def test_to_volume_secret(self, mock_uuid):
mock_uuid.return_value = '0'
secret = Secret('volume', '/etc/foo', 'secret_b')
assert secret.to_volume_secret() == (
k8s.V1Volume(name='secretvol0', secret=k8s.V1SecretVolumeSource(secret_name='secret_b')),
k8s.V1VolumeMount(mount_path='/etc/foo', name='secretvol0', read_only=True),
)
def to_volume_secret(self) -> Tuple[k8s.V1Volume, k8s.V1VolumeMount]:
"""Converts to volume secret"""
vol_id = f'secretvol{uuid.uuid4()}'
volume = k8s.V1Volume(name=vol_id, secret=k8s.V1SecretVolumeSource(secret_name=self.secret))
if self.items:
volume.secret.items = self.items
return (volume, k8s.V1VolumeMount(mount_path=self.deploy_target, name=vol_id, read_only=True))
def get_kubeconfig_volume(release: OpenshiftRelease):
return k8s.V1Volume(
name="kubeconfig",
secret=k8s.V1SecretVolumeSource(
secret_name=f"{release.get_release_name()}-kubeconfig"
)
)
def to_volume_secret(self) -> Tuple[k8s.V1Volume, k8s.V1VolumeMount]:
vol_id = 'secretvol{}'.format(uuid.uuid4())
return (k8s.V1Volume(
name=vol_id,
secret=k8s.V1SecretVolumeSource(secret_name=self.secret)),
k8s.V1VolumeMount(mount_path=self.deploy_target,
name=vol_id,
read_only=True))
def get_kubeconfig_volume(release: OpenshiftRelease, task_group):
prefix=f"{task_group}-"
return k8s.V1Volume(
name="kubeconfig",
secret=k8s.V1SecretVolumeSource(
secret_name=f"{release.get_release_name()}-{prefix if 'hosted' in task_group else ''}kubeconfig"
)
)
def _get_volumes(self) -> List[k8s.V1Volume]:
def _construct_volume(name, claim, host) -> k8s.V1Volume:
volume = k8s.V1Volume(name=name)
if claim:
volume.persistent_volume_claim = k8s.V1PersistentVolumeClaimVolumeSource(
claim_name=claim)
elif host:
volume.host_path = k8s.V1HostPathVolumeSource(path=host,
type='')
else:
volume.empty_dir = {}
return volume
volumes = {
self.dags_volume_name:
_construct_volume(self.dags_volume_name,
self.kube_config.dags_volume_claim,
self.kube_config.dags_volume_host),
self.logs_volume_name:
_construct_volume(self.logs_volume_name,
self.kube_config.logs_volume_claim,
self.kube_config.logs_volume_host)
}
if self.kube_config.dags_in_image:
del volumes[self.dags_volume_name]
# Get the SSH key from secrets as a volume
if self.kube_config.git_ssh_key_secret_name:
volumes[self.git_sync_ssh_secret_volume_name] = k8s.V1Volume(
name=self.git_sync_ssh_secret_volume_name,
secret=k8s.V1SecretVolumeSource(
secret_name=self.kube_config.git_ssh_key_secret_name,
items=[
k8s.V1KeyToPath(key=self.git_ssh_key_secret_key,
path='ssh',
mode=0o440)
]))
if self.kube_config.git_ssh_known_hosts_configmap_name:
volumes[self.git_sync_ssh_known_hosts_volume_name] = k8s.V1Volume(
name=self.git_sync_ssh_known_hosts_volume_name,
config_map=k8s.V1ConfigMapVolumeSource(
name=self.kube_config.git_ssh_known_hosts_configmap_name,
default_mode=0o440))
# Mount the airflow.cfg file via a configmap the user has specified
if self.kube_config.airflow_configmap:
config_volume_name = 'airflow-config'
volumes[config_volume_name] = k8s.V1Volume(
name=config_volume_name,
config_map=k8s.V1ConfigMapVolumeSource(
name=self.kube_config.airflow_configmap))
return list(volumes.values())
def test_only_mount_sub_secret(self, mock_uuid):
mock_uuid.return_value = '0'
items = [k8s.V1KeyToPath(key="my-username", path="/extra/path")]
secret = Secret('volume', '/etc/foo', 'secret_b', items=items)
assert secret.to_volume_secret() == (
k8s.V1Volume(
name='secretvol0', secret=k8s.V1SecretVolumeSource(secret_name='secret_b', items=items)
),
k8s.V1VolumeMount(mount_path='/etc/foo', name='secretvol0', read_only=True),
)
def test_to_volume_secret(self, mock_uuid):
static_uuid = uuid.UUID('cf4a56d2-8101-4217-b027-2af6216feb48')
mock_uuid.return_value = static_uuid
secret = Secret('volume', '/etc/foo', 'secret_b')
self.assertEqual(
secret.to_volume_secret(),
(k8s.V1Volume(
name='secretvol' + str(static_uuid),
secret=k8s.V1SecretVolumeSource(secret_name='secret_b')),
k8s.V1VolumeMount(mount_path='/etc/foo',
name='secretvol' + str(static_uuid),
read_only=True)))
def to_volume_secret(secret: "Secret") -> typing.Tuple[k8s.V1Volume, k8s.V1VolumeMount]:
"""Converts to volume secret"""
vol_id = f"secretvol{uuid.uuid4()}"
volume = k8s.V1Volume(
name=vol_id, secret=k8s.V1SecretVolumeSource(secret_name=secret.secret)
)
# if secret.items:
# volume.secret.items = self.items
return (
volume,
k8s.V1VolumeMount(mount_path=secret.deploy_target, name=vol_id, read_only=True),
)
def to_volume_secret(self):
import kubernetes.client.models as k8s
vol_id = 'secretvol{}'.format(uuid.uuid4())
if self.deploy_target:
volume_mount = k8s.V1VolumeMount(mount_path=self.deploy_target,
name=vol_id,
read_only=True)
else:
volume_mount = None
return (k8s.V1Volume(
name=vol_id,
secret=k8s.V1SecretVolumeSource(secret_name=self.secret)),
volume_mount)
def get_kubeconfig_volume(version, platform, profile):
return k8s.V1Volume(
name="kubeconfig",
secret=k8s.V1SecretVolumeSource(
secret_name=f"{version}-{platform}-{profile}-kubeconfig"))
def test_convert_to_airflow_pod(self):
input_pod = k8s.V1Pod(
metadata=k8s.V1ObjectMeta(name="foo", namespace="bar"),
spec=k8s.V1PodSpec(
init_containers=[
k8s.V1Container(name="init-container",
volume_mounts=[
k8s.V1VolumeMount(mount_path="/tmp",
name="init-secret")
])
],
containers=[
k8s.V1Container(
name="base",
command=["foo"],
image="myimage",
env=[
k8s.V1EnvVar(
name="AIRFLOW_SECRET",
value_from=k8s.V1EnvVarSource(
secret_key_ref=k8s.V1SecretKeySelector(
name="ai", key="secret_key")))
],
ports=[
k8s.V1ContainerPort(
name="myport",
container_port=8080,
)
],
volume_mounts=[
k8s.V1VolumeMount(name="myvolume",
mount_path="/tmp/mount",
read_only="True"),
k8s.V1VolumeMount(name='airflow-config',
mount_path='/config',
sub_path='airflow.cfg',
read_only=True),
k8s.V1VolumeMount(name="airflow-secret",
mount_path="/opt/mount",
read_only=True)
])
],
security_context=k8s.V1PodSecurityContext(
run_as_user=0,
fs_group=0,
),
volumes=[
k8s.V1Volume(name="myvolume"),
k8s.V1Volume(
name="airflow-config",
config_map=k8s.V1ConfigMap(data="airflow-data")),
k8s.V1Volume(name="airflow-secret",
secret=k8s.V1SecretVolumeSource(
secret_name="secret-name", )),
k8s.V1Volume(name="init-secret",
secret=k8s.V1SecretVolumeSource(
secret_name="init-secret", ))
]))
result_pod = _convert_to_airflow_pod(input_pod)
expected = Pod(
name="foo",
namespace="bar",
envs={},
init_containers=[{
'name':
'init-container',
'volumeMounts': [{
'mountPath': '/tmp',
'name': 'init-secret'
}]
}],
cmds=["foo"],
image="myimage",
ports=[Port(name="myport", container_port=8080)],
volume_mounts=[
VolumeMount(name="myvolume",
mount_path="/tmp/mount",
sub_path=None,
read_only="True"),
VolumeMount(name="airflow-config",
read_only=True,
mount_path="/config",
sub_path="airflow.cfg"),
VolumeMount(name="airflow-secret",
mount_path="/opt/mount",
sub_path=None,
read_only=True)
],
secrets=[Secret("env", "AIRFLOW_SECRET", "ai", "secret_key")],
security_context={
'fsGroup': 0,
'runAsUser': 0
},
volumes=[
Volume(name="myvolume", configs={'name': 'myvolume'}),
Volume(name="airflow-config",
configs={
'configMap': {
'data': 'airflow-data'
},
'name': 'airflow-config'
}),
Volume(name='airflow-secret',
configs={
'name': 'airflow-secret',
'secret': {
'secretName': 'secret-name'
}
}),
Volume(name='init-secret',
configs={
'name': 'init-secret',
'secret': {
'secretName': 'init-secret'
}
})
],
)
expected_dict = expected.as_dict()
result_dict = result_pod.as_dict()
print(result_pod.volume_mounts)
parsed_configs = self.pull_out_volumes(result_dict)
result_dict['volumes'] = parsed_configs
self.assertEqual(result_dict['secrets'], expected_dict['secrets'])
self.assertDictEqual(expected_dict, result_dict)
