def dockerjson_pv( pull_secret, name=None, filename='.dockerconfigjson', project_to='/kaniko/.docker/config.json'): """ Creates V1Volume volume projection from kubernetes pull secret """ from os.path import basename, dirname from kubernetes import client if not name: from uuid import uuid1 name='vol-' + str(uuid1())[:12] return k8sc.V1Volume( name=name, projected=k8sc.V1ProjectedVolumeSource(sources=[ k8sc.V1VolumeProjection( secret=k8sc.V1SecretProjection( name=pull_secret, items=[k8sc.V1KeyToPath(key=filename, path=basename(project_to))] ) ) ]) )
def _use_pull_secret(task): from os.path import basename, dirname from kubernetes import client as k8sc return (task.add_volume( k8sc.V1Volume( name='registrycreds', projected=k8sc.V1ProjectedVolumeSource(sources=[ k8sc.V1VolumeProjection(secret=k8sc.V1SecretProjection( name=secret_name, items=[ k8sc.V1KeyToPath(key=filename, path=basename(project_to)) ])) ]))).add_volume_mount( k8sc.V1VolumeMount(name='registrycreds', mount_path=dirname(project_to))))
def deploy_fake_cega(deploy_lega): """Deploy the Fake CEGA.""" _here = Path(__file__).parent trace_file = Path(_here / 'config/trace.ini') assert trace_file.exists(), "No trace file!" trace_config = configparser.ConfigParser() trace_config.read(trace_file) with open(_here / 'extras/server.py') as users_init: init_users = users_init.read() with open(_here / 'extras/users.html') as user_list: users = user_list.read() with open(_here / 'extras/cega-mq.sh') as ceg_mq_init: cega_init_mq = ceg_mq_init.read() with open(_here / 'config/cega.config') as cega_config: cega_config_mq = cega_config.read() with open(_here / 'config/cega.json') as cega_defs: cega_defs_mq = cega_defs.read() user_pub = trace_config['secrets']['cega_user_public_key'] ports_mq_management = [client.V1ServicePort(name="http", protocol="TCP", port=15672, target_port=15672)] ports_mq = [client.V1ServicePort(name="amqp", protocol="TCP", port=5672, target_port=5672), client.V1ServicePort(name="epmd", protocol="TCP", port=4369, target_port=4369), client.V1ServicePort(name="rabbitmq-dist", protocol="TCP", port=25672, target_port=25672)] deploy_lega.config_map('users-config', {'server.py': init_users, 'users.html': users, 'ega-box-999.yml': f'---\npubkey: {user_pub}'}) env_users_inst = client.V1EnvVar(name="LEGA_INSTANCES", value="lega") env_users_creds = client.V1EnvVar(name="CEGA_REST_lega_PASSWORD", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='cega-creds', key="credentials"))) mount_users = client.V1VolumeMount(name="users-config", mount_path='/cega') users_map = client.V1ConfigMapProjection(name="users-config", items=[client.V1KeyToPath(key="server.py", path="server.py"), client.V1KeyToPath(key="users.html", path="users.html"), client.V1KeyToPath(key="ega-box-999.yml", path="users/ega-box-999.yml"), client.V1KeyToPath(key="ega-box-999.yml", path="users/lega/ega-box-999.yml")]) users_vol = client.V1VolumeProjection(config_map=users_map) volume_users = client.V1Volume(name="users-config", projected=client.V1ProjectedVolumeSource(sources=[users_vol])) deploy_lega.config_map('cega-mq-entrypoint', {'cega-mq.sh': cega_init_mq}) deploy_lega.config_map('cega-mq-config', {'defs.json': cega_defs_mq, 'rabbitmq.config': cega_config_mq}) deploy_lega.persistent_volume("cega-rabbitmq", "1Gi") deploy_lega.persistent_volume_claim("cega-mq-storage", "cega-rabbitmq", "1Gi") mount_cega_temp = client.V1VolumeMount(name="cega-mq-temp", mount_path='/temp') mount_cega_rabbitmq = client.V1VolumeMount(name="cega-rabbitmq", mount_path='/etc/rabbitmq') volume_cega_temp = client.V1Volume(name="cega-mq-temp", config_map=client.V1ConfigMapVolumeSource(name="cega-mq-config")) volume_cega_rabbitmq = client.V1Volume(name="cega-rabbitmq", persistent_volume_claim=client.V1PersistentVolumeClaimVolumeSource(claim_name="cega-mq-storage")) mount_mq_cega = client.V1VolumeMount(name="cega-mq-entrypoint", mount_path='/script') volume_mq_cega = client.V1Volume(name="cega-mq-entrypoint", config_map=client.V1ConfigMapVolumeSource(name="cega-mq-entrypoint", default_mode=0o744)) deploy_lega.stateful_set('cega-mq', 'rabbitmq:3.6.14-management', ["/script/cega-mq.sh"], None, [mount_cega_temp, mount_mq_cega, mount_cega_rabbitmq], [volume_cega_temp, volume_mq_cega, volume_cega_rabbitmq], ports=[15672, 5672, 4369, 25672]) deploy_lega.deployment('cega-users', 'nbisweden/ega-base:latest', ["python3.6", "/cega/server.py"], [env_users_inst, env_users_creds], [mount_users], [volume_users], ports=[8001]) ports_users = [client.V1ServicePort(protocol="TCP", port=8001, target_port=8001)] deploy_lega.service('cega-mq', ports_mq, type="NodePort") deploy_lega.service('cega-mq-management', ports_mq_management, pod_name="cega-mq", type="NodePort") deploy_lega.service('cega-users', ports_users, type="NodePort")
def kubernetes_deployment(_localega, config, ns, fake_cega): """Wrap all the kubernetes settings.""" _here = Path(__file__).parent trace_file = Path(_here / 'config/trace.ini') assert trace_file.exists(), "No trace file!" trace_config = configparser.ConfigParser() trace_config.read(trace_file) deploy_lega = LocalEGADeploy(_localega, ns) # Setting ENV variables and Volumes env_cega_api = client.V1EnvVar(name="CEGA_ENDPOINT", value=f"{_localega['cega']['endpoint']}") env_inbox_mq = client.V1EnvVar(name="BROKER_HOST", value=f"{_localega['services']['broker']}.{ns}") env_inbox_port = client.V1EnvVar(name="INBOX_PORT", value="2222") env_db_data = client.V1EnvVar(name="PGDATA", value="/var/lib/postgresql/data/pgdata") env_cega_mq = client.V1EnvVar(name="CEGA_CONNECTION", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='cega-connection', key="address"))) env_cega_creds = client.V1EnvVar(name="CEGA_ENDPOINT_CREDS", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='cega-creds', key="credentials"))) env_acc_minio = client.V1EnvVar(name="MINIO_ACCESS_KEY", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='s3-keys', key="access"))) env_sec_minio = client.V1EnvVar(name="MINIO_SECRET_KEY", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='s3-keys', key="secret"))) env_acc_s3 = client.V1EnvVar(name="S3_ACCESS_KEY", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='s3-keys', key="access"))) env_sec_s3 = client.V1EnvVar(name="S3_SECRET_KEY", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='s3-keys', key="secret"))) env_db_pass = client.V1EnvVar(name="POSTGRES_PASSWORD", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='lega-db-secret', key="postgres_password"))) env_db_user = client.V1EnvVar(name="POSTGRES_USER", value_from=client.V1EnvVarSource(config_map_key_ref=client.V1ConfigMapKeySelector(name='lega-db-config', key="user"))) env_db_name = client.V1EnvVar(name="POSTGRES_DB", value_from=client.V1EnvVarSource(config_map_key_ref=client.V1ConfigMapKeySelector(name='lega-db-config', key="dbname"))) env_lega_pass = client.V1EnvVar(name="LEGA_PASSWORD", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='lega-password', key="password"))) env_keys_pass = client.V1EnvVar(name="KEYS_PASSWORD", value_from=client.V1EnvVarSource(secret_key_ref=client.V1SecretKeySelector(name='keys-password', key="password"))) mount_config = client.V1VolumeMount(name="config", mount_path='/etc/ega') mount_inbox = client.V1VolumeMount(name="inbox", mount_path='/ega/inbox') mount_mq_temp = client.V1VolumeMount(name="mq-temp", mount_path='/temp') mount_mq_rabbitmq = client.V1VolumeMount(name="rabbitmq", mount_path='/etc/rabbitmq') mount_mq_script = client.V1VolumeMount(name="mq-entrypoint", mount_path='/script') mount_db_data = client.V1VolumeMount(name="data", mount_path='/var/lib/postgresql/data', read_only=False) mound_db_init = client.V1VolumeMount(name="initsql", mount_path='/docker-entrypoint-initdb.d') mount_minio = client.V1VolumeMount(name="data", mount_path='/data') pmap_ini_conf = client.V1VolumeProjection(config_map=client.V1ConfigMapProjection(name="lega-config", items=[client.V1KeyToPath(key="conf.ini", path="conf.ini", mode=0o744)])) pmap_ini_keys = client.V1VolumeProjection(config_map=client.V1ConfigMapProjection(name="lega-keyserver-config", items=[client.V1KeyToPath(key="keys.ini", path="keys.ini", mode=0o744)])) sec_keys = client.V1VolumeProjection(secret=client.V1SecretProjection(name="keyserver-secret", items=[client.V1KeyToPath(key="key1.sec", path="pgp/key.1"), client.V1KeyToPath(key="ssl.cert", path="ssl.cert"), client.V1KeyToPath(key="ssl.key", path="ssl.key")])) deploy_lega.create_namespace() deploy_lega.config_secret('cega-creds', {'credentials': trace_config['secrets']['cega_creds']}) # Create Secrets deploy_lega.config_secret('cega-connection', {'address': trace_config['secrets']['cega_address']}) deploy_lega.config_secret('lega-db-secret', {'postgres_password': trace_config['secrets']['postgres_password']}) deploy_lega.config_secret('s3-keys', {'access': trace_config['secrets']['s3_access'], 'secret': trace_config['secrets']['s3_secret']}) deploy_lega.config_secret('lega-password', {'password': trace_config['secrets']['lega_password']}) deploy_lega.config_secret('keys-password', {'password': trace_config['secrets']['keys_password']}) with open(_here / 'config/key.1.sec') as key_file: key1_data = key_file.read() with open(_here / 'config/ssl.cert') as cert: ssl_cert = cert.read() with open(_here / 'config/ssl.key') as key: ssl_key = key.read() deploy_lega.config_secret('keyserver-secret', {'key1.sec': key1_data, 'ssl.cert': ssl_cert, 'ssl.key': ssl_key}) # Read conf from files with open(_here / 'extras/db.sql') as sql_init: init_sql = sql_init.read() with open(_here / 'extras/mq.sh') as mq_init: init_mq = mq_init.read() with open(_here / 'config/conf.ini') as conf_file: data_conf = conf_file.read() with open(_here / 'config/keys.ini') as keys_file: data_keys = keys_file.read() with open(_here / 'config/rabbitmq.config') as config: config_mq = config.read() with open(_here / 'config/defs.json') as defs: defs_mq = defs.read() # secret = deploy_lega.read_secret('keys-password') # enc_keys = conf.aes_encrypt(b64decode(secret.to_dict()['data']['password'].encode('utf-8')), data_keys.encode('utf-8'), md5) # with open(_here / 'config/keys.ini.enc', 'w') as enc_file: # enc_file.write(b64encode(enc_keys).decode('utf-8')) # Upload Configuration Maps deploy_lega.config_map('initsql', {'db.sql': init_sql}) deploy_lega.config_map('mq-config', {'defs.json': defs_mq, 'rabbitmq.config': config_mq}) deploy_lega.config_map('mq-entrypoint', {'mq.sh': init_mq}) deploy_lega.config_map('lega-config', {'conf.ini': data_conf}) deploy_lega.config_map('lega-keyserver-config', {'keys.ini': data_keys}) deploy_lega.config_map('lega-db-config', {'user': '******', 'dbname': 'lega'}) # Volumes deploy_lega.persistent_volume("postgres", "0.5Gi", accessModes=["ReadWriteMany"]) deploy_lega.persistent_volume("rabbitmq", "0.5Gi") deploy_lega.persistent_volume("inbox", "0.5Gi", accessModes=["ReadWriteMany"]) deploy_lega.persistent_volume_claim("db-storage", "postgres", "0.5Gi", accessModes=["ReadWriteMany"]) deploy_lega.persistent_volume_claim("mq-storage", "rabbitmq", "0.5Gi") deploy_lega.persistent_volume_claim("inbox", "inbox", "0.5Gi", accessModes=["ReadWriteMany"]) volume_db = client.V1Volume(name="data", persistent_volume_claim=client.V1PersistentVolumeClaimVolumeSource(claim_name="db-storage")) volume_rabbitmq = client.V1Volume(name="rabbitmq", persistent_volume_claim=client.V1PersistentVolumeClaimVolumeSource(claim_name="mq-storage")) volume_db_init = client.V1Volume(name="initsql", config_map=client.V1ConfigMapVolumeSource(name="initsql")) volume_mq_temp = client.V1Volume(name="mq-temp", config_map=client.V1ConfigMapVolumeSource(name="mq-config")) volume_mq_script = client.V1Volume(name="mq-entrypoint", config_map=client.V1ConfigMapVolumeSource(name="mq-entrypoint", default_mode=0o744)) volume_config = client.V1Volume(name="config", config_map=client.V1ConfigMapVolumeSource(name="lega-config")) # volume_ingest = client.V1Volume(name="ingest-conf", config_map=client.V1ConfigMapVolumeSource(name="lega-config")) volume_inbox = client.V1Volume(name="inbox", persistent_volume_claim=client.V1PersistentVolumeClaimVolumeSource(claim_name="inbox")) volume_keys = client.V1Volume(name="config", projected=client.V1ProjectedVolumeSource(sources=[pmap_ini_conf, pmap_ini_keys, sec_keys])) pvc_minio = client.V1PersistentVolumeClaim(metadata=client.V1ObjectMeta(name="data"), spec=client.V1PersistentVolumeClaimSpec(access_modes=["ReadWriteOnce"], resources=client.V1ResourceRequirements(requests={"storage": "10Gi"}))) # Deploy LocalEGA Pods deploy_lega.deployment('mapper', 'nbisweden/ega-base:latest', ["ega-id-mapper"], [], [mount_config], [volume_config], patch=True) deploy_lega.deployment('keys', 'nbisweden/ega-base:latest', ["ega-keyserver", "--keys", "/etc/ega/keys.ini"], [env_lega_pass, env_keys_pass], [mount_config], [volume_keys], ports=[8443], patch=True) deploy_lega.deployment('db', 'postgres:9.6', None, [env_db_pass, env_db_user, env_db_name, env_db_data], [mount_db_data, mound_db_init], [volume_db, volume_db_init], ports=[5432]) deploy_lega.deployment('ingest', 'nbisweden/ega-base:latest', ["ega-ingest"], [env_lega_pass, env_acc_s3, env_sec_s3, env_db_pass], [mount_config, mount_inbox], [volume_config, volume_inbox]) deploy_lega.stateful_set('minio', 'minio/minio:latest', None, [env_acc_minio, env_sec_minio], [mount_minio], None, args=["server", "/data"], vol_claims=[pvc_minio], ports=[9000]) deploy_lega.stateful_set('verify', 'nbisweden/ega-base:latest', ["ega-verify"], [env_acc_s3, env_sec_s3, env_lega_pass, env_db_pass], [mount_config], [volume_config]) deploy_lega.stateful_set('mq', 'rabbitmq:3.6.14-management', ["/script/mq.sh"], [env_cega_mq], [mount_mq_temp, mount_mq_script, mount_mq_rabbitmq], [volume_mq_temp, volume_mq_script, volume_rabbitmq], ports=[15672, 5672, 4369, 25672]) deploy_lega.stateful_set('inbox', 'nbisweden/ega-mina-inbox:latest', None, [env_inbox_mq, env_cega_api, env_cega_creds, env_inbox_port], [mount_inbox], [volume_inbox], ports=[2222]) # Ports ports_db = [client.V1ServicePort(protocol="TCP", port=5432, target_port=5432)] ports_inbox = [client.V1ServicePort(protocol="TCP", port=2222, target_port=2222)] ports_s3 = [client.V1ServicePort(name="web", protocol="TCP", port=9000)] ports_keys = [client.V1ServicePort(protocol="TCP", port=8443, target_port=8443)] ports_mq_management = [client.V1ServicePort(name="http", protocol="TCP", port=15672, target_port=15672)] ports_mq = [client.V1ServicePort(name="amqp", protocol="TCP", port=5672, target_port=5672), client.V1ServicePort(name="epmd", protocol="TCP", port=4369, target_port=4369), client.V1ServicePort(name="rabbitmq-dist", protocol="TCP", port=25672, target_port=25672)] # Deploy Services deploy_lega.service('db', ports_db) deploy_lega.service('mq-management', ports_mq_management, pod_name="mq", type="NodePort") deploy_lega.service('mq', ports_mq) deploy_lega.service('keys', ports_keys) deploy_lega.service('inbox', ports_inbox, type="NodePort") deploy_lega.service('minio', ports_s3) # Headless deploy_lega.service('minio-service', ports_s3, pod_name="minio", type="LoadBalancer") metric_cpu = client.V2beta1MetricSpec(type="Resource", resource=client.V2beta1ResourceMetricSource(name="cpu", target_average_utilization=50)) deploy_lega.horizontal_scale("ingest", "ingest", "Deployment", 5, [metric_cpu]) if fake_cega: deploy_fake_cega(deploy_lega)