def _get_api(cluster): """ Get custom objects api associated with a cluster specifier. """ if cluster is None: load_incluster_config() api = CustomObjectsApi() elif cluster == 'remote_transcode': host = os.getenv('REMOTE_TRANSCODE_HOST') port = os.getenv('REMOTE_TRANSCODE_PORT') token = os.getenv('REMOTE_TRANSCODE_TOKEN') cert = os.getenv('REMOTE_TRANSCODE_CERT') conf = Configuration() conf.api_key['authorization'] = token conf.host = f'https://{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) api = CustomObjectsApi(api_client) else: cluster_obj = JobCluster.objects.get(pk=cluster) host = cluster_obj.host port = cluster_obj.port token = cluster_obj.token fd, cert = tempfile.mkstemp(text=True) with open(fd, 'w') as f: f.write(cluster_obj.cert) conf = Configuration() conf.api_key['authorization'] = token conf.host = f'https://{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) api = CustomObjectsApi(api_client) return api
def connect(): config_file = None if os.environ.get('RD_CONFIG_ENV') == 'incluster': config.load_incluster_config() return if os.environ.get('RD_CONFIG_CONFIG_FILE'): config_file = os.environ.get('RD_CONFIG_CONFIG_FILE') url = None if os.environ.get('RD_CONFIG_URL'): url = os.environ.get('RD_CONFIG_URL') verify_ssl = None if os.environ.get('RD_CONFIG_VERIFY_SSL'): verify_ssl = os.environ.get('RD_CONFIG_VERIFY_SSL') ssl_ca_cert = None if os.environ.get('RD_CONFIG_SSL_CA_CERT'): ssl_ca_cert = os.environ.get('RD_CONFIG_SSL_CA_CERT') token = None if os.environ.get('RD_CONFIG_TOKEN'): token = os.environ.get('RD_CONFIG_TOKEN') log.debug("config file") log.debug(config_file) log.debug("-------------------") if config_file: log.debug("getting settings from file %s" % config_file) config.load_kube_config(config_file=config_file) else: if url: log.debug("getting settings from pluing configuration") configuration = Configuration() configuration.host = url if verify_ssl == 'true': configuration.verify_ssl = verify_ssl else: configuration.verify_ssl = None if ssl_ca_cert: configuration.ssl_ca_cert = ssl_ca_cert configuration.api_key['authorization'] = token configuration.api_key_prefix['authorization'] = 'Bearer' client.Configuration.set_default(configuration) else: log.debug("getting from default config file") config.load_kube_config() c = Configuration() c.assert_hostname = False Configuration.set_default(c)
def connect(): config_file = None if os.environ.get('RD_CONFIG_ENV') == 'incluster': config.load_incluster_config() return if os.environ.get('RD_CONFIG_CONFIG_FILE'): config_file = os.environ.get('RD_CONFIG_CONFIG_FILE') elif os.environ.get('RD_NODE_KUBERNETES_CONFIG_FILE'): config_file = os.environ.get('RD_NODE_KUBERNETES_CONFIG_FILE') verify_ssl = os.environ.get('RD_CONFIG_VERIFY_SSL') ssl_ca_cert = os.environ.get('RD_CONFIG_SSL_CA_CERT') url = os.environ.get('RD_CONFIG_URL') token = os.environ.get('RD_CONFIG_TOKEN') if not token: token = os.environ.get('RD_CONFIG_TOKEN_STORAGE_PATH') log.debug("config file") log.debug(config_file) log.debug("-------------------") if config_file: log.debug("getting settings from file %s", config_file) config.load_kube_config(config_file=config_file) else: if url and token: log.debug("getting settings from plugin configuration") configuration = Configuration() configuration.host = url if verify_ssl == 'true': configuration.verify_ssl = verify_ssl else: configuration.verify_ssl = None configuration.assert_hostname = False if ssl_ca_cert: configuration.ssl_ca_cert = ssl_ca_cert configuration.api_key['authorization'] = token configuration.api_key_prefix['authorization'] = 'Bearer' client.Configuration.set_default(configuration) else: log.debug( "Either URL or Token is not defined. Fall back to getting settings from default config file [$home/.kube/config]" ) config.load_kube_config()
def __configure_by_params(self): """ Return API client from configuration file """ auth_args = AUTH_ARG_SPEC.keys() core_configuration = Configuration() for key, value in iteritems(self.params): if key in auth_args and value is not None: if key == 'api_key': setattr( sdk.configuration, key, {'authorization': "Bearer {0}".format(value)}) setattr( core_configuration, key, {'authorization': "Bearer {0}".format(value)}) else: setattr(sdk.configuration, key, value) setattr(core_configuration, key, value) if not self.params.get('verify_ssl'): sdk.configuration.verify_ssl = False core_configuration.verify_ssl = False kube_config.load_kube_config(client_configuration=sdk.configuration) Configuration.set_default(core_configuration) return sdk.DefaultApi(), core_client.CoreV1Api()
def _load_kube_config(self): config.load_kube_config('/etc/kubernetes/admin.conf') # Workaround: Turn off SSL/TLS verification c = Configuration() c.verify_ssl = False Configuration.set_default(c)
def build_client(self): configuration = Configuration() configuration.api_key['authorization'] = "Bearer {}".format(self.auth_info['K8S-Token']) configuration.host = self.auth_info['K8S-Endpoint'] configuration.verify_ssl = self._verify_ssl api_client = ApiClient(configuration) return K8sClient(api_client)
def _disable_verify_ssl() -> None: if hasattr(Configuration, 'get_default_copy'): configuration = Configuration.get_default_copy() else: configuration = Configuration() configuration.verify_ssl = False Configuration.set_default(configuration)
def __init__(self, alg): """ Intializes the connection. If algorithm object includes a remote cluster, use that. Otherwise, use this cluster. """ if alg.cluster: host = alg.cluster.host port = alg.cluster.port token = alg.cluster.token fd, cert = tempfile.mkstemp(text=True) with open(fd, 'w') as f: f.write(alg.cluster.cert) conf = Configuration() conf.api_key['authorization'] = token conf.host = f'{PROTO}{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) self.corev1 = CoreV1Api(api_client) self.custom = CustomObjectsApi(api_client) else: load_incluster_config() self.corev1 = CoreV1Api() self.custom = CustomObjectsApi() # Read in the manifest. if alg.manifest: self.manifest = yaml.safe_load(alg.manifest.open(mode='r')) # Save off the algorithm. self.alg = alg
def __init__(self): """ Intializes the connection. If environment variables for remote transcode are defined, connect to that cluster. """ host = os.getenv('REMOTE_TRANSCODE_HOST') port = os.getenv('REMOTE_TRANSCODE_PORT') token = os.getenv('REMOTE_TRANSCODE_TOKEN') cert = os.getenv('REMOTE_TRANSCODE_CERT') self.remote = host is not None if self.remote: conf = Configuration() conf.api_key['authorization'] = token conf.host = f'https://{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) self.corev1 = CoreV1Api(api_client) self.custom = CustomObjectsApi(api_client) else: load_incluster_config() self.corev1 = CoreV1Api() self.custom = CustomObjectsApi() self.setup_common_steps()
def _refresh_oidc(self, provider): config = Configuration() if 'idp-certificate-authority-data' in provider['config']: ca_cert = tempfile.NamedTemporaryFile(delete=True) if PY3: cert = base64.b64decode( provider['config']['idp-certificate-authority-data'] ).decode('utf-8') else: cert = base64.b64decode( provider['config']['idp-certificate-authority-data'] + "==" ) with open(ca_cert.name, 'w') as fh: fh.write(cert) config.ssl_ca_cert = ca_cert.name else: config.verify_ssl = False client = ApiClient(configuration=config) response = client.request( method="GET", url="%s/.well-known/openid-configuration" % provider['config']['idp-issuer-url'] ) if response.status != 200: return response = json.loads(response.data) request = OAuth2Session( client_id=provider['config']['client-id'], token=provider['config']['refresh-token'], auto_refresh_kwargs={ 'client_id': provider['config']['client-id'], 'client_secret': provider['config']['client-secret'] }, auto_refresh_url=response['token_endpoint'] ) try: refresh = request.refresh_token( token_url=response['token_endpoint'], refresh_token=provider['config']['refresh-token'], auth=(provider['config']['client-id'], provider['config']['client-secret']), verify=config.ssl_ca_cert if config.verify_ssl else None ) except oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: return provider['config'].value['id-token'] = refresh['id_token'] provider['config'].value['refresh-token'] = refresh['refresh_token']
def client(self): configuration = Configuration() configuration.api_key['authorization'] = "Bearer {}".format( self.headers['K8S-Token']) configuration.host = self.headers['K8S-Endpoint'] configuration.verify_ssl = self._verify_ssl api_client = ApiClient(configuration) return CoreV1Api(api_client)
def get_api_client(self): configuration = Configuration() configuration.verify_ssl = False configuration.host = self.cluster.api configuration.api_key['authorization'] = self.cluster.token configuration.api_key_prefix['authorization'] = 'Bearer' api_client = ApiClient(configuration) return api_client
def connect(params): '''return CustomObjectsApi object after parsing user options.''' config.load_kube_config() cfg = Configuration() if params.get("insecure"): cfg.verify_ssl = False api_client = client.ApiClient(configuration=cfg) return client.CustomObjectsApi(api_client=api_client)
def set_config(self): configuration = Configuration() configuration.api_key["authorization"] = self.get_access_token() configuration.api_key_prefix["authorization"] = "Bearer" configuration.host = os.environ.get("GKE_MASTER_SERVER") configuration.verify_ssl = False configuration.assert_hostname = False Configuration.set_default(configuration)
def init_k8s_client(kube_context: str) -> client.CoreV1Api: env = os.environ if kube_context: # config.load_kube_config() config.load_kube_config(kube_context) configuration = Configuration() configuration.verify_ssl = bool( strtobool((env.get("KUBERNETES_VERIFY_SSL", "false")))) api_client = client.ApiClient(configuration) return client.CoreV1Api(api_client) elif env.get("CHAOSTOOLKIT_IN_POD") == "true": config.load_incluster_config() proxy_url = os.getenv('HTTP_PROXY', None) if proxy_url: configuration = Configuration() configuration.proxy = proxy_url api_client = client.ApiClient(configuration) return client.CoreV1Api(api_client) else: api = client.ApiClient() return client.CoreV1Api(api) else: configuration = client.Configuration() configuration.debug = True configuration.host = os.environ.get("KUBERNETES_HOST", "http://localhost") configuration.verify_ssl = bool( strtobool((env.get("KUBERNETES_VERIFY_SSL", "false")))) configuration.cert_file = os.environ.get("KUBERNETES_CA_CERT_FILE") if "KUBERNETES_CERT_FILE" in env: configuration.cert_file = os.environ.get( "KUBERNETES_CERT_FILE") configuration.key_file = os.environ.get("KUBERNETES_KEY_FILE") elif "KUBERNETES_USERNAME" in env: configuration.username = os.environ.get("KUBERNETES_USERNAME") configuration.password = os.environ.get( "KUBERNETES_PASSWORD", "") proxy_url = os.getenv('HTTP_PROXY', None) if proxy_url: configuration.proxy = proxy_url api = client.ApiClient(configuration) return client.CoreV1Api(api)
def get_rest_client(self): configuration = Configuration() configuration.verify_ssl = False configuration.host = self.cluster.api configuration.api_key['authorization'] = self.cluster.token configuration.api_key_prefix['authorization'] = 'Bearer' rest_client = RESTClientObject(configuration) return rest_client
def _load_kube_config(self): if not is_k8s_configured(): raise exception.KubeNotConfigured() config.load_kube_config(KUBERNETES_ADMIN_CONF) # Workaround: Turn off SSL/TLS verification c = Configuration() c.verify_ssl = False Configuration.set_default(c)
def __create_core_client(self, config_file, verify_ssl, context): configuration = Configuration() configuration.verify_ssl = verify_ssl Configuration.set_default(configuration) kube_config.load_kube_config(config_file=config_file) if context: return core_client.CoreV1Api( api_client=config.new_client_from_config(context=context)) return core_client.CoreV1Api()
def _get_kubernetesclient(self): if not self._kube_client: config.load_kube_config('/etc/kubernetes/admin.conf') # Workaround: Turn off SSL/TLS verification c = Configuration() c.verify_ssl = False Configuration.set_default(c) self._kube_client = client.CoreV1Api() return self._kube_client
def __init__(self, ctx=None, cfg=None): cfg = cfg or os.environ.get("KUBECONFIG") if cfg: k8s_client = config.new_client_from_config(cfg) else: config.load_incluster_config() # makes a singleton config behind the scenes k8cfg = Configuration() # gets a copy from what was populated in the line above # NOTE this is required due to https://github.com/openshift/origin/issues/22125 k8cfg.verify_ssl = False k8s_client = ApiClient(configuration=k8cfg) # this should use the singleton produced above self.k8s = DynamicClient(k8s_client) # stole this from config.new_client_from_config
def get_config(cluster): ''' :param cluster: k8s集群的配置对象 :return: 返回一个config对象 ''' configuration = Configuration() configuration.verify_ssl = False configuration.host = cluster.api configuration.api_key['authorization'] = cluster.token configuration.api_key_prefix['authorization'] = 'Bearer' return configuration
def _load_kube_config(self): config.load_kube_config(KUBELET_CONF) # WORKAROUND: Turn off SSL/TLS verification if SSL_TLS_SUPPRESS: # Suppress the "InsecureRequestWarning: Unverified HTTPS request" # seen with each kubelet client API call. urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) c = Configuration() c.verify_ssl = False Configuration.set_default(c)
def __init__(self, websocket, **kwargs): self.websocket = websocket self.cols = int(kwargs.get('cols', 80)) self.rows = int(kwargs.get('rows', 24)) self.need_auth = bool(kwargs.get('need_auth', True)) self.auth_ok = not self.need_auth conf = Configuration() conf.host = KUBERNETES_API_SERVER_URL conf.verify_ssl = False conf.api_key = {"authorization": "Bearer " + KUBERNETES_CLUSTER_TOKEN} self.api_client = core_v1_api.CoreV1Api(ApiClient(conf)) self.api_response = None
def main(): logger = create_logger(PurePath(__file__).stem) config.load_incluster_config() configuration = Configuration() configuration.verify_ssl = False configuration.assert_hostname = False urllib3.disable_warnings() Configuration.set_default(configuration) api = core_v1_api.CoreV1Api() label_selector = getenv('LABEL_SELECTOR', 'role=greyhole') namespace = getenv('NAMESPACE', 'storage') command_switch = getenv('COMMAND_SWITCH', '') k8s_response = api.list_namespaced_pod(namespace=namespace, label_selector=label_selector) logger.info(f'ENV Commands {label_selector} {namespace} {command_switch}') logger.debug(f'{k8s_response}') for pod in k8s_response.items: name = pod.metadata.name k8s_response = api.read_namespaced_pod(name=name, namespace=namespace) exec_command = ['/bin/sh', '-c'] if command_switch.lower() == 'monthly': exec_command.append('greyhole --fsck --checksums') elif command_switch.lower() == 'weekly': exec_command.append( 'greyhole --fsck --dont-walk-metadata-store --disk-usage-report' ) elif command_switch.lower() == 'daily': exec_command.append( 'greyhole --fsck --if-conf-changed --dont-walk-metadata-store') else: exec_command.append('greyhole --process-spool --keepalive') k8s_response = stream(api.connect_get_namespaced_pod_exec, name, namespace, command=exec_command, stderr=True, stdin=False, stdout=True, tty=False) logger.info(f'Cleanup {name}: {k8s_response}') logger.info(f'Successfully executed cron job')
def setup_collector(): kube_config = Configuration() kube_config.host = "https://localhost:3000" kube_config.verify_ssl = False dyn_client = DynamicClient(ApiClient(configuration=kube_config)) username = "******" token = "gittoken" git_api = "localhost:3000" namespaces = ( "basic-nginx-build,basic-nginx-dev,basic-nginx-stage,basic-nginx-prod". split(",")) apps = None tls_verify = False return GitHubCommitCollector(dyn_client, username, token, namespaces, apps, git_api, tls_verify)
def start_watch(self, on_success, on_error): config.load_kube_config(KUBE_CONFIG_PATH) c = Configuration() c.verify_ssl = True Configuration.set_default(c) ccApi = client.CoreV1Api() w = watch.Watch() LOG.info('Monitor secrets in %s' % self.namespace) for item in w.stream(ccApi.list_namespaced_secret, namespace=self.namespace): event_data = CertUpdateEventData(item) for listener in self.listeners: update_event = CertUpdateEvent(listener, event_data) try: if listener.notify_changed(event_data): on_success(update_event.get_id()) except Exception as e: LOG.error('Monitoring action %s failed. %s' % (event_data, e)) if not isinstance(e, URLError): LOG.exception(e) on_error(update_event)
def __init__(self, alg): """ Intializes the connection. If algorithm object includes a remote cluster, use that. Otherwise, use this cluster. """ if alg.cluster: host = alg.cluster.host port = alg.cluster.port token = alg.cluster.token fd, cert = tempfile.mkstemp(text=True) with open(fd, 'w') as f: f.write(alg.cluster.cert) conf = Configuration() conf.api_key['authorization'] = token conf.host = f'{PROTO}{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) self.corev1 = CoreV1Api(api_client) self.custom = CustomObjectsApi(api_client) else: load_incluster_config() self.corev1 = CoreV1Api() self.custom = CustomObjectsApi() # Read in the manifest. if alg.manifest: self.manifest = yaml.safe_load(alg.manifest.open(mode='r')) if 'volumeClaimTemplates' in self.manifest['spec']: for claim in self.manifest['spec']['volumeClaimTemplates']: storage_class_name = claim['spec'].get( 'storageClassName', None) if storage_class_name is None: claim['storageClassName'] = os.getenv( 'WORKFLOW_STORAGE_CLASS') logger.warning( f"Implicitly sc to pvc of Algo:{alg.pk}") # Save off the algorithm. self.alg = alg
def load_kubernetes_config(): """ dynamic load config file :return: """ # use kube config default location while there are no ENVIRONMENTS about kubernetes config try: if KUBE_HOST is not None: from kubernetes.client import Configuration configuration = Configuration() configuration.host = KUBE_HOST configuration.verify_ssl = False Configuration.set_default(configuration) return config.load_kube_config() if KUBE_CONFIG_FILE is not None: config.load_kube_config(KUBE_CONFIG_FILE) except FileNotFoundError as e: raise Exception(str(e), 500)
def get_kubernetes_api_client(): conf = Configuration() conf.host = KUBERNETES_API_SERVER_URL conf.verify_ssl = False conf.api_key = {"authorization": "Bearer " + KUBERNETES_CLUSTER_TOKEN} return ApiClient(conf)
def _disable_verify_ssl() -> None: configuration = Configuration() configuration.verify_ssl = False Configuration.set_default(configuration)