-test-job", int(time.time()))
config = kube_config.load_kube_config()
self.api_instance = CustomObjectsApi(ApiClient(config))
def test_ensure_config_loaded_proxy_prefers_https(self):
with patch.dict(
os.environ, {
'HTTPS_PROXY': 'http://localhost:12345',
'HTTP_PROXY': 'http://localhost:6789'
}):
ensure_config_loaded()
self.assertEqual('http://localhost:12345',
ApiClient().configuration.proxy)
def test_port_attach_to_pod(self, mock_uuid):
mock_uuid.return_value = '0'
pod = PodGenerator(image='airflow-worker:latest',
name='base').gen_pod()
ports = [Port('https', 443), Port('http', 80)]
k8s_client = ApiClient()
result = append_to_pod(pod, ports)
result = k8s_client.sanitize_for_serialization(result)
self.assertEqual(
{
'apiVersion': 'v1',
'kind': 'Pod',
'metadata': {
'name': 'base-0'
},
'spec': {
'containers': [{
'args': [],
'command': [],
'env': [],
'envFrom': [],
'image':
'airflow-worker:latest',
'imagePullPolicy':
'IfNotPresent',
'name':
'base',
'ports': [{
'name': 'https',
'containerPort': 443
}, {
'name': 'http',
'containerPort': 80
}],
'volumeMounts': [],
}],
'hostNetwork':
False,
'imagePullSecrets': [],
'restartPolicy':
'Never',
'volumes': []
}
}, result)
def __init__(self, api_group: ApiGroup, api_version: ApiVersion,
list_resource_type: Type[CloudControllersResourceList],
resource_type: Type[CloudControllersResource]):
self.api_client = ApiClient()
self.api_group = api_group.value
self.api_version = api_version.value
self.list_resource_type = list_resource_type
self.resource_type = resource_type
self.loop = asyncio.get_event_loop()
def generate_api_client(access_token: str, project_id: str,
cluster_id: str) -> ApiClient:
"""根据指定参数,生成 api_client"""
ctx_cluster = CtxCluster.create(id=cluster_id,
project_id=project_id,
token=access_token)
config = BcsKubeConfigurationService(ctx_cluster).make_configuration()
return ApiClient(config,
header_name='X-BKAPI-AUTHORIZATION',
header_value=json.dumps({"access_token": access_token}))
def _new_client_from_eks_config(self,
config_path=None,
aws_access_key_id=None,
aws_secret_access_key=None):
client_config = type.__call__(Configuration)
eks_loader = EKSKubeConfigLoader(config_path, aws_access_key_id,
aws_secret_access_key)
eks_loader.load_and_set(client_config)
return ApiClient(configuration=client_config)
def test_port_attach_to_pod(self, mock_uuid):
import uuid
static_uuid = uuid.UUID('cf4a56d2-8101-4217-b027-2af6216feb48')
mock_uuid.return_value = static_uuid
pod = PodGenerator(image='airflow-worker:latest',
name='base').gen_pod()
ports = [Port('https', 443), Port('http', 80)]
k8s_client = ApiClient()
result = append_to_pod(pod, ports)
result = k8s_client.sanitize_for_serialization(result)
self.assertEqual(
{
'apiVersion': 'v1',
'kind': 'Pod',
'metadata': {
'name': 'base-' + static_uuid.hex
},
'spec': {
'containers': [{
'args': [],
'command': [],
'env': [],
'envFrom': [],
'image':
'airflow-worker:latest',
'name':
'base',
'ports': [{
'name': 'https',
'containerPort': 443
}, {
'name': 'http',
'containerPort': 80
}],
'volumeMounts': [],
}],
'hostNetwork':
False,
'imagePullSecrets': [],
'volumes': []
}
}, result)
def _refresh_oidc(self, provider):
config = Configuration()
client = ApiClient(configuration=config)
response = client.request(
method="GET",
url="%s/.well-known/openid-configuration"
% provider['config']['idp-issuer-url']
)
if response.status != 200:
return
response = json.loads(response.data)
request = OAuth2Session(
client_id=provider['config']['client-id'],
token=provider['config']['refresh-token'],
auto_refresh_kwargs={
'client_id': provider['config']['client-id'],
'client_secret': provider['config']['client-secret']
},
auto_refresh_url=response['token_endpoint']
)
try:
refresh = request.refresh_token(
token_url=response['token_endpoint'],
refresh_token=provider['config']['refresh-token'],
auth=(provider['config']['client-id'],
provider['config']['client-secret'])
)
except oauthlib.oauth2.rfc6749.errors.InvalidClientIdError:
return
provider['config'].value['id-token'] = refresh['id_token']
provider['config'].value['refresh-token'] = refresh['refresh_token']
