def load_kube_config(config_file=None, context=None,
client_configuration=None,
persist_config=True):
"""Loads authentication and cluster information from kube-config file
and stores them in kubernetes.client.configuration.
:param config_file: Name of the kube-config file.
:param context: set the active context. If is set to None, current_context
from config file will be used.
:param client_configuration: The kubernetes.client.Configuration to
set configs to.
:param persist_config: If True, config file will be updated when changed
(e.g GCP token refresh).
"""
if config_file is None:
config_file = os.path.expanduser(KUBE_CONFIG_DEFAULT_LOCATION)
config_persister = None
if persist_config:
def _save_kube_config(config_map):
with open(config_file, 'w') as f:
yaml.safe_dump(config_map, f, default_flow_style=False)
config_persister = _save_kube_config
loader = _get_kube_config_loader_for_yaml_file(
config_file, active_context=context,
config_persister=config_persister)
if client_configuration is None:
config = type.__call__(Configuration)
loader.load_and_set(config)
Configuration.set_default(config)
else:
loader.load_and_set(client_configuration)
def pytest_collection_modifyitems(config, items):
c = Configuration()
c.assert_hostname = False
Configuration.set_default(c)
k8sconfig.load_incluster_config()
core_api = k8sclient.CoreV1Api()
check_longhorn(core_api)
if config.getoption(SKIP_RECURRING_JOB_OPT):
skip_upgrade = pytest.mark.skip(reason="remove " +
SKIP_RECURRING_JOB_OPT +
" option to run")
for item in items:
if "recurring_job" in item.keywords:
item.add_marker(skip_upgrade)
using_csi = check_csi(core_api)
if using_csi:
skip_upgrade = pytest.mark.skip(reason="environment is not using " +
"flexvolume")
for item in items:
if "flexvolume" in item.keywords:
item.add_marker(skip_upgrade)
else:
skip_upgrade = pytest.mark.skip(reason="environment is not " +
"using csi")
for item in items:
if "csi" in item.keywords:
item.add_marker(skip_upgrade)
all_nodes_support_mount_propagation = True
for node in get_longhorn_api_client().list_node():
node = wait_for_node_mountpropagation_condition(
get_longhorn_api_client(), node["name"])
if "conditions" not in node.keys():
all_nodes_support_mount_propagation = False
else:
conditions = node["conditions"]
for key, condition in conditions.iteritems():
if key == NODE_CONDITION_MOUNTPROPAGATION and \
condition["status"] != CONDITION_STATUS_TRUE:
all_nodes_support_mount_propagation = False
break
if not all_nodes_support_mount_propagation:
break
if not all_nodes_support_mount_propagation:
skip_upgrade = pytest.mark.skip(reason="environment does not " +
"support base image")
skip_node = pytest.mark.skip(reason="environment does not " +
"support mount disk")
for item in items:
if "baseimage" in item.keywords:
item.add_marker(skip_upgrade)
elif "mountdisk" in item.keywords:
item.add_marker(skip_node)
def client(self, group, version):
client_config = Configuration()
config.load_kube_config(self.config_file, client_configuration=client_config)
client_config.proxy = self.http_proxy
api_client = ApiClient(configuration=client_config)
log.debug('connecting to %s' % (api_client.configuration.host))
# e.g. client.CoreV1Api()
return getattr(client, '%s%sApi' % (group, version))(api_client)
def _load_kube_config(in_cluster, cluster_context, config_file):
from kubernetes import config, client
if in_cluster:
config.load_incluster_config()
else:
config.load_kube_config(config_file=config_file, context=cluster_context)
if PY2:
# For connect_get_namespaced_pod_exec
from kubernetes.client import Configuration
configuration = Configuration()
configuration.assert_hostname = False
Configuration.set_default(configuration)
return client.CoreV1Api()
def __init__(self, kube_config_file_path):
"""
Initialize with default values if not defined
Note: Need to initialize parameters in test side to make this working. Not sure for reason.
Parameters are initialized here to give tip for IDE which kind of classes those are.
:param k8s_client: Kubernetes api client
:param corev1: corev1 api client
:param storage_class: storage class api client
:param daemon: daemonset api client
"""
load_kube_config(config_file=kube_config_file_path)
self.corev1 = CoreV1Api()
self.storage_class = StorageV1Api()
self.k8s_client = ApiClient(Configuration())
self.daemon = AppsV1Api(ApiClient())
def main(args):
# load job definition from the job file
with open(args.job, 'r') as fi:
job = yaml.safe_load(fi)
config.load_kube_config()
c = Configuration()
sch = PodScheduler(
name=job['name'],
image=job['image'],
tasks=job['tasks'],
node_selector=job.get('nodeSelector'),
namespace=job.get('ns', 'default'),
workers_num=job.get('workers_num', 50)
)
sch.run_scheduler()
def print_join_token():
import os
from api.api_client import running_in_docker_container
from kubernetes.client import Configuration
master_ip = Configuration().host.split(':')[1][2:]
master_port = Configuration().host.split(':')[2]
ca_cert = '/etc/kubernetes/pki/ca.crt'
if not os.path.exists(ca_cert):
ca_cert = '/etc/kubernetes/ca.crt'
if running_in_docker_container():
ca_cert = '/tmp' + ca_cert
join_token_path = os.path.dirname(os.path.realpath(__file__)) + '/engine/join_token.sh'
tokens = engine.utils.list_boostrap_tokens_decoded()
if not tokens:
print("No bootstrap tokens exist")
else:
for token in tokens:
command = 'sh ' + join_token_path + ' ' + ' '.join([master_ip, master_port, ca_cert, token])
print('\nExecute: %s' % command)
os.system(command)
def load_kube_config(config_file=None,
context=None,
client_configuration=None,
persist_config=True):
"""Loads authentication and cluster information from kube-config file
and stores them in kubernetes.client.configuration.
:param config_file: Name of the kube-config file.
:param context: set the active context. If is set to None, current_context
from config file will be used.
:param client_configuration: The kubernetes.client.Configuration to
set configs to.
:param persist_config: If True, config file will be updated when changed
(e.g GCP token refresh).
"""
if config_file is None:
config_file = os.path.expanduser(KUBE_CONFIG_DEFAULT_LOCATION)
config_persister = None
if persist_config:
def _save_kube_config(config_map):
with open(config_file, 'w') as f:
yaml.safe_dump(config_map, f, default_flow_style=False)
config_persister = _save_kube_config
loader = _get_kube_config_loader_for_yaml_file(
config_file, active_context=context, config_persister=config_persister)
if client_configuration is None:
config = type.__call__(Configuration)
loader.load_and_set(config)
Configuration.set_default(config)
else:
loader.load_and_set(client_configuration)
def __init__(self):
config = ConfigParser()
config.read("config.ini")
self.token = config.get("kubernetes", "token")
self.host = "https://{}:6443".format(
config.get("kubernetes", "api_host"))
self.configuration = Configuration()
self.configuration.api_key['authorization'] = self.token
self.configuration.api_key_prefix['authorization'] = 'Bearer'
self.configuration.host = self.host
self.configuration.verify_ssl = False
self.api_client = ApiClient(self.configuration)
self.api_client.configuration.debug = True
self.node_list = [
i.strip() for i in config.get("kubernetes", "node").split(",")
]
def get_config(cluster):
'''
:param cluster: k8s集群的配置对象
:return: 返回一个config对象
'''
configuration = Configuration()
configuration.verify_ssl = False
configuration.host = cluster.api
configuration.api_key['authorization'] = cluster.token
configuration.api_key_prefix['authorization'] = 'Bearer'
return configuration
def main(args):
# load job definition from the job file
with open(args.job, 'r') as fi:
job = yaml.safe_load(fi)
config.load_kube_config()
c = Configuration()
assert os.path.exists(args.log_path) and os.path.isdir(args.log_path)
sch = PodScheduler(pod_name=job['name'],
image=job['image'],
tasks=job['tasks'],
node_selector=job.get('nodeSelector'),
namespace=job.get('ns', 'default'),
workers_num=job.get('workers_num', 50),
log_path=args.log_path,
verbose=args.verbose)
sch.run_scheduler()
print("main: done")
def get_api_client() -> CoreV1Api:
"""
Obtain API client for kubenernetes; if running in a pod,
load service account identity, otherwise load kubeconfig
"""
logger.debug("Initialize kubernetes client")
configuration = Configuration()
if "KUBERNETES_SERVICE_HOST" in os.environ:
logger.info("loading incluster config")
load_incluster_config(client_configuration=configuration)
else:
logger.info("loading kubeconfig")
load_kube_config(client_configuration=configuration)
if not configuration.api_key:
raise SandcastleException(
"No api_key, can't access any cluster.\n")
return CoreV1Api(ApiClient(configuration=configuration))
def main():
logger = create_logger(PurePath(__file__).stem)
config.load_incluster_config()
configuration = Configuration()
configuration.verify_ssl = False
configuration.assert_hostname = False
urllib3.disable_warnings()
Configuration.set_default(configuration)
api = core_v1_api.CoreV1Api()
label_selector = getenv('LABEL_SELECTOR', 'role=greyhole')
namespace = getenv('NAMESPACE', 'storage')
command_switch = getenv('COMMAND_SWITCH', '')
k8s_response = api.list_namespaced_pod(namespace=namespace,
label_selector=label_selector)
logger.info(f'ENV Commands {label_selector} {namespace} {command_switch}')
logger.debug(f'{k8s_response}')
for pod in k8s_response.items:
name = pod.metadata.name
k8s_response = api.read_namespaced_pod(name=name, namespace=namespace)
exec_command = ['/bin/sh', '-c']
if command_switch.lower() == 'monthly':
exec_command.append('greyhole --fsck --checksums')
elif command_switch.lower() == 'weekly':
exec_command.append(
'greyhole --fsck --dont-walk-metadata-store --disk-usage-report'
)
elif command_switch.lower() == 'daily':
exec_command.append(
'greyhole --fsck --if-conf-changed --dont-walk-metadata-store')
else:
exec_command.append('greyhole --process-spool --keepalive')
k8s_response = stream(api.connect_get_namespaced_pod_exec,
name,
namespace,
command=exec_command,
stderr=True,
stdin=False,
stdout=True,
tty=False)
logger.info(f'Cleanup {name}: {k8s_response}')
logger.info(f'Successfully executed cron job')
def testDefaultConfiguration(self):
# prepare default configuration
c1 = Configuration(host="example.com")
c1.debug = True
Configuration.set_default(c1)
# get default configuration
c2 = Configuration.get_default_copy()
self.assertEqual(c2.host, "example.com")
self.assertTrue(c2.debug)
self.assertNotEqual(id(c1.api_key), id(c2.api_key))
self.assertNotEqual(id(c1.api_key_prefix), id(c2.api_key_prefix))
def _set_config(self, refresh_token):
configuration = Configuration()
configuration.host = self.host
configuration.ssl_ca_cert = self.ssl_ca_cert
configuration.api_key['authorization'] = "bearer " + self.token
Configuration.set_default(configuration)
if not refresh_token:
return
def wrap(f):
in_cluster_config = self
def wrapped(self, identifier):
if identifier == 'authorization' and identifier in self.api_key and in_cluster_config.token_expires_at <= datetime.datetime.now():
in_cluster_config._read_token_file()
self.api_key[identifier] = "bearer " + in_cluster_config.token
return f(self, identifier)
return wrapped
Configuration.get_api_key_with_prefix = wrap(Configuration.get_api_key_with_prefix)
def _load_incluster_config():
incluster_config.load_incluster_config()
config = Configuration()
namespace_path = join(dirname(incluster_config.SERVICE_CERT_FILENAME),
'namespace')
with open(namespace_path) as fd:
config.namespace = fd.read().strip()
# [todo] is there a better way to do this?
with open('/etc/resolv.conf') as fd:
data = fd.read().strip().split('\n')
config.dns_domain = [
line for line in data if line.startswith('search')
][0].split()[3]
Configuration.set_default(config)
return Configuration._default
def __init__(self, alg):
""" Intializes the connection. If algorithm object includes
a remote cluster, use that. Otherwise, use this cluster.
"""
if alg.cluster:
host = alg.cluster.host
port = alg.cluster.port
token = alg.cluster.token
fd, cert = tempfile.mkstemp(text=True)
with open(fd, 'w') as f:
f.write(alg.cluster.cert)
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'{PROTO}{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
self.corev1 = CoreV1Api(api_client)
self.custom = CustomObjectsApi(api_client)
else:
load_incluster_config()
self.corev1 = CoreV1Api()
self.custom = CustomObjectsApi()
# Read in the manifest.
if alg.manifest:
self.manifest = yaml.safe_load(alg.manifest.open(mode='r'))
if 'volumeClaimTemplates' in self.manifest['spec']:
for claim in self.manifest['spec']['volumeClaimTemplates']:
storage_class_name = claim['spec'].get(
'storageClassName', None)
if storage_class_name is None:
claim['storageClassName'] = os.getenv(
'WORKFLOW_STORAGE_CLASS')
logger.warning(
f"Implicitly sc to pvc of Algo:{alg.pk}")
# Save off the algorithm.
self.alg = alg
def load_kubernetes_config():
"""
dynamic load config file
:return:
"""
# use kube config default location while there are no ENVIRONMENTS about kubernetes config
try:
if KUBE_HOST is not None:
from kubernetes.client import Configuration
configuration = Configuration()
configuration.host = KUBE_HOST
configuration.verify_ssl = False
Configuration.set_default(configuration)
return
config.load_kube_config()
if KUBE_CONFIG_FILE is not None:
config.load_kube_config(KUBE_CONFIG_FILE)
except FileNotFoundError as e:
raise Exception(str(e), 500)
def __init__(self):
""" Intializes the connection. If environment variables for
remote transcode are defined, connect to that cluster.
"""
host = os.getenv('REMOTE_TRANSCODE_HOST')
port = os.getenv('REMOTE_TRANSCODE_PORT')
token = os.getenv('REMOTE_TRANSCODE_TOKEN')
cert = os.getenv('REMOTE_TRANSCODE_CERT')
if host:
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
self.corev1 = CoreV1Api(api_client)
self.custom = CustomObjectsApi(api_client)
else:
load_incluster_config()
self.corev1 = CoreV1Api()
self.custom = CustomObjectsApi()
def _load_kube_config(*args, **kwargs):
try:
kube_config.load_kube_config()
except kubernetes.ConfigException as exc:
if 'File does not exist' in exc.message:
raise KubedConfigNotFound from exc
elif 'Invalid kube-config file' in exc.message:
raise KubedConfigInvalid from exc
config = Configuration()
config_path = kwargs.get(
'config_file', expanduser(kube_config.KUBE_CONFIG_DEFAULT_LOCATION))
with open(config_path) as fd:
data = yaml.load(fd)
current_ctx = data['current-context']
for context in data['contexts']:
if context['name'] == current_ctx:
config.namespace = context['context']['namespace']
config.dns_domain = os.getenv('KUBE_DOMAIN', 'cluster.local')
Configuration.set_default(config)
return Configuration._default
def connect():
if os.environ.get('RD_CONFIG_ENV') == 'incluster':
config.load_incluster_config()
return
config_file = None
if os.environ.get('RD_CONFIG_CONFIG_FILE'):
config_file = os.environ.get('RD_CONFIG_CONFIG_FILE')
url = None
if os.environ.get('RD_CONFIG_URL'):
url = os.environ.get('RD_CONFIG_URL')
verify_ssl = None
if os.environ.get('RD_CONFIG_VERIFY_SSL'):
verify_ssl = os.environ.get('RD_CONFIG_VERIFY_SSL')
ssl_ca_cert = None
if os.environ.get('RD_CONFIG_SSL_CA_CERT'):
ssl_ca_cert = os.environ.get('RD_CONFIG_SSL_CA_CERT')
token = None
if os.environ.get('RD_CONFIG_TOKEN'):
token = os.environ.get('RD_CONFIG_TOKEN')
log.debug("config file")
log.debug(config_file)
log.debug("-------------------")
if config_file:
log.debug("getting settings from file %s" % config_file)
config.load_kube_config(config_file=config_file)
else:
if url:
log.debug("getting settings from pluing configuration")
configuration = Configuration()
configuration.host = url
if verify_ssl == 'true':
configuration.verify_ssl = verify_ssl
else:
configuration.verify_ssl = None
if ssl_ca_cert:
configuration.ssl_ca_cert = ssl_ca_cert
configuration.api_key['authorization'] = token
configuration.api_key_prefix['authorization'] = 'Bearer'
client.Configuration.set_default(configuration)
else:
log.debug("getting from default config file")
config.load_kube_config()
c = Configuration()
c.assert_hostname = False
Configuration.set_default(c)
def _set_config(self):
configuration = Configuration()
configuration.host = self.host
configuration.ssl_ca_cert = self.ssl_ca_cert
configuration.api_key['authorization'] = "bearer " + self.token
Configuration.set_default(configuration)
def __init__(self,
cluster_spec,
cluster_conf=None,
kubeconfig=None,
kubeconfig_context=None,
cephfs=False,
cephfs_volume_size=None,
cvmfs=False,
debug=False,
url=None):
"""Initialise Kubernetes specific ReanaBackend-object.
:param cluster_spec: Dictionary representing complete REANA
cluster spec file.
:param cluster_conf: A generator/iterable of Kubernetes YAML manifests
of REANA components as Python objects. If set to `None`
cluster_conf will be generated from manifest templates in
`templates` folder specified in `_conf.templates_folder`
:param kubeconfig: Name of the kube-config file to use for configuring
reana-cluster. If set to `None` then `$HOME/.kube/config` will be
used.
Note: Might pickup a config-file defined in $KUBECONFIG as well.
:param kubeconfig_context: set the active context. If is set to `None`,
current_context from config file will be used.
:param cephfs: Boolean flag toggling the usage of a cephfs volume as
storage backend.
:param cephfs_volume_size: Int number which represents cephfs volume
size (GB)
:param cvmfs: Boolean flag toggling the mounting of cvmfs volumes in
the cluster pods.
:param debug: Boolean flag setting debug mode.
:param url: REANA cluster url.
"""
logging.debug('Creating a ReanaBackend object '
'for Kubernetes interaction.')
# Load Kubernetes cluster configuration. If reana-cluster.yaml
# doesn't specify this K8S Python API defaults to '$HOME/.kube/config'
self.kubeconfig = kubeconfig or \
cluster_spec['cluster'].get('config', None)
self.kubeconfig_context = kubeconfig_context or \
cluster_spec['cluster'].get('config_context', None)
k8s_api_client_config = Configuration()
if cluster_spec['cluster'].get('kubeproxy', None):
k8s_api_client_config.host = cluster_spec['cluster'].get(
'kubeproxy')
else:
k8s_config.load_kube_config(kubeconfig, self.kubeconfig_context,
k8s_api_client_config)
Configuration.set_default(k8s_api_client_config)
# Instantiate clients for various Kubernetes REST APIs
self._corev1api = k8s_client.CoreV1Api()
self._versionapi = k8s_client.VersionApi()
self._extbetav1api = k8s_client.ExtensionsV1beta1Api()
self._rbacauthorizationv1api = k8s_client.RbacAuthorizationV1Api()
self._storagev1api = k8s_client.StorageV1Api()
self.k8s_api_client_config = k8s_api_client_config
self.cluster_spec = cluster_spec
self.cluster_conf = cluster_conf or \
self.generate_configuration(cluster_spec,
cephfs=cephfs,
cephfs_volume_size=cephfs_volume_size,
debug=debug,
url=url)
def test_get_api_key_with_prefix_returns_token(self):
expected_token = 'expected_token'
config = Configuration()
config.api_key['authorization'] = expected_token
self.assertEqual(expected_token,
config.get_api_key_with_prefix('authorization'))
def _get_api(cluster):
""" Get custom objects api associated with a cluster specifier.
"""
if cluster is None:
load_incluster_config()
api = CustomObjectsApi()
elif cluster == 'remote_transcode':
host = os.getenv('REMOTE_TRANSCODE_HOST')
port = os.getenv('REMOTE_TRANSCODE_PORT')
token = os.getenv('REMOTE_TRANSCODE_TOKEN')
cert = os.getenv('REMOTE_TRANSCODE_CERT')
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
api = CustomObjectsApi(api_client)
else:
cluster_obj = JobCluster.objects.get(pk=cluster)
host = cluster_obj.host
port = cluster_obj.port
token = cluster_obj.token
fd, cert = tempfile.mkstemp(text=True)
with open(fd, 'w') as f:
f.write(cluster_obj.cert)
conf = Configuration()
conf.api_key['authorization'] = token
conf.host = f'https://{host}:{port}'
conf.verify_ssl = True
conf.ssl_ca_cert = cert
api_client = ApiClient(conf)
api = CustomObjectsApi(api_client)
return api
import time
from kubernetes import config
from kubernetes.client import Configuration
from kubernetes.client.apis import core_v1_api
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream
config.load_kube_config()
c = Configuration()
c.assert_hostname = False
Configuration.set_default(c)
api = core_v1_api.CoreV1Api()
name = 'busybox-test'
resp = None
try:
resp = api.read_namespaced_pod(name=name,
namespace='default')
except ApiException as e:
if e.status != 404:
print("Unknown error: %s" % e)
exit(1)
if not resp:
print("Pod %s does not exist. Creating it..." % name)
pod_manifest = {
'apiVersion': 'v1',
'kind': 'Pod',
'metadata': {
'name': name
def __init__(self,
cluster_spec,
cluster_conf=None,
kubeconfig=None,
kubeconfig_context=None,
eos=False,
cephfs=False,
cephfs_volume_size=None,
cephfs_storageclass=None,
cephfs_os_share_id=None,
cephfs_os_share_access_id=None,
debug=False,
url=None,
ui=None):
"""Initialise Kubernetes specific ReanaBackend-object.
:param cluster_spec: Dictionary representing complete REANA
cluster spec file.
:param cluster_conf: A generator/iterable of Kubernetes YAML manifests
of REANA components as Python objects. If set to `None`
cluster_conf will be generated from manifest templates in
`templates` folder specified in `_conf.templates_folder`
:param kubeconfig: Name of the kube-config file to use for configuring
reana-cluster. If set to `None` then `$HOME/.kube/config` will be
used.
Note: Might pickup a config-file defined in $KUBECONFIG as well.
:param kubeconfig_context: set the active context. If is set to `None`,
current_context from config file will be used.
:param eos: Boolean flag toggling the mount of EOS volume for jobs.
:param cephfs: Boolean flag toggling the usage of a cephfs volume as
storage backend.
:param cephfs_volume_size: Int number which represents cephfs volume
size (GB)
:param cephfs_storageclass: Name of an existing cephfs storageclass.
:param cephfs_os_share_id: CephFS Manila share id.
:param cephfs_os_share_access_id: CephFS Manila share access id.
:param debug: Boolean flag setting debug mode.
:param url: REANA cluster url.
:param ui: Should REANA be deployed with REANA-UI?.
"""
logging.debug('Creating a ReanaBackend object '
'for Kubernetes interaction.')
# Load Kubernetes cluster configuration. If reana-cluster-minikube.yaml
# doesn't specify this K8S Python API defaults to '$HOME/.kube/config'
self.kubeconfig = kubeconfig or \
cluster_spec['cluster'].get('config', None)
self.kubeconfig_context = kubeconfig_context or \
cluster_spec['cluster'].get('config_context', None)
k8s_api_client_config = Configuration()
k8s_config.load_kube_config(kubeconfig, self.kubeconfig_context,
k8s_api_client_config)
Configuration.set_default(k8s_api_client_config)
# Instantiate clients for various Kubernetes REST APIs
self._corev1api = k8s_client.CoreV1Api()
self._versionapi = k8s_client.VersionApi()
self._appsv1api = k8s_client.AppsV1Api()
self._rbacauthorizationv1api = k8s_client.RbacAuthorizationV1Api()
self._storagev1api = k8s_client.StorageV1Api()
self._networkingv1api = k8s_client.NetworkingV1beta1Api()
self.k8s_api_client_config = k8s_api_client_config
self.cluster_spec = cluster_spec
self.cluster_conf = cluster_conf or \
self.generate_configuration(
cluster_spec,
eos=eos,
cephfs=cephfs,
cephfs_volume_size=cephfs_volume_size,
cephfs_storageclass=cephfs_storageclass,
cephfs_os_share_id=cephfs_os_share_id,
cephfs_os_share_access_id=cephfs_os_share_access_id,
debug=debug,
url=url,
ui=ui)
def k8s_default_config() -> Configuration:
return Configuration()
def main():
# INFO furiousassault: backward compatibility rough attempt
# must be removed later according to https://github.com/2gis/k8s-handle/issues/40
deprecation_warnings = 0
filtered_arguments = []
for argument in sys.argv[1:]:
if argument in ['--sync-mode=true', '--sync-mode=True', '--dry-run=true', '--dry-run=True']:
deprecation_warnings += 1
filtered_arguments.append(argument.split('=')[0])
continue
if argument in ['--sync-mode=false', '--sync-mode=False', '--dry-run=false', '--dry-run=False']:
deprecation_warnings += 1
continue
filtered_arguments.append(argument)
args, unrecognized_args = parser.parse_known_args(filtered_arguments)
if deprecation_warnings or unrecognized_args:
log.warning("Explicit true/false arguments to --sync-mode and --dry-run keys are deprecated "
"and will be removed in the future. Use these keys without arguments instead.")
if 'config' in args and args.config:
settings.CONFIG_FILE = args.config
if 'tries' in args:
settings.CHECK_STATUS_TRIES = args.tries
settings.CHECK_DAEMONSET_STATUS_TRIES = args.tries
if 'retry_delay' in args:
settings.CHECK_STATUS_TIMEOUT = args.retry_delay
settings.CHECK_DAEMONSET_STATUS_TIMEOUT = args.retry_delay
if 'strict' in args:
settings.GET_ENVIRON_STRICT = args.strict
if 'tail_lines' in args:
settings.COUNT_LOG_LINES = args.tail_lines
show_logs = False
if 'show_logs' in args:
show_logs = args.show_logs
try:
context = config.load_context_section(args.section)
render = templating.Renderer(settings.TEMPLATES_DIR)
resources = render.generate_by_context(context)
# INFO rvadim: https://github.com/kubernetes-client/python/issues/430#issuecomment-359483997
if args.dry_run:
return
if 'use_kubeconfig' in args and args.use_kubeconfig:
load_kube_config()
namespace = list_kube_config_contexts()[1].get('context').get('namespace')
if not namespace:
raise RuntimeError("Unable to determine namespace of current context")
settings.K8S_NAMESPACE = namespace
else:
Configuration.set_default(get_client_config(context))
check_required_vars(context, ['k8s_master_uri', 'k8s_token', 'k8s_ca_base64', 'k8s_namespace'])
if context.get('k8s_namespace'):
settings.K8S_NAMESPACE = context.get('k8s_namespace')
log.info('Default namespace "{}"'.format(settings.K8S_NAMESPACE))
p = Provisioner(args.command, args.sync_mode, show_logs)
d = ApiDeprecationChecker(VersionApi().get_code().git_version[1:])
for resource in resources:
d.run(resource)
for resource in resources:
p.run(resource)
except templating.TemplateRenderingError as e:
log.error('Template generation error: {}'.format(e))
sys.exit(1)
except InvalidYamlError as e:
log.error('{}'.format(e))
sys.exit(1)
except DeprecationError as e:
log.error('Deprecation warning: {}'.format(e))
sys.exit(1)
except RuntimeError as e:
log.error('RuntimeError: {}'.format(e))
sys.exit(1)
except ProvisioningError:
sys.exit(1)
print('''
_(_)_ wWWWw _
@@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_
@@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_)
@@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)
/ Y \| \|/ /(_) \| |/ |
\ | \ |/ | / \ | / \|/ |/ \| \|/
\|// \|/// \|// \|/// \|/// \|// |// \|//
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^''')
def _set_config(self):
configuration = Configuration()
configuration.host = self.host
configuration.ssl_ca_cert = self.ssl_ca_cert
configuration.api_key['authorization'] = "bearer " + self.token
Configuration.set_default(configuration)
def update_ecr():
logger.info('Starting ECR secret update loop ..')
client = boto3.client('ecr')
response = client.get_authorization_token()
token = response['authorizationData'][0]['authorizationToken']
server = response['authorizationData'][0]['proxyEndpoint']
bare_server = server.replace('https://', '')
decoded_token = base64.b64decode(token).decode('utf-8')
registry_username = decoded_token.split(':')[0]
registry_password = decoded_token.split(':')[1]
k8s_config = Configuration()
k8s_config.host = kubernetes_api_endpoint
k8s_api_client = ApiClient(configuration=k8s_config)
v1 = k8sclient.CoreV1Api(api_client=k8s_api_client)
secrets = v1.list_secret_for_all_namespaces()
registry_secrets = [
x for x in secrets.items if x.metadata.name == pull_secret_name
]
logger.info('Found %s registry_secrets matching name %s',
len(registry_secrets), pull_secret_name)
for secret in registry_secrets:
secret_name = secret.metadata.name
if secret.type == 'kubernetes.io/dockercfg':
logger.info(
'Updating secret %s (type kubernetes.io/dockercfg) in namespace %s',
secret_name, secret.metadata.namespace)
k8s_secret = {
server: {
'username': registry_username,
'password': registry_password
}
}
b64_k8s_secret = base64.b64encode(
json.dumps(k8s_secret).encode('utf-8')).decode('utf-8')
body = {
'kind': 'Secret',
'apiVersion': 'v1',
'metadata': {
'name': pull_secret_name,
'creationTimestamp': None
},
'data': {
'.dockercfg': b64_k8s_secret
},
'type': 'kubernetes.io/dockercfg'
}
res = v1.patch_namespaced_secret(secret.metadata.name,
secret.metadata.namespace, body)
elif secret.type == 'kubernetes.io/dockerconfigjson':
logger.info(
'Updating secret %s (type kubernetes.io/dockerconfigjson) in namespace %s',
secret_name, secret.metadata.namespace)
k8s_secret = {
'auths': {
bare_server: {
'username': registry_username,
'password': registry_password
}
}
}
b64_k8s_secret = base64.b64encode(
json.dumps(k8s_secret).encode('utf-8')).decode('utf-8')
body = {
'kind': 'Secret',
'apiVersion': 'v1',
'metadata': {
'name': pull_secret_name,
'creationTimestamp': None
},
'data': {
'.dockerconfigjson': b64_k8s_secret
},
'type': 'kubernetes.io/dockerconfigjson'
}
res = v1.patch_namespaced_secret(secret.metadata.name,
secret.metadata.namespace, body)
else:
logger.warning('Unknown secret type for secret name %s: %s'.format(
secret_name, secret.type))
def load_k8s_config():
c = Configuration()
c.assert_hostname = False
Configuration.set_default(c)
k8sconfig.load_incluster_config()
def run(self, args) -> int:
cache_client.connect(url=args.redis_url)
if args.kube_config != "" or args.kube_master != "":
self.logger.info("Using kube-config configuration")
Configuration.set_default(Configuration())
if args.kube_config != "":
config.load_kube_config(config_file=args.kube_config)
if args.kube_master != "":
Configuration._default.host = args.kube_master
else:
self.logger.info("Using in-cluster configuration")
config.load_incluster_config()
while True:
try:
client.CoreV1Api().list_namespace()
break
except urllib3.exceptions.HTTPError as e:
self.logger.error("Error connecting to the Kubernetes API. Trying again in 5 seconds. Error: " + str(e))
time.sleep(5)
old_json_encoder = json.JSONEncoder.default
def json_encoder(self, o): # pragma: no cover
if isinstance(o, uuid.UUID):
return str(o)
if isinstance(o, arrow.Arrow):
return o.isoformat()
if isinstance(o, ipaddress.IPv4Network):
return str(o)
if isinstance(o, ipaddress.IPv4Address):
return str(o)
if isinstance(o, enum.Enum):
return o.value
if isinstance(o, datetime.datetime):
return str(o.isoformat())
return old_json_encoder(self, o)
json.JSONEncoder.default = json_encoder
self.logger.info("Creating CRDs")
IAMSystemRole.create_crd()
IAMSystemRole.wait_for_crd()
IAMProjectRole.create_crd()
IAMProjectRole.wait_for_crd()
IAMPolicy.create_crd()
IAMPolicy.wait_for_crd()
IAMPolicy.create_system_policy()
SystemServiceAccount.create_crd()
SystemServiceAccount.wait_for_crd()
ProjectServiceAccount.create_crd()
ProjectServiceAccount.wait_for_crd()
IAMSystemRole.create_default_roles()
SystemServiceAccount.create_admin_sa()
ProjectQuota.create_crd()
ProjectQuota.wait_for_crd()
Region.create_crd()
Region.wait_for_crd()
Zone.create_crd()
Zone.wait_for_crd()
Network.create_crd()
Network.wait_for_crd()
NetworkPort.create_crd()
NetworkPort.wait_for_crd()
Image.create_crd()
Image.wait_for_crd()
Flavor.create_crd()
Flavor.wait_for_crd()
Volume.create_crd()
Volume.wait_for_crd()
Instance.create_crd()
Instance.wait_for_crd()
Keypair.create_crd()
Keypair.wait_for_crd()
self.logger.info("CRDs have been created")
self.menu_url = args.menu_url
self.vmware = VMWare(args.vcenter_host, args.vcenter_port, args.vcenter_username, args.vcenter_password)
self.leader_elector = LeaderElector("sandwich-controller", "kube-system", self.on_started_leading,
self.on_stopped_leading)
self.leader_elector.start()
return 0
#! /usr/local/bin/python
import time
from kubernetes import config
from kubernetes.client import Configuration
from kubernetes.client.apis import core_v1_api
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream
config.load_kube_config()
c = Configuration()
c.assert_hostname = False
Configuration.set_default(c)
api = core_v1_api.CoreV1Api()
name = 'busybox-test'
resp = None
try:
resp = api.read_namespaced_pod(name=name, namespace='default')
except ApiException as e:
if e.status != 404:
print("Unknown error: %s" % e)
exit(1)
if not resp:
print("Pod %s does not exist. Creating it..." % name)
pod_manifest = {
'apiVersion': 'v1',
'kind': 'Pod',
'metadata': {
def __init__(self):
config.load_kube_config(config_file='/root/zcc/hello/config')
c = Configuration()
c.assert_hostname = False
Configuration.set_default(c)
self.api = core_v1_api.CoreV1Api()
import time
from yaml import load as load_yaml
from flask import Flask
from json import dumps
from kubernetes import client
from kubernetes.client import Configuration, ApiClient
from kubernetes.client.rest import ApiException
app = Flask(__name__)
k8s_local_config = Configuration()
k8s_local_config.host = "localhost:8001"
k8s_local_client = ApiClient(config=k8s_local_config)
batch_api = client.BatchV1Api(api_client=k8s_local_client)
@app.route('/trigger-job', methods=['POST'])
def trigger_job():
print('trigger-job')
with open('job-template.yaml', 'r') as yaml_file:
job_spec = load_yaml(yaml_file)
job_spec['metadata']['name'] = 'job-%s' % int(time.time() * 1000)
try:
batch_api.create_namespaced_job('default', job_spec)
return dumps({'result': job_spec['metadata']['name']}), 200, {
"Content-Type": "application/json"