def _get_config(self) -> Configuration: """Get the Kubernetes cluster config.""" if not self.cluster_ip and not self.cluster_cert: cluster_manager_client = ClusterManagerClient() cluster = cluster_manager_client.get_cluster( name=f"projects/{self.project_id}/locations/{self.zone}/clusters/{self.cluster_id}" ) self.cluster_ip = cluster.endpoint self.cluster_cert = str(cluster.master_auth.cluster_ca_certificate) elif not (self.cluster_ip and self.cluster_cert): raise Exception( "Cluster IP and cluster certificate required when cluster configuration " "is provided explicitly." ) creds, projects = google.auth.default( scopes=["https://www.googleapis.com/auth/cloud-platform"] ) auth_req = google.auth.transport.requests.Request() creds.refresh(auth_req) # refresh token with NamedTemporaryFile(delete=False) as ca_cert: ca_cert.write(base64.b64decode(self.cluster_cert)) return Configuration( host=f"https://{self.cluster_ip}", ssl_ca_cert=ca_cert.name, authorization_key_prefix="Bearer", authorization_key=creds.token, # valid for one hour )
def configmap_fetcher(request): """Gets configuration from a config-map in a GKE cluster.""" cluster_region = os.environ.get("GKE_CLUSTER_REGION", "europe-west1") cluster_name = os.environ.get("GKE_CLUSTER_NAME", "config-cluster") namespace = os.environ.get("KUBERNETES_NAMESPACE", "default") # GCP_PROJECT env is set automatically by Cloud Function runtime. project_id = os.environ.get("GCP_PROJECT") credentials, _ = google.auth.default() cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster_resource_name = ( f"projects/{project_id}/locations/{cluster_region}/clusters/{cluster_name}" ) cluster = cluster_manager_client.get_cluster("", "", "", name=cluster_resource_name) configuration = client.Configuration() configuration.host = f"https://{cluster.endpoint}:443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) v1 = client.CoreV1Api() configmaps = v1.list_namespaced_config_map(namespace, watch=False) return jsonify(configmaps.to_dict())
def test_gke(data, context): project_id = "[PROJECT-ID]" zone = "[ZONE]" cluster_id = "[CLUSTER-NAME]" credentials = compute_engine.Credentials() cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id) configuration = client.Configuration() configuration.host = f"https://{cluster.endpoint}:443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) v1 = client.AppsV1Api() #Try to list all the deployments. try: deployments = v1.list_deployment_for_all_namespaces() except ApiException as e: print("Exception when calling AppsV1Api->list_deployment_for_all_namespaces: %s\n" % e) #Loop through the deployments to find the specfic hello-server deployment and update accordingly. for deployment in deployments.items: if 'hello' in deployment.metadata.name: print("%s\t%s" % (deployment.metadata.namespace, deployment.metadata.name)) update_deployment(v1,deployment) return("Ok")
def gcloud_operations_cancel_command(client: ClusterManagerClient, project: str, zone: str, operation: str) -> COMMAND_OUTPUT: """ Cancel operation by operation name. Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". operation: Operation name. Returns: str: Human readable. dict: Operation entry context - will be empty. dict: Operation raw response - will be empty. """ # Query operation status client.cancel_operation(project_id=project, zone=zone, operation_id=operation, timeout=API_TIMEOUT) # Human readable human_readable: str = f'Project {project} - Zone {zone} - Operation {operation} canceled' return human_readable, {}, {}
def main(): # config.load_kube_config() project_id = "conductive-fold-275020" zone = "us-central1-c" cluster_id = "launch-cluster" # config.load_kube_config() SCOPES = ['https://www.googleapis.com/auth/cloud-platform'] path = os.getenv('GOOGLE_APPLICATION_CREDENTIALS') credentials = service_account.Credentials.from_service_account_file( path, scopes=SCOPES) cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id) configuration = client.Configuration() configuration.host = "https://" + cluster.endpoint + ":443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) v1 = client.AppsV1Api() # if sys.argv[1]: # name = sys.argv[1] # else: name = 'cir-anders-openmp' resp = v1.delete_namespaced_deployment(name=name, namespace="default") print("Deployment {} deleted.".format(name))
def test_module_command(client: ClusterManagerClient, project: str, zone: str): """ Test Google Kubernetes Engine client connection using gcloud-clusters-list command: 1. project. 2. zone. Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". Returns: str: Human readable. dict: Cluster entry context. dict: Cluster raw response. """ # Query and gPRC unpack - will raise exception if not succeed try: client.list_clusters(project_id=project, zone=zone, timeout=API_TIMEOUT) except Exception: raise DemistoException( 'Unsuccessfull integration test - check configuration...') return 'ok', {}, {}
def test_gke(): project_id = "wn-cloud-275704" zone = "us-central1-c" cluster_id = "wn-cloud-portal-qa" # Use a service account configured in GCP console, # authenticating with a JSON key credentials = service_account.Credentials \ .from_service_account_file('wn-cloud-275704-24c84de6f442.json') print('Authentication done------------------------------>') # Get cluster details cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id=project_id, zone=zone, cluster_id=cluster_id) print('cluster info received------------------------------>') # Save cluster certificate for SSL verification cert = base64.b64decode(cluster.master_auth.cluster_ca_certificate) cert_filename = 'cluster_ca_cert' cert_file = open(cert_filename, 'w') cert_file.write(cert) cert_file.close() # Configure hostname for SSL verification hosts = Hosts() hosts.add([ HostsEntry(entry_type='ipv4', address=cluster.endpoint, names=['kubernetes']) ]) hosts.write() # Get a token with the scopes required by GKE kubeconfig_creds = credentials.with_scopes([ 'https://www.googleapis.com/auth/cloud-platform', 'https://www.googleapis.com/auth/userinfo.email' ]) auth_req = google.auth.transport.requests.Request() kubeconfig_creds.refresh(auth_req) configuration = client.Configuration() configuration.host = "https://kubernetes" configuration.ssl_ca_cert = cert_filename kubeconfig_creds.apply(configuration.api_key) client.Configuration.set_default(configuration) v1 = client.CoreV1Api() print("Listing pods with their IPs:") pods = v1.list_pod_for_all_namespaces(watch=False) for i in pods.items: print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
def start_k8s_client(service_account_cred, scope, proj_id, zone, cluster_id): urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) credentials = service_account.Credentials.from_service_account_file( service_account_cred, scopes=scope) cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(proj_id, zone, cluster_id) configuration = client.Configuration() configuration.host = "https://" + cluster.endpoint + ":443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) return client
def cluster_exist(self) -> bool: credentials = self.get_credentials()[0] region, project_id = self.get_cluster_env() cluster_name = self.layer.get_cluster_name() gke_client = ClusterManagerClient(credentials=credentials) try: gke_client.get_cluster( name= f"projects/{project_id}/locations/{region}/clusters/{cluster_name}" ) return True except NotFound: return False
def gcloud_operations_describe_command(client: ClusterManagerClient, project: str, zone: str, operation: str) -> COMMAND_OUTPUT: """ Retrieve operation information by name. https://cloud.google.com/sdk/gcloud/reference/container/operations/describe Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". operation: Operation name. Returns: str: Human readable. dict: Operation entry context. dict: Operation raw response. """ # Query operation status raw_response_msg: Message = client.get_operation(project_id=project, zone=zone, operation_id=operation, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context operations: dict = parse_operation(raw_response_dict) entry_context = { OPERATION_CONTEXT: operations, } # Human readable human_readable: str = tableToMarkdown( t=operations, headers=OPERATION_TABLE, name=f'Project {project} - Zone {zone} - Operation {operation}') return human_readable, entry_context, raw_response_dict
def gcloud_clusters_list_command(client: ClusterManagerClient, project: str, zone: str) -> COMMAND_OUTPUT: """ Lists all clusters owned by a project in either the specified zone or all zones. Original command - https://cloud.google.com/sdk/gcloud/reference/container/clusters/list Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". Returns: str: Human readable. dict: Cluster entry context. dict: Cluster raw response. """ # Query and gPRC unpack raw_response_msg: Message = client.list_clusters(project_id=project, zone=zone, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context clusters_ec: List[dict] = [ parse_cluster(cluster) for cluster in raw_response_dict.get('clusters', []) ] entry_context = { CLUSTER_CONTEXT: clusters_ec, } # Human readable human_readable: str = tableToMarkdown( t=[parse_cluster_table(entry) for entry in clusters_ec], name=f'Clusters (Project={project}, Zone={zone})') return human_readable, entry_context, raw_response_dict
def __init__(self, args): super().__init__(args) self.codalab_username = os.environ.get('CODALAB_USERNAME') self.codalab_password = os.environ.get('CODALAB_PASSWORD') if not self.codalab_username or not self.codalab_password: raise EnvironmentError( 'Valid credentials need to be set as environment variables: CODALAB_USERNAME and CODALAB_PASSWORD' ) # Authenticate via GCP credentials: service_account.Credentials = service_account.Credentials.from_service_account_file( self.args.credentials_path, scopes=['https://www.googleapis.com/auth/cloud-platform'] ) cluster_manager_client: ClusterManagerClient = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster( name=f'projects/{self.args.project}/locations/{self.args.zone}/clusters/{self.args.cluster}' ) # Save SSL certificate to connect to the GKE cluster securely cert_path = os.path.join(self.args.cert_path, 'gke.crt') with open(cert_path, 'wb') as f: f.write(base64.b64decode(cluster.master_auth.cluster_ca_certificate)) # Configure and initialize Kubernetes client configuration: client.Configuration = client.Configuration() configuration.host = f'https://{cluster.endpoint}:443' configuration.api_key = {'authorization': f'Bearer {credentials.token}'} configuration.verify_ssl = True configuration.ssl_ca_cert = cert_path client.Configuration.set_default(configuration) self.k8_client: client.ApiClient = client.ApiClient(configuration) self.k8_api: client.CoreV1Api = client.CoreV1Api(self.k8_client)
def gcloud_node_pool_describe_command(client: ClusterManagerClient, project: str, zone: str, cluster: str, node_pool: str) -> COMMAND_OUTPUT: """ gcloud container node-pools list - list existing node pools for a cluster https://cloud.google.com/sdk/gcloud/reference/container/node-pools/describe Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1". node_pool: Node pool id, e.g. "dmst-gke-pool-1". Returns: str: Human readable. dict: Cluster entry context. dict: Cluster raw response. """ # Query and gPRC unpack raw_response_msg: Message = client.get_node_pool(project_id=project, zone=zone, cluster_id=cluster, node_pool_id=node_pool, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context node_pools_ec: dict = parse_node_pool(raw_response_dict) entry_context = {NODE_POOL_CONTEXT: node_pools_ec} # Human readable human_readable: str = tableToMarkdown( t=parse_node_pool_table(node_pools_ec), name=f'Node-pools (Project={project}, Zone={zone},' f' Cluster={cluster}, Node pool={node_pool})') return human_readable, entry_context, raw_response_dict
def __init__(self, project_id, zone, cluster_id): SCOPES = ['https://www.googleapis.com/auth/cloud-platform'] credentials = service_account.Credentials.from_service_account_file( os.getenv('GOOGLE_APPLICATION_CREDENTIALS'), scopes=SCOPES) cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id) configuration = client.Configuration() configuration.host = "https://" + cluster.endpoint + ":443" configuration.verify_ssl = False configuration.api_key = { "authorization": "Bearer " + credentials.token } client.Configuration.set_default(configuration) self.api_client = client.ApiClient() self.v1 = client.CoreV1Api()
def gcloud_clusters_set_addons_command( client: ClusterManagerClient, project: str, cluster: str, zone: str, http_load_balancing: Optional[str] = None, kubernetes_dashboard: Optional[str] = None, network_policy: Optional[str] = None) -> COMMAND_OUTPUT: """ Sets the addons for a specific cluster. https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--update-addons Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1". http_load_balancing: "enable" or "disable". kubernetes_dashboard: "enable" or "disable". network_policy: "enable" or "disable". Returns: str: Human readable. dict: Operation entry context. dict: Operation raw response. """ # Perform cluster update update = {} if http_load_balancing: update['http_load_balancing'] = { "disabled": http_load_balancing != 'enable' } if kubernetes_dashboard: update['kubernetes_dashboard'] = { "disabled": kubernetes_dashboard != 'enable' } if network_policy: update['network_policy_config'] = { "disabled": network_policy != 'enable' } raw_response_msg: Message = client.set_addons_config(project_id=project, zone=zone, cluster_id=cluster, addons_config=update, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context operation: dict = parse_operation(raw_response_dict) entry_context = { OPERATION_CONTEXT: operation, } # Human readable human_readable: str = tableToMarkdown( t=operation, headers=OPERATION_TABLE, name=f'Set addons - Operation: {operation.get("Name")}') return human_readable, entry_context, raw_response_dict
def gcloud_set_node_pool_management( client: ClusterManagerClient, project: str, zone: str, cluster: str, node_pool: str, auto_repair: Optional[str] = None, auto_upgrade: Optional[str] = None) -> COMMAND_OUTPUT: """ Disbale or Enable node-pool functionallity: 1. auto-repair. 2. auto-upgrade. https://cloud.google.com/sdk/gcloud/reference/container/node-pools/update Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1". node_pool: Node pool id, e.g. "dmst-gke-pool-1". auto_repair: A flag that specifies whether the node auto-repair is enabled for the node pool. auto_upgrade: A flag that specifies whether node auto-upgrade is enabled for the node pool. Returns: str: Human readable. dict: Operation entry context. dict: Operation raw response. """ # Perform node pools update update = {} if auto_repair: update['auto_repair'] = auto_repair == 'enable' if auto_upgrade: update['auto_upgrade'] = auto_upgrade == 'enable' raw_response_msg: Message = client.set_node_pool_management( project_id=project, zone=zone, cluster_id=cluster, node_pool_id=node_pool, management=update, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context operation: dict = parse_operation(raw_response_dict) entry_context = { OPERATION_CONTEXT: operation, } # Human readable human_readable: str = tableToMarkdown( t=operation, headers=OPERATION_TABLE, name= f'Project {project} - Zone {zone} - Cluster {cluster} - {operation.get("Name")}' ) return human_readable, entry_context, raw_response_dict
def test_gke(credentials): cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id) print("CLUSTER END POINT: ", cluster.endpoint) configuration = client.Configuration() configuration.host = f"https://{cluster.endpoint}:443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) v1 = client.CoreV1Api() print("Listing pods with their IPs:") pods = v1.list_pod_for_all_namespaces(watch=False) for i in pods.items: print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
def createDeployment(credentials): cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id) print("CLUSTER END POINT: ", cluster.endpoint) configuration = client.Configuration() configuration.host = f"https://{cluster.endpoint}:443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) with open(path.join(path.dirname(__file__), "nginx-deployment.yaml")) as f: dep = yaml.safe_load(f) k8s_apps_v1 = client.AppsV1Api() resp = k8s_apps_v1.create_namespaced_deployment(body=dep, namespace="default") print("Deployment created. status='%s'" % resp.metadata.name)
def initialize_client(): project_id = "tough-canto-314909" zone = "europe-west1-b" cluster_id = "cluster-1" credentials = service_account.Credentials.from_service_account_file( "C:/Users/bogda/OneDrive/Desktop/shegoto/shigoto_q/keyfiles/gke_service_account.json" ) cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster( name=f'projects/{project_id}/locations/{zone}/clusters/{cluster_id}') configuration = client.Configuration() configuration.host = f"https://{cluster.endpoint}:443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) v1 = client.CoreV1Api()
def _set_gke_cluster(self) -> bool: """sets the gke cluster for this instance Returns: True on success, False otherwise """ if self._gke_cluster is not None: return True self._cluster_client = ClusterManagerClient( credentials=self.credentials) if self._cluster_client is None: logging.error('error getting cluster management client') return False cluster_list = utils.get_gke_clusters(self._cluster_client, self.project_id, self.zone) if cluster_list is None: return False if len(cluster_list) < 1: return False if self.name is None and len(cluster_list) > 1: logging.error('multiple clusters found, please specify:') for c in cluster_list: logging.info(c.name) return False if self.name is None: self._gke_cluster = cluster_list[0] return True cluster_dict = dict([(c.name, c) for c in cluster_list]) if self.name not in cluster_dict: logging.error('cluster {} not found'.format(self.name)) return False self._gke_cluster = cluster_dict[self.name] return True
def google_authenticate(project_id, zone, cluster_id): SCOPES = ['https://www.googleapis.com/auth/cloud-platform'] f = open('/Users/dylanblake/key.json', "r") key = f.read() try: fw = open('key.json', 'r') fw.close() except: fw = open('key.json', 'w') fw.write(key) fw.close() credentials = service_account.Credentials.from_service_account_file( "key.json", scopes=SCOPES) cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id) configuration = client.Configuration() configuration.host = "https://" + cluster.endpoint + ":443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} return configuration
def gcloud_clusters_set_master_authorized_network_command( client: ClusterManagerClient, project: str, cluster: str, zone: str, enable: Optional[str] = None, cidrs: Optional[str] = None) -> COMMAND_OUTPUT: """ Enable or Disable authorized CIDRs to master node and add cidrs. https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--master-authorized-networks Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1". enable: "true" or "false" cidrs: Comma seprated list of CIDRs 192.160.0.0/24,10.0.0.0/24, Returns: str: Human readable. dict: Operation entry context. dict: Operation raw response. """ # Perform cluster update update = { 'desired_master_authorized_networks_config': { 'enabled': enable == 'true', 'cidr_blocks': [{ 'cidr_block': cidr_block } for cidr_block in argToList(cidrs)] } } raw_response_msg: Message = client.update_cluster(project_id=project, zone=zone, cluster_id=cluster, update=update, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context operation: dict = parse_operation(raw_response_dict) entry_context = { OPERATION_CONTEXT: operation, } # Human readable human_readable: str = tableToMarkdown( t=operation, headers=OPERATION_TABLE, name= f'Set master authorized networks - Operation: {operation.get("Name")}') return human_readable, entry_context, raw_response_dict
def main(): project_id = "conductive-fold-275020" zone = "us-central1-c" cluster_id = "launch-cluster" # config.load_kube_config() SCOPES = ['https://www.googleapis.com/auth/cloud-platform'] path = os.getenv('GOOGLE_APPLICATION_CREDENTIALS') credentials = service_account.Credentials.from_service_account_file(path, scopes=SCOPES) cluster_manager_client = ClusterManagerClient(credentials=credentials) cluster = cluster_manager_client.get_cluster(project_id, zone, cluster_id) configuration = client.Configuration() configuration.host = "https://"+cluster.endpoint+":443" configuration.verify_ssl = False configuration.api_key = {"authorization": "Bearer " + credentials.token} client.Configuration.set_default(configuration) with open("cir-anders-deployment.yaml") as f: dep = yaml.safe_load(f) v1 = client.AppsV1Api() resp = v1.create_namespaced_deployment(body=dep, namespace="default") print("Deployment created. Status='%s'" % resp.metadata.name)
def get_k8_api(gcp_project, zone, cluster_id, client_version='ExtensionsV1beta1Api'): # TODO: use service account instead of creating token with ClusterManagerClient credentials = compute_engine.Credentials() cluster_manager_client = ClusterManagerClient(credentials=credentials, ) location_type = get_location_type(zone) if location_type == LOCATION_TYPES['ZONAL']: cluster = cluster_manager_client.get_cluster(project_id=gcp_project, zone=zone, cluster_id=cluster_id) elif location_type == LOCATION_TYPES['REGIONAL']: cluster = cluster_manager_client.get_cluster( project_id=gcp_project, cluster_id=cluster_id, zone='', name='projects/{gcp_project}/locations/{zone}/cluster/{cluster_id}' .format( gcp_project=gcp_project, zone=zone, cluster_id=cluster_id, )) configuration = client.Configuration() configuration.host = 'https://{endpoint}:443'.format( endpoint=cluster.endpoint, ) configuration.verify_ssl = False configuration.api_key = { 'authorization': 'Bearer {token}'.format(token=credentials.token, ) } # configuration.ssl_ca_cert = "/path/to/ca_chain.crt" client.Configuration.set_default(configuration) if client_version == 'CoreV1Api': return client.CoreV1Api() if client_version == 'AppsV1beta1': return client.AppsV1beta1() if client_version == 'ExtensionsV1beta1Api': return client.ExtensionsV1beta1Api()
def get_gke_clusters(client: ClusterManagerClient, project_id: str, zone: str = '-') -> Optional[List[GKECluster]]: """gets list of gcp clusters for given project, zone Args: client: cluster api client project_id: project id zone: zone, - = all zones Returns: list of clusters on success, None otherwise """ return client.list_clusters(project_id=project_id, zone=zone).clusters
def google_client_setup(json_configuration: str) -> ClusterManagerClient: """ Setup client for service acount in google cloud - For more information: https://cloud.google.com/iam/docs/service-accounts Args: json_configuration: Json configuration file content from IAM. Returns: ClusterManagerClient: client manager. """ credentials = service_account.Credentials.from_service_account_info( json.loads(json_configuration)) client = ClusterManagerClient(credentials=credentials) return client
def gcloud_clusters_set_k8s_stackdriver_command( client: ClusterManagerClient, project: str, cluster: str, zone: str, enable: Optional[str] = None) -> COMMAND_OUTPUT: """ Enable or Disable k8s stackdriver. https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--enable-stackdriver-kubernetes Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1". enable: "true" or "false" Returns: str: Human readable. dict: Operation entry context. dict: Operation raw response. Notes: 1. The monitoring and logging should be configured to same resource and it can done only via gcp console. """ # Perform cluster update update = "monitoring.googleapis.com/kubernetes" if enable == 'true' else '' raw_response_msg: Message = client.set_monitoring_service( project_id=project, zone=zone, cluster_id=cluster, monitoring_service=update, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context operation: dict = parse_operation(raw_response_dict) entry_context = { OPERATION_CONTEXT: operation, } # Human readable human_readable: str = tableToMarkdown( t=operation, headers=OPERATION_TABLE, name=f'Set kubernetes stackdriver - Operation: {operation.get("Name")}' ) return human_readable, entry_context, raw_response_dict
def gcloud_clusters_set_binary_auth( client: ClusterManagerClient, project: str, cluster: str, zone: str, enable: Optional[str] = None) -> COMMAND_OUTPUT: """ Enable or Disable binary authorize. https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--enable-binauthz Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1". enable: "true" or "false" Returns: str: Human readable. dict: Operation entry context. dict: Operation raw response. """ # Perform cluster update update = { 'desired_binary_authorization': { 'enabled': enable == 'enable', } } raw_response_msg: Message = client.update_cluster(project_id=project, zone=zone, cluster_id=cluster, update=update, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context operation: dict = parse_operation(raw_response_dict) entry_context = { OPERATION_CONTEXT: operation, } # Human readable human_readable: str = tableToMarkdown( t=operation, headers=OPERATION_TABLE, name= f'Set kubernetes binary authorization - Operation: {operation.get("Name")}' ) return human_readable, entry_context, raw_response_dict
def gcloud_clusters_set_master_auth( client: ClusterManagerClient, project: str, cluster: str, zone: str, basic_auth: Optional[str] = None) -> COMMAND_OUTPUT: """ Enable basic (username/password) auth for the cluster. Enable will create user admin with generated password. https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--enable-basic-auth Args: client: Google container client. project: GCP project from console. zone: Project query zone, e.g. "europe-west2-a". cluster: Cluster ID, e.g. "dmst-gcloud-cluster-1". basic_auth: "enable" or "disable". Returns: str: Human readable. dict: Operation entry context. dict: Operation raw response. """ # Perform cluster update upadte = {"username": "******" if basic_auth == "enable" else ""} raw_response_msg: Message = client.set_master_auth( action=enums.SetMasterAuthRequest.Action.SET_USERNAME, project_id=project, zone=zone, cluster_id=cluster, update=upadte, timeout=API_TIMEOUT) raw_response_dict: dict = MessageToDict(raw_response_msg) # Entry context operation: dict = parse_operation(raw_response_dict) entry_context = {OPERATION_CONTEXT: operation} # Human readable human_readable: str = tableToMarkdown( t=operation, headers=OPERATION_TABLE, name=f'Set master-auth operation - {operation.get("Name")}') return human_readable, entry_context, raw_response_dict
def list(project_id: str, creds: Credentials, zone: str = '-') -> Optional[List[str]]: """gets a list of clusters for given project and zone Args: project_id: gke project id creds: credentials zone: zone, - = all zones Returns: list of cluster names on success, None otherwise """ client = ClusterManagerClient(credentials=creds) if client is None: logging.error('error getting cluster management client') return False clusters = utils.get_gke_clusters(client, project_id, zone) return [c.name for c in clusters] if clusters is not None else None