def __init__(self): """ To configure the openshift cluster with the application Uses Openshift Client to authenticate with Openshift API """ if "OPENSHIFT_BUILD_NAME" in os.environ: service_account_path = os.environ.get('service_account_path') with open(os.path.join(service_account_path, 'namespace')) as fp: self.namespace = fp.read().strip() config.load_incluster_config() configuration = client.Configuration() configuration.verify_ssl = False self.oapi_client = DynamicClient( client.ApiClient(configuration=configuration)) # to run in our local environment as well. else: config.load_kube_config() configuration = client.Configuration() configuration.verify_ssl = False self.namespace = 'default' self.oapi_client = DynamicClient( client.ApiClient(configuration=configuration))
def get_api_client(self, **auth_params): auth_args = AUTH_ARG_SPEC.keys() auth_params = auth_params or getattr(self, 'params', {}) auth = copy.deepcopy(auth_params) configuration = kubernetes.client.Configuration() for key, value in iteritems(auth_params): if key in auth_args and value is not None: if key == 'api_key': setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) else: setattr(configuration, key, value) elif key in auth_args and value is None: env_value = os.getenv('K8S_AUTH_{0}'.format(key.upper()), None) if env_value is not None: if key == 'api_key': setattr( configuration, key, {'authorization': "Bearer {0}".format(env_value)}) else: setattr(configuration, key, env_value) auth[key] = env_value kubernetes.client.Configuration.set_default(configuration) if auth.get('username') and auth.get('password') and auth.get('host'): auth_method = 'params' elif auth.get('api_key') and auth.get('host'): auth_method = 'params' elif auth.get('kubeconfig') or auth.get('context'): auth_method = 'file' else: auth_method = 'default' # First try to do incluster config, then kubeconfig if auth_method == 'default': try: kubernetes.config.load_incluster_config() return DynamicClient(kubernetes.client.ApiClient()) except kubernetes.config.ConfigException: return DynamicClient( self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) if auth_method == 'file': return DynamicClient( self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) if auth_method == 'params': return DynamicClient(kubernetes.client.ApiClient(configuration))
def __init__( self, namespace=None, verify_ssl=True, service_account_path='/var/run/secrets/kubernetes.io/serviceaccount' ): self.api_client = None self.namespace = namespace #TODO why do I need to pass namespace? self.oapi_client = None if not self.namespace: with open(os.path.join(service_account_path, 'namespace')) as fp: self.namespace = fp.read().strip() try: kubernetes.config.load_incluster_config() except Exception as e: kubernetes.config.load_kube_config() self.api_client = kubernetes.client.CoreV1Api() configuration = kubernetes.client.Configuration() configuration.verify_ssl = verify_ssl self.oapi_client = DynamicClient( kubernetes.client.ApiClient(configuration=configuration))
def login(self, cluster=None): """Log into the given OpenShift cluster. Logs into the given OpenShift cluster; similar to `oc login`. :param cluster: Name of the cluster to log into (e.g., 'dev' or 'training') :type cluster: str :return: 0 for success, 1 for failure """ if cluster: self.target_cluster = cluster k8s_cfg = client.Configuration() k8s_cfg.host = self.clusters[self.target_cluster]['url'] k8s_cfg.api_key = { "authorization": f"Bearer {self.clusters[self.target_cluster]['token']}" } k8s_cfg.verify_ssl = False self.k8s = client.ApiClient(k8s_cfg) self.corev1api = client.CoreV1Api(self.k8s) self.dyn_client = DynamicClient(self.k8s) return 0
def build_chamberlain_client(self): """ Build configmaps for chamberlain client. """ self.define_all_client_objects() kube_client = k_config.new_client_from_config() os_client = DynamicClient(kube_client) if self.with_dv: try: config_map = os_client.resources.get(api_version='v1', kind="ConfigMap") api_response = config_map.create( namespace=self.config['namespace'], body=self.dv_config_map_body) print("Created Dataverse ConfigMap: \n{} \n".format( api_response)) except DynamicApiError as e: print("Error creating Dataverse ConfigMap: \n{} \n".format(e)) if self.with_swift: try: config_map = os_client.resources.get(api_version='v1', kind="ConfigMap") api_response = config_map.create( namespace=self.config['namespace'], body=self.swift_config_map_body) print("Created Swift ConfigMap: \n{} \n".format(api_response)) except DynamicApiError as e: print("Error creating Swift ConfigMap: \n{} \n".format(e))
def validate(): review = AdmissionReviewRequest.from_json(request.json['request']) client = DynamicClient(kubernetes.config.new_client_from_config()) v1_configmaps = client.resources.get(api_version='v1', kind='ConfigMap') v1_configmaps.get(namespace=review.namespace) review.allowed = True return review.response_json()
def main(): conn = None device_opt = [ "port", "namespace", "kubeconfig", "separator", "no_password" ] define_new_opts() options = check_input(device_opt, process_input(device_opt)) docs = {} docs["shortdesc"] = "Fence agent for KubeVirt" docs["longdesc"] = "fence_kubevirt is an I/O Fencing agent for KubeVirt." docs["vendorurl"] = "https://kubevirt.io/" show_docs(options, docs) run_delay(options) validate_options(['--namespace'], options) try: from kubernetes import config from openshift.dynamic import DynamicClient kubeconfig = options.get('--kubeconfig') k8s_client = config.new_client_from_config(config_file=kubeconfig) conn = DynamicClient(k8s_client) except ImportError: logging.error( "Couldn\'t import kubernetes.config or " "openshift.dynamic.DynamicClient - not found or not accessible") # Operate the fencing device result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) sys.exit(result)
def create_connection(url): """ :Method to create connection with client :param url:URL of each region :return:dyn_client """ try: if url is not None: path = cae_lib.get_kube_config_path(url) print("INFO: Kube Config's Path", path) # looping for retrying connection attempts in case of server busy or hit 429 error due to too many requests for i in range(0, 10): try: k8s_client = config.new_client_from_config(path) dyn_client = DynamicClient(k8s_client) except Exception as e: exception_str = str(e) if '429' in exception_str: print( "LOG: RETRYING upon receiving \"HTTP error 429 (Too Many Requests)\"", str(exception_str)) time.sleep(5) continue break except Exception as e: print("ERROR: Fail to create connection handle: %s" % str(e)) return None return dyn_client
def initialize(): logger.info('Procediendo a inicializar los objetos API') if "OPENSHIFT_BUILD_NAME" in os.environ: #si el script se esta ejecutando en un pod... cargar el contexto desde dento del pod config.load_incluster_config() global ROOT_BACKUP_FOLDER ROOT_BACKUP_FOLDER="/opt/app-root/backup" else: config.load_kube_config() #sino... cargar el contexto desde ~/.kube/config logger.info('Configuracion contexto (.kube/config) cargada') k8s_config = client.Configuration() k8s_client = client.api_client.ApiClient(configuration=k8s_config) dyn_client = DynamicClient(k8s_client) #crear objeto cliente API openshift desde configuracion kubernetes global v1_pvc global v1_is global v1_pod global v1_projects global projects_list global v1_pv try: v1_pvc = dyn_client.resources.get(api_version='v1',kind='PersistentVolumeClaim') v1_pv = dyn_client.resources.get(api_version='v1',kind='PersistentVolume') v1_is = dyn_client.resources.get(api_version='v1',kind='ImageStream') v1_pod = dyn_client.resources.get(api_version='v1',kind='Pod') v1_projects = dyn_client.resources.get(api_version='project.openshift.io/v1', kind='Project') projects_list = list(map(lambda project: project['metadata']['name'],v1_projects.get()['items'])) logger.info('Objetos api Openshift instanciados') except (OpenShiftExceptions.UnauthorizedError, OpenShiftExceptions.ForbiddenError) as e: logger.critical('Unathorized, es requerido oc login, o el server no esta corriendo...') sys.exit(-1)
def syncToVault(self): k8s_client = ApiClient().apiclient() dyn_client = DynamicClient(k8s_client) v1_resources = dyn_client.resources.get(api_version='v1', kind='Secret') try: resource_list = v1_resources.get(namespace=self.namespace) logging.info('Retrieved list of secrets from project ' + self.namespace) except Exception as e: logging.error('Error encountered ' + str(e)) sys.exit(1) secdict = [] for resource in resource_list.items: secdict.append(resource.metadata.name) logging.info('Secret list is ' + str(secdict)) for secret in secdict: try: fullyaml = v1_resources.get(name=secret, namespace=self.namespace) yamlresponse = yaml.safe_load(str(fullyaml)) yamldata = yamlresponse['ResourceInstance[Secret]']['data'] for key, value in yamldata.iteritems(): try: Actions(secret_path=self.namespace + '/' + secret, mount_point='secret', secret={ key: value }).toVault() logging.info('Secret ' + secret + ' key ' + key + ' added to hashicorp vault') except Exception as e: logging.error('Error pushing secret key ' + key + ' from secret ' + secret + ' to hashicorp vault. See ERROR: ' + str(e)) except Exception as e: logging.error('Encountered error while getting Secret ' + secret + ' Error: ' + str(e)) logging.info('All secrets in namespace ' + self.namespace + ' pushed to Vault')
def __init__(self, app, host, token=None, interactive=False, config_file=None, yamlfile=None): self.app = app self.yamlfile = yamlfile if os.path.isfile(os.getcwd() + "/.openshift_token"): with open(os.getcwd() + "/.openshift_token", 'r') as fh: self.token = str(fh.readline()).rstrip() fh.close else: self.token = token self.config_file = config_file self.interactive = interactive self.host = host self.openshift_conf = client.Configuration() self.openshift_conf.host = host self.openshift_conf.verify_ssl = False self.openshift_conf.api_key = {"authorization": "Bearer " + self.token} self.openshift_apiclient = client.ApiClient(self.openshift_conf) self.dyn_client = DynamicClient(self.openshift_apiclient) self.v1_secret = self.dyn_client.resources.get(api_version='v1', kind='Secret') if self.interactive: self.token = input('token:') self.host = input('host:') self.app = input('app name(label in oc): ')
def _get_client(self, server, token): opts = dict( api_key={'authorization': f'Bearer {token}'}, host=server, verify_ssl=False, # default timeout seems to be 1+ minutes retries=5) if self.jump_host: # the ports could be parameterized, but at this point # we only have need of 1 tunnel for 1 service self.jump_host.create_ssh_tunnel() local_port = self.jump_host.local_port opts['proxy'] = f'http://localhost:{local_port}' configuration = Configuration() # the kubernetes client configuration takes a limited set # of parameters during initialization, but there are a lot # more options that can be set to tweak the behavior of the # client via instance variables. We define a set of options # above in the format of var_name:value then set them here # in the configuration object with setattr. for k, v in opts.items(): setattr(configuration, k, v) k8s_client = ApiClient(configuration) try: return DynamicClient(k8s_client) except urllib3.exceptions.MaxRetryError as e: raise StatusCodeError(f"[{self.server}]: {e}")
def __init__(self, pod_name, env_pod, command, image_namespace=None, image_tag=None, env=None, env_container_id=0): self.pod_name = pod_name if pod_name else "digdag-mds-job" self.env_pod = env_pod if env_pod else "digdag-mds-job" self.command = command if command else ["flask", "test-cli-command"] self.env_container_id = env_container_id # If env, creating container from scratch, pull from tools build suffix if (env): self.env = env self.image = f"docker-registry.default.svc:5000/{image_namespace}/{self.env_pod}:build{self.suffix}" # Else creating based on existing image and pod, requires tag else: self.env = None self.image = f"docker-registry.default.svc:5000/{self.namespace}/{self.env_pod}:{self.image_tag}" self.job_pod_name = self.pod_name + self.suffix self.env_pod_name = self.env_pod + self.suffix self.job_pod_label = f"name={self.job_pod_name}" self.env_pod_label = f"name={self.env_pod_name}" k8s_client = config.new_client_from_config(self.kube_config) dyn_client = DynamicClient(k8s_client) self.v1_pod = dyn_client.resources.get(api_version="v1", kind="Pod")
def main(): common.connect() disable_build = os.environ.get('RD_CONFIG_DISABLEBUILD') if disable_build != "false": sys.exit(0) data = { "yaml": os.environ.get('RD_CONFIG_YAML'), "namespace": os.environ.get('RD_CONFIG_NAMESPACE'), "name": os.environ.get('RD_CONFIG_NAME') } with client.ApiClient() as k8s_client: openshift_client = DynamicClient(k8s_client) try: dep = yaml.safe_load(data["yaml"]) v1_bc = openshift_client.resources.get( api_version='build.openshift.io/v1', kind='BuildConfig') resp = v1_bc.apply(body=dep, namespace=data["namespace"]) print(common.parseJson(resp.metadata)) except ApiException as e: if e.status == 409: log.warning("Build config already exists.") # _trigger_build(data["namespace"], data["name"]) else: log.error("Exception error creating: %s\n" % e) sys.exit(1)
def resources(table_format, format, output): if table_format == 'help': print('\n'.join(tabulate_formats)) return k8s_client = kubernetes.config.new_client_from_config() oc = DynamicClient(k8s_client) apis = oc.request('GET', '/apis') core_resources = oc.request('GET', '/api/v1') resources = [] for resource in core_resources['resources']: data = { k: v for k, v in resource.items() if k in ['kind', 'name', 'namespaced'] } data['apiVersion'] = 'v1' data['apiGroup'] = 'core' resources.append(data) for group in apis['groups']: name = group['name'] for version in group['versions']: ver = version['version'] apiresources = oc.request('GET', f'/apis/{name}/{ver}') for resource in apiresources['resources']: data = { k: v for k, v in resource.items() if k in ['kind', 'name', 'namespaced'] } data['apiVersion'] = ver data['apiGroup'] = name resources.append(data) with output: if format == 'json': output.write(json.dumps(resources, indent=2)) elif format == 'table': output.write(tabulate(resources, tablefmt=table_format)) elif format == 'csv': writer = csv.DictWriter(output, resources[0].keys()) for resource in resources: writer.writerow(resource)
def __init__(self, name, *args, **kwargs): super().__init__(name, *args, **kwargs) self.logger.info('creating api client') k8api = client.ApiClient() dynclient = DynamicClient(k8api) self.api = OpenShiftAPI(dynclient) self.logger.info('finished starting up')
def getResourceYaml(self): logger.setLevel() k8s_client = ApiClient().apiclient() # type: ApiClient dyn_client = DynamicClient(k8s_client) v1_resources = dyn_client.resources.get(api_version='v1', kind=self.resource_type) resource = v1_resources.get(namespace=self.namespace, name=self.name) return resource
def getResourceName(self): logger.setLevel() k8s_client = ApiClient().apiclient() # type: ApiClient dyn_client = DynamicClient(k8s_client) v1_resources = dyn_client.resources.get(api_version='v1', kind=self.resource_type) resource = v1_resources.get(namespace=self.namespace, name=self.name) logging.info('Resource name is ' + resource.metadata.name) return resource.metadata.name
def get_ocp_secrets(namespace, in_cluster): if in_cluster: config.load_incluster_config() k8s_client = client.ApiClient() else: k8s_client = config.new_client_from_config() _client = DynamicClient(k8s_client) v1_secrets = _client.resources.get(api_version='v1', kind='Secret') return v1_secrets.get(namespace=namespace).items
def check_installed(namespace): from kubernetes import client, config from openshift.dynamic import DynamicClient k8s_client = config.new_client_from_config() dyn_client = DynamicClient(k8s_client) csv = dyn_client.resources.get(api_version='operators.coreos.com/v1alpha1', kind='ClusterServiceVersion') csv_list = csv.get(namespace=namespace) for x in csv_list.items: print(x.metadata.name)
def dyn_client(self): """ Return dyn_client instance for specific openshift cluster based on kube_config_file attribute :return: Instance of DynamicClient """ # Lock the thread in case of multi-threading with OcpBase._lock: if OcpBase._dyn_clients.get(self.kube_config_file) is None: OcpBase._dyn_clients[self.kube_config_file] = DynamicClient(self.k8s_client) return OcpBase._dyn_clients.get(self.kube_config_file)
def __init__(self, config_file='/etc/kubernetes/admin.conf', logger=None): super(Client, self).__init__(config_file, logger) #Creating Dynamic API client k8s_client = config.new_client_from_config(config_file) dyn_client = DynamicClient(k8s_client) self.pod_h = dyn_client.resources.get(api_version='v1', kind='Pod') self.namespace_h = dyn_client.resources.get(api_version='v1', kind='Namespace') self.network_policy_h = dyn_client.resources.get(api_version='v1', kind='NetworkPolicy') self.deployment_h = dyn_client.resources.get(api_version='v1', kind='Deployment') self.service_h = dyn_client.resources.get(api_version='v1', kind='Service')
def get_api_client(self, **auth_params): auth_params = auth_params or getattr(self, 'params', {}) auth = {} # If authorization variables aren't defined, look for them in environment variables for true_name, arg_name in AUTH_ARG_MAP.items(): if auth_params.get(arg_name) is None: env_value = os.getenv('K8S_AUTH_{0}'.format(arg_name.upper()), None) or os.getenv('K8S_AUTH_{0}'.format(true_name.upper()), None) if env_value is not None: if AUTH_ARG_SPEC[arg_name].get('type') == 'bool': env_value = env_value.lower() not in ['0', 'false', 'no'] auth[true_name] = env_value else: auth[true_name] = auth_params[arg_name] def auth_set(*names): return all([auth.get(name) for name in names]) if auth_set('username', 'password', 'host') or auth_set('api_key', 'host'): # We have enough in the parameters to authenticate, no need to load incluster or kubeconfig pass elif auth_set('kubeconfig') or auth_set('context'): try: kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'), persist_config=auth.get('persist_config')) except Exception as err: self.fail(msg='Failed to load kubeconfig due to %s' % to_native(err)) else: # First try to do incluster config, then kubeconfig try: kubernetes.config.load_incluster_config() except kubernetes.config.ConfigException: try: kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'), persist_config=auth.get('persist_config')) except Exception as err: self.fail(msg='Failed to load kubeconfig due to %s' % to_native(err)) # Override any values in the default configuration with Ansible parameters # As of kubernetes-client v12.0.0, get_default_copy() is required here try: configuration = kubernetes.client.Configuration().get_default_copy() except AttributeError: configuration = kubernetes.client.Configuration() for key, value in iteritems(auth): if key in AUTH_ARG_MAP.keys() and value is not None: if key == 'api_key': setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) else: setattr(configuration, key, value) kubernetes.client.Configuration.set_default(configuration) try: return DynamicClient(kubernetes.client.ApiClient(configuration)) except Exception as err: self.fail(msg='Failed to get client due to %s' % to_native(err))
def generate_ld_metrics_list(projects): urllib3.disable_warnings() if "OPENSHIFT_BUILD_NAME" in os.environ: config.load_incluster_config() file_namespace = open( "/run/secrets/kubernetes.io/serviceaccount/namespace", "r" ) if file_namespace.mode == "r": namespace = file_namespace.read() print("namespace: %s\n" %(namespace)) else: config.load_kube_config() k8s_config = client.Configuration() k8s_client = client.api_client.ApiClient(configuration=k8s_config) dyn_client = DynamicClient(k8s_client) metrics = [] if projects == None: v1_projects = dyn_client.resources.get(api_version='project.openshift.io/v1', kind='Project') projects = [ project.metadata.name for project in v1_projects.get().items ] for project in projects: v1_builds = dyn_client.resources.get(api_version='build.openshift.io/v1', kind='Build') builds = v1_builds.get(namespace=project) v1_replicationControllers = dyn_client.resources.get(api_version='v1', kind='ReplicationController') replicationControllers = v1_replicationControllers.get(namespace=project) for build in builds.items: if build['spec']['source']['type'] == 'Git': if build['status']['phase'] =='Complete': app_name = build.metadata.labels.app metric = mdt_metric(app_name) metric.build_name=build.metadata.name metric.build_config_name = build.metadata.labels.buildconfig metric.namespace = build.metadata.namespace labels = build.metadata.labels metric.labels = json.loads(str(labels).replace("\'", "\"")) metric.repo_url = build.spec.source.git.uri metric.commit_hash = build.spec.revision.git.commit metric.commiter = build.spec.revision.git.author.name metric.image_location = build.status.outputDockerImageReference metric.image_hash = build.status.output.to.imageDigest rcs = [rc for rc in replicationControllers.items if match_image_id(rc, metric.image_hash) ] metric.replication_controller_name=rcs[0].metadata.name metric.deployment_time = rcs[0].metadata.annotations['openshift.io/deployer-pod.completed-at'] metric.deployment_config_name = rcs[0].metadata.annotations['openshift.io/deployment-config.name'] metric.deployment_timestamp = convert_date_time_offset_to_timestamp(metric.deployment_time) metric.getCommitTime() metric.calculate_lead_time() metrics.append(metric) return metrics
def getResourceNames(self): logger.setLevel() k8s_client = ApiClient().apiclient() # type: ApiClient dyn_client = DynamicClient(k8s_client) v1_resources = dyn_client.resources.get(api_version='v1', kind=self.resource_type) resource_list = v1_resources.get(namespace=self.namespace) resdict = [] # type: List[Any] for resource in resource_list.items: resdict.append(resource.metadata.name) return resdict
def getPodNamesFromSelectors(self): logger.setLevel() k8s_client = ApiClient().apiclient() # type: ApiClient dyn_client = DynamicClient(k8s_client) v1_resources = dyn_client.resources.get(api_version='v1', kind='Pod') resource_list = v1_resources.get(namespace=self.namespace, label_selector='app=' + self.name) listitem = [] # type: List[Any] for resource in resource_list.items: listitem.append(resource.metadata.name) return listitem
def __init__(self, ctx=None, cfg=None): cfg = cfg or os.environ.get("KUBECONFIG") if cfg: k8s_client = config.new_client_from_config(cfg) else: config.load_incluster_config() # makes a singleton config behind the scenes k8cfg = Configuration() # gets a copy from what was populated in the line above # NOTE this is required due to https://github.com/openshift/origin/issues/22125 k8cfg.verify_ssl = False k8s_client = ApiClient(configuration=k8cfg) # this should use the singleton produced above self.k8s = DynamicClient(k8s_client) # stole this from config.new_client_from_config
def deleteResource(self): k8s_client = ApiClient.apiclient() dyn_client = DynamicClient(k8s_client) logging.info('Requested to delete resource ' + self.name + ' via API version v1') try: v1_resources = dyn_client.resources.get(api_version='v1', kind=self.resource_type) v1_resources.delete(namespace=self.namespace, name=self.name) logging.info('Deleted resource ' + self.resource_type + ' ' + self.name) except Exception as ex: logging.error(str(ex)) sys.exc_clear()
def deleteResourceType(self): k8s_client = ApiClient.apiclient() dyn_client = DynamicClient(k8s_client) v1_resources = dyn_client.resources.get(api_version='v1', kind=self.resource_type) logging.info('Requested to delete resources of type ' + self.resource_type) try: v1_resources.delete(namespace=self.namespace, field_selector='metadata.namespace=' + self.namespace) logging.info('Deleted all resources of type ' + self.resource_type) except Exception as ex: logging.error(str(ex)) sys.exc_clear()
def __init__(self, context: str = 'current', use_internal: bool = False): if use_internal: config.load_incluster_config() k8s_client = client.ApiClient() else: k8s_client = config.new_client_from_config( context=None if context == 'current' else context, config_file=environ.get('KUBE_CONFIG_FILE'), persist_config=False) self.context = context self.client = DynamicClient(k8s_client) self.log = getLogger(__name__)