def whitelist(policy_name, event_name):
policy = {
'metadata': {
'name': policy_name
},
'spec': {
'pod_selector': {
'match_labels': {}
},
'ingress': [
client.V1beta1NetworkPolicyIngressRule(_from=[
client.V1beta1NetworkPolicyPeer(
namespace_selector=client.V1LabelSelector(
match_labels={'name': 'kube-system'})),
client.V1beta1NetworkPolicyPeer(
pod_selector=client.V1LabelSelector(match_labels={}))
])
]
}
}
try:
kubernetesbetav1.read_namespaced_network_policy(
policy_name, event_name)
except Exception:
try:
kubernetesbetav1.create_namespaced_network_policy(
event_name, policy)
except Exception:
print('Failed creating network policy in namespace %s' %
event_name)
def create_deployment(self, namespace=None, *args, **kwargs):
deploy_name = kwargs.get("name")
deployment_metadata = client.V1ObjectMeta(name=deploy_name)
template_spec = self._generate_pod_template(*args, **kwargs)
body = client.V1Deployment(
api_version="apps/v1",
kind="Deployment",
metadata=deployment_metadata,
spec=client.V1DeploymentSpec(
selector=client.V1LabelSelector(match_labels={
"app": kwargs.get("name"),
}),
template=template_spec),
)
api_instance = client.AppsV1Api()
try:
api_instance.create_namespaced_deployment(namespace=namespace,
body=body,
pretty="true")
except ApiException as e:
LOG.error("Exception when call AppsV1beta1Api: %s", e)
raise e
return True
def get_obj(self):
"""
:description: Generate ingress obj.
"""
return client.NetworkingV1beta1Ingress(
api_version=self.api_version,
kind=self.kind,
metadata=client.V1ObjectMeta(name=self.slug,
annotations=self.annotations),
spec=client.NetworkingV1beta1IngressSpec(
selector=client.V1LabelSelector(match_labels=self.selector),
rules=[
client.NetworkingV1beta1IngressRule(
host=self.hostname,
http=client.
NetworkingV1beta1HTTPIngressRuleValue(paths=[
client.NetworkingV1beta1HTTPIngressPath(
path=self.path,
backend=client.NetworkingV1beta1IngressBackend(
service_port=self.target_service.port,
service_name=self.target_service.slug),
)
]),
)
],
),
)
def create_iperf_deploy(self, name):
self.apps_v1_api.create_namespaced_deployment(
namespace='default',
body=client.V1Deployment(
api_version="apps/v1",
kind="Deployment",
metadata=client.V1ObjectMeta(
name=name,
namespace="default",
labels={'app': name}
),
spec=client.V1DeploymentSpec(
replicas=10,
selector=client.V1LabelSelector(match_labels={'app': name}),
template=client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={'app': name}),
spec=client.V1PodSpec(
containers=[
client.V1Container(
name=name,
tty=True,
image="zhuangweikang/k8stc:latest",
image_pull_policy="IfNotPresent",
security_context=client.V1SecurityContext(
capabilities=client.V1Capabilities(add=["NET_ADMIN"])),
resources=client.V1ResourceRequirements(
limits={"cpu": "100m", "memory": "1Gi"},
requests={"cpu": "100m", "memory": "1Gi"})
)
]
)
)
)
)
)
def create_stateful_set_object():
container = client.V1Container(
name="sts-redis",
image="redis",
image_pull_policy="IfNotPresent",
ports=[client.V1ContainerPort(container_port=6379)],
)
# Template
template = client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={"app": "redis"}),
spec=client.V1PodSpec(containers=[container]))
# Spec
spec = client.V1StatefulSetSpec(
replicas=1,
service_name="redis-test-svc",
selector=client.V1LabelSelector(match_labels={"app": "redis"}),
template=template)
# StatefulSet
statefulset = client.V1StatefulSet(
api_version="apps/v1",
kind="StatefulSet",
metadata=client.V1ObjectMeta(name="statefulset-redis"),
spec=spec)
return statefulset
def _create_pvc_for_pv(self, vol):
name = vol.metadata.name
namespace = self.get_user_namespace()
pvcname = name
pvd = client.V1PersistentVolumeClaim(
spec=client.V1PersistentVolumeClaimSpec(
volume_name=name,
access_modes=vol.spec.access_modes,
resources=client.V1ResourceRequirements(
requests=vol.spec.capacity),
selector=client.V1LabelSelector(match_labels={"name": name}),
storage_class_name=vol.spec.storage_class_name))
md = client.V1ObjectMeta(name=pvcname, labels={"name": pvcname})
pvd.metadata = md
self.log.info("Creating PVC '%s' in namespace '%s'" %
(pvcname, namespace))
try:
self.api.create_namespaced_persistent_volume_claim(namespace, pvd)
except ApiException as e:
if e.status != 409:
self.log.exception("Create PVC '%s' " % pvcname +
"in namespace '%s' " % namespace +
"failed: %s" % str(e))
raise
else:
self.log.info("PVC '%s' " % pvcname +
"in namespace '%s' " % namespace +
"already exists.")
def simple_replicaset():
"""Return the Kubernetes config matching the simple-replicaset.yaml manifest."""
return client.V1ReplicaSet(
api_version="apps/v1",
kind="ReplicaSet",
metadata=client.V1ObjectMeta(
name="frontend",
labels={
"app": "guestbook",
"tier": "frontend",
},
),
spec=client.V1ReplicaSetSpec(
replicas=3,
selector=client.V1LabelSelector(match_labels={
"tier": "frontend",
}, ),
template=client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={
"tier": "frontend",
}, ),
spec=client.V1PodSpec(containers=[
client.V1Container(
name="php-redis",
image="gcr.io/google_samples/gb-frontend:v3",
),
], ),
),
),
)
def _build_deployment(self, metadata):
"""Build deployment Kubernetes object.
:param metadata: Common Kubernetes metadata for the interactive
deployment.
"""
container = client.V1Container(name=self.deployment_name, image=self.image)
pod_spec = client.V1PodSpec(
containers=[container],
node_selector=REANA_RUNTIME_SESSIONS_KUBERNETES_NODE_LABEL,
)
template = client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={"app": self.deployment_name}),
spec=pod_spec,
)
spec = client.V1DeploymentSpec(
selector=client.V1LabelSelector(match_labels={"app": self.deployment_name}),
replicas=1,
template=template,
)
deployment = client.V1Deployment(
api_version="apps/v1", kind="Deployment", metadata=metadata, spec=spec,
)
return deployment
def create_deployment(apps_v1_api):
container = client.V1Container(
name="deployment",
image="gcr.io/google-appengine/fluentd-logger",
image_pull_policy="Never",
ports=[client.V1ContainerPort(container_port=5678)],
)
# Template
template = client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={"app": "deployment"}),
spec=client.V1PodSpec(containers=[container]))
# Spec
spec = client.V1DeploymentSpec(
replicas=1,
selector=client.V1LabelSelector(match_labels={"app": "deployment"}),
template=template)
# Deployment
deployment = client.V1Deployment(
api_version="apps/v1",
kind="Deployment",
metadata=client.V1ObjectMeta(name="deployment"),
spec=spec)
# Creation of the Deployment in specified namespace
# (Can replace "default" with a namespace you may have created)
apps_v1_api.create_namespaced_deployment(namespace="default",
body=deployment)
def _build_deployment(self, metadata):
"""Build deployment Kubernetes object.
:param metadata: Common Kubernetes metadata for the interactive
deployment.
"""
container = client.V1Container(name=self.deployment_name,
image=self.image)
pod_spec = client.V1PodSpec(
containers=[container],
node_selector=REANA_RUNTIME_SESSIONS_KUBERNETES_NODE_LABEL,
# Disable service discovery with env variables, so that the environment is
# not polluted with variables like `REANA_SERVER_SERVICE_HOST`
enable_service_links=False,
)
template = client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={"app": self.deployment_name}),
spec=pod_spec,
)
spec = client.V1DeploymentSpec(
selector=client.V1LabelSelector(
match_labels={"app": self.deployment_name}),
replicas=1,
template=template,
)
deployment = client.V1Deployment(
api_version="apps/v1",
kind="Deployment",
metadata=metadata,
spec=spec,
)
return deployment
def create_deployment(namespace, name, cpulim, memlim, podlim,priorityclass):
try:
config.load_kube_config()
except:
config.load_incluster_config()
api = client.ExtensionsV1beta1Api()
container = client.V1Container(
name=name,
image="ansi/lookbusy",
resources=client.V1ResourceRequirements(
requests={'memory': memlim, 'cpu': cpulim}))
body = client.ExtensionsV1beta1Deployment(
api_version="extensions/v1beta1",
kind="Deployment",
metadata=client.V1ObjectMeta(name=name, namespace=namespace),
spec = client.V1DeploymentSpec(
selector=client.V1LabelSelector(match_labels={"app":name}),
template = client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(name=name, namespace=namespace,labels={"app": name}),
spec=client.V1PodSpec(containers=[container],priority_class_name=priorityclass)
)
)
)
pretty = 'true'
try:
api_response = api.create_namespaced_deployment(namespace, body, pretty=pretty)
except ApiException as e:
pprint("Exception when calling AppsV1Api->create_namespaced_deployment: %s\n" % e)
def create_k8s_deployment(namespace: str, name: str, replicas: int,
match_labels: dict, template: dict, user):
"""
Create a Kubernetes deployment in the cluster.
Returns the new deployment.
"""
apps_v1 = get_user_apps_v1(user)
logger.info(f"Creating Kubernetes deployment '{name}'")
k8s_containers = [
client.V1Container(name=c["name"], image=c["image"])
for c in template["containers"]
]
k8s_labels = {item['key']: item['value'] for item in template['labels']}
k8s_pod_template = client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(name=template['name'], labels=k8s_labels),
spec=client.V1PodSpec(containers=k8s_containers))
k8s_match_labels = {item['key']: item['value'] for item in match_labels}
k8s_deployment = client.V1Deployment(
metadata=client.V1ObjectMeta(name=name),
spec=client.V1DeploymentSpec(
replicas=replicas,
selector=client.V1LabelSelector(match_labels=k8s_match_labels),
template=k8s_pod_template))
apps_v1.create_namespaced_deployment(namespace, k8s_deployment)
def create_policy(namespace, use_kubectl=USE_KUBECTL):
if use_kubectl:
response = kubemunch('create', '-n', namespace, '-f', POLICY_FILENAME)
else:
md = client.V1ObjectMeta(name=AWS_NETWORK_POLICY_NAME,
namespace=namespace)
match_expression = client.V1LabelSelectorRequirement(
key='k8s-app', operator='DoesNotExist')
pod_selector = client.V1LabelSelector(
match_expressions=[match_expression])
ip_block = client.V1beta1IPBlock(
cidr='0.0.0.0/0', _except=['169.254.0.0/16'])
peer = client.V1beta1NetworkPolicyPeer(ip_block=ip_block)
egress = client.V1beta1NetworkPolicyEgressRule(to=[peer])
spec = client.V1beta1NetworkPolicySpec(
pod_selector=pod_selector,
egress=[egress],
policy_types=['Egress'])
policy = client.V1beta1NetworkPolicy(metadata=md, spec=spec)
networkingv1 = client.NetworkingV1Api()
response = networkingv1.create_namespaced_network_policy(namespace,
policy)
print("\tCreated {} in ns {}".format(response.metadata.name,
response.metadata.namespace))
def create_deployment(self, deployment_object):
container_port = client.V1ContainerPort(
container_port=deployment_object.container_port, name=deployment_object.name
)
container = client.V1Container(
image=deployment_object.image,
name=deployment_object.name,
env=deployment_object.env,
ports=[container_port],
)
metadata = client.V1ObjectMeta(
name=deployment_object.name, labels=deployment_object.labels
)
template = client.V1PodTemplateSpec(
metadata=metadata, spec=client.V1PodSpec(containers=[container])
)
strategy = client.ExtensionsV1beta1DeploymentStrategy(
type=deployment_object.strategy_type
)
selector = client.V1LabelSelector(match_labels=deployment_object.labels)
spec = client.ExtensionsV1beta1DeploymentSpec(
selector=selector, strategy=strategy, template=template
)
deployment = client.ExtensionsV1beta1Deployment(
api_version="apps/v1beta2", kind="Deployment", metadata=metadata, spec=spec
)
api_client = client.AppsV1beta2Api()
api_client.create_namespaced_deployment(body=deployment, namespace="default")
def _define_webserver_deployment() -> k8s.V1Deployment:
# Define Pod container template
container = k8s.V1Container(
name='echo',
image='hashicorp/http-echo',
command=['/http-echo', '-listen=:{}'.format(CONTAINER_PORT), '-text="Echo server on port {}"'.format(CONTAINER_PORT)],
ports=[k8s.V1ContainerPort(container_port=CONTAINER_PORT)],
resources=k8s.V1ResourceRequirements(
requests={'cpu': '100m', 'memory': '200Mi'},
limits={'cpu': '500m', 'memory': '500Mi'},
),
)
# Create and configure a spec section
template = k8s.V1PodTemplateSpec(
metadata=k8s.V1ObjectMeta(labels={'app': APP_NAME}),
spec=k8s.V1PodSpec(containers=[container]),
)
# Create the specification of deployment
spec = k8s.V1DeploymentSpec(
replicas=1, template=template, selector=k8s.V1LabelSelector(match_labels={'app': APP_NAME}))
# Instantiate the deployment object
deployment = k8s.V1Deployment(
metadata=k8s.V1ObjectMeta(name=DEPLOYMENT_NAME),
spec=spec,
)
return deployment
def createDeployment(applyName, image, servicePort):
V1ContainerPort = client.V1ContainerPort(
container_port=int(servicePort), protocol="TCP")
V1Container = client.V1Container(name=applyName,
image=image,
ports=[V1ContainerPort])
V1PodTemplateSpec = client.V1PodTemplateSpec(
spec=client.V1PodSpec(containers=[V1Container]),
metadata={"labels": {
'k8s-app': applyName
}})
V1beta2DeploymentSpec = client.V1beta2DeploymentSpec(
replicas=1,
selector=client.V1LabelSelector(
match_labels={"k8s-app": applyName}),
template=V1PodTemplateSpec)
V1ObjectMeta = client.V1ObjectMeta(namespace="default", name=applyName)
V1beta2Deployment = client.V1beta2Deployment(
spec=V1beta2DeploymentSpec,
api_version="apps/v1beta2",
kind="Deployment",
metadata=V1ObjectMeta)
pprint(V1beta2Deployment)
k8s_api = client.AppsV1beta2Api()
deployment = k8s_api.create_namespaced_deployment(
body=V1beta2Deployment, namespace="default")
pprint("Deployment create. status= '%s'" % deployment)
return deployment
def __init__(self, name, storage_pvc):
internal_volume_name = 'nfs-server-volume'
mount_path = '/exports'
ctr = client.V1Container(
name=name,
image=self.IMAGE,
ports=[
client.V1ContainerPort(name=k, container_port=v)
for k, v in self.PORTS.items()
],
security_context=client.V1SecurityContext(privileged=True),
volume_mounts=[
client.V1VolumeMount(mount_path=mount_path,
name=internal_volume_name)
])
volume_source = client.V1PersistentVolumeClaimVolumeSource(
claim_name=storage_pvc)
volume = client.V1Volume(name=internal_volume_name,
persistent_volume_claim=volume_source)
pod_spec = client.V1PodSpec(containers=[ctr], volumes=[volume])
pod_metadata = client.V1ObjectMeta(labels=self.LABELS)
pod_template = client.V1PodTemplateSpec(metadata=pod_metadata,
spec=pod_spec)
rs_spec = client.V1ReplicaSetSpec(
replicas=1,
selector=client.V1LabelSelector(match_labels=self.LABELS),
template=pod_template)
metadata = client.V1ObjectMeta(name=name, labels=self.LABELS)
super(NFSDeployment, self).__init__(metadata=metadata, spec=rs_spec)
def simple_replicaset():
"""Return the Kubernetes config matching the simple-replicaset.yaml manifest."""
return client.V1ReplicaSet(
api_version='apps/v1',
kind='ReplicaSet',
metadata=client.V1ObjectMeta(
name='frontend',
labels={
'app': 'guestbook',
'tier': 'frontend',
},
),
spec=client.V1ReplicaSetSpec(
replicas=3,
selector=client.V1LabelSelector(match_labels={
'tier': 'frontend',
}, ),
template=client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={
'tier': 'frontend',
}, ),
spec=client.V1PodSpec(containers=[
client.V1Container(
name='php-redis',
image='gcr.io/google_samples/gb-frontend:v3',
),
], ),
),
),
)
def _create_deployment(self):
REPLICAS = 1
container_port = k8s.V1ContainerPort(name=self.uid[-14:],
container_port=os.getenv(
"OPENVAS_OMP_PORT", 9390))
resources = k8s.V1ResourceRequirements(
limits={
"cpu": KubernetesDeployer.CONTAINER_USE_CPU_LIMIT,
"memory": KubernetesDeployer.CONTAINER_USE_MEMORY_LIMIT,
})
readiness_probe = k8s.V1Probe(
_exec=k8s.V1ExecAction(
command=KubernetesDeployer.OPENVAS_HEALTHCHECK_COMMAND),
initial_delay_seconds=300,
period_seconds=30,
)
liveness_probe = k8s.V1Probe(
tcp_socket=k8s.V1TCPSocketAction(
port=container_port.container_port),
initial_delay_seconds=180,
period_seconds=30,
failure_threshold=3,
timeout_seconds=5,
)
container = k8s.V1Container(
image=KubernetesDeployer.OPENVAS_CONTAINER_IMAGE,
name=self.uid,
image_pull_policy="IfNotPresent",
ports=[container_port],
resources=resources,
readiness_probe=readiness_probe,
liveness_probe=liveness_probe,
)
toleration = k8s.V1Toleration(effect="NoSchedule",
key="Scanners",
operator="Exists")
pod_spec = k8s.V1PodSpec(containers=[container],
tolerations=[toleration])
pod_metadata = k8s.V1ObjectMeta(
name=self.uid,
labels={"app.kubernetes.io/name": self.uid},
annotations={
"cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
},
)
pod_template = k8s.V1PodTemplateSpec(spec=pod_spec,
metadata=pod_metadata)
selector = k8s.V1LabelSelector(
match_labels={"app.kubernetes.io/name": self.uid})
deployment_spec = k8s.V1DeploymentSpec(replicas=REPLICAS,
selector=selector,
template=pod_template)
deployment_metadata = k8s.V1ObjectMeta(
name=self.uid, labels={"app.kubernetes.io/name": self.uid})
deployment = k8s.V1Deployment(spec=deployment_spec,
metadata=deployment_metadata)
return k8s.AppsV1Api(self.client).create_namespaced_deployment(
self.namespace, deployment)
def create_k8s_nfs_resources(self) -> bool:
"""
Create NFS resources such as PV and PVC in Kubernetes.
"""
from kubernetes import client as k8sclient
pv_name = "nfs-ckpt-pv-{}".format(uuid.uuid4())
persistent_volume = k8sclient.V1PersistentVolume(
api_version="v1",
kind="PersistentVolume",
metadata=k8sclient.V1ObjectMeta(
name=pv_name,
labels={'app': pv_name}
),
spec=k8sclient.V1PersistentVolumeSpec(
access_modes=["ReadWriteMany"],
nfs=k8sclient.V1NFSVolumeSource(
path=self.params.path,
server=self.params.server
),
capacity={'storage': '10Gi'},
storage_class_name=""
)
)
k8s_api_client = k8sclient.CoreV1Api()
try:
k8s_api_client.create_persistent_volume(persistent_volume)
self.params.pv_name = pv_name
except k8sclient.rest.ApiException as e:
print("Got exception: %s\n while creating the NFS PV", e)
return False
pvc_name = "nfs-ckpt-pvc-{}".format(uuid.uuid4())
persistent_volume_claim = k8sclient.V1PersistentVolumeClaim(
api_version="v1",
kind="PersistentVolumeClaim",
metadata=k8sclient.V1ObjectMeta(
name=pvc_name
),
spec=k8sclient.V1PersistentVolumeClaimSpec(
access_modes=["ReadWriteMany"],
resources=k8sclient.V1ResourceRequirements(
requests={'storage': '10Gi'}
),
selector=k8sclient.V1LabelSelector(
match_labels={'app': self.params.pv_name}
),
storage_class_name=""
)
)
try:
k8s_api_client.create_namespaced_persistent_volume_claim(self.params.namespace, persistent_volume_claim)
self.params.pvc_name = pvc_name
except k8sclient.rest.ApiException as e:
print("Got exception: %s\n while creating the NFS PVC", e)
return False
return True
def get_affinity(self):
"""Determine the affinity term for the build pod.
There are a two affinity strategies, which one is used depends on how
the BinderHub is configured.
In the default setup the affinity of each build pod is an "anti-affinity"
which causes the pods to prefer to schedule on separate nodes.
In a setup with docker-in-docker enabled pods for a particular
repository prefer to schedule on the same node in order to reuse the
docker layer cache of previous builds.
"""
resp = self.api.list_namespaced_pod(
self.namespace,
label_selector="component=dind,app=binder",
_request_timeout=KUBE_REQUEST_TIMEOUT,
_preload_content=False,
)
dind_pods = json.loads(resp.read())
if self.sticky_builds and dind_pods:
node_names = [
pod["spec"]["nodeName"] for pod in dind_pods["items"]
]
ranked_nodes = rendezvous_rank(node_names, self.repo_url)
best_node_name = ranked_nodes[0]
affinity = client.V1Affinity(node_affinity=client.V1NodeAffinity(
preferred_during_scheduling_ignored_during_execution=[
client.V1PreferredSchedulingTerm(
weight=100,
preference=client.V1NodeSelectorTerm(
match_expressions=[
client.V1NodeSelectorRequirement(
key="kubernetes.io/hostname",
operator="In",
values=[best_node_name],
)
]),
)
]))
else:
affinity = client.V1Affinity(
pod_anti_affinity=client.V1PodAntiAffinity(
preferred_during_scheduling_ignored_during_execution=[
client.V1WeightedPodAffinityTerm(
weight=100,
pod_affinity_term=client.V1PodAffinityTerm(
topology_key="kubernetes.io/hostname",
label_selector=client.V1LabelSelector(
match_labels=dict(
component=self._component_label)),
),
)
]))
return affinity
def get_persistent_volume_claim_spec(volume, access_modes='ReadWriteOnce', ):
access_modes = to_list(access_modes)
resources = client.V1ResourceRequirements(requests={'storage': STORAGE_BY_VOLUME[volume]})
selector = client.V1LabelSelector(match_labels=get_labels(volume))
return client.V1PersistentVolumeClaimSpec(
access_modes=access_modes,
resources=resources,
selector=selector)
def _add_kubetest_labels(self):
"""Add a kubetest label to the Deployment object.
This allows kubetest to more easily and reliably search for and aggregate
API objects, such as getting the Pods for a Deployment.
The kubetest label key is "kubetest/<obj kind>" where the obj kind is
the lower-cased kind of the obj.
"""
self.klabel_key = 'kubetest/deployment'
if self.obj.metadata.labels:
self.klabel_uid = self.obj.metadata.labels.get(
self.klabel_key, None)
else:
self.klabel_uid = None
if not self.klabel_uid:
self.klabel_uid = str(uuid.uuid4())
# fixme: it would be nice to clean up this label setting logic a bit
# and possibly abstract it out to something more generalized, but
# that is difficult to do given the differences in object attributes
# Set the base metadata label
if self.obj.metadata is None:
self.obj.metadata = client.V1ObjectMeta()
if self.obj.metadata.labels is None:
self.obj.metadata.labels = {}
if self.klabel_key not in self.obj.metadata.labels:
self.obj.metadata.labels[self.klabel_key] = self.klabel_uid
# If no spec is set, there is nothing to set additional labels on
if self.obj.spec is None:
log.warning('deployment spec not set - cannot set kubetest label')
return
# Set the selector label
if self.obj.spec.selector is None:
self.obj.spec.selector = client.V1LabelSelector()
if self.obj.spec.selector.match_labels is None:
self.obj.spec.selector.match_labels = {}
if self.klabel_key not in self.obj.spec.selector.match_labels:
self.obj.spec.selector.match_labels[
self.klabel_key] = self.klabel_uid
# Set the template label
if self.obj.spec.template is None:
self.obj.spec.template = client.V1PodTemplateSpec()
if self.obj.spec.template.metadata is None:
self.obj.spec.template.metadata = client.V1ObjectMeta(labels={})
if self.klabel_key not in self.obj.spec.template.metadata.labels:
self.obj.spec.template.metadata.labels[
self.klabel_key] = self.klabel_uid
def create_deployment_sample(self, api_instance, deployment_sample_data):
labels = {
'alicek106_love_is_you': 'ls'
} # Default Label for matching ReplicaSets
labels.update(deployment_sample_data.labels)
env_vars = [
client.V1EnvVar(name=env['name'], value=env['value'])
for env in deployment_sample_data.env_vars
]
publish_ports = [
client.V1ContainerPort(name=port['name'],
container_port=int(port['port']))
for port in deployment_sample_data.publish_ports
]
metadata = client.V1ObjectMeta(
namespace=deployment_sample_data.namespace,
name=deployment_sample_data.deployment_name,
labels=labels)
spec_pod = client.V1PodSpec(containers=[
client.V1Container(
name=deployment_sample_data.deployment_name,
image=deployment_sample_data.image,
env=env_vars,
ports=publish_ports,
image_pull_policy="Always",
resources=client.V1ResourceRequirements(
limits=deployment_sample_data.resources['limit'],
requests=deployment_sample_data.resources['request']))
])
spec_deployment = client.V1DeploymentSpec(
replicas=deployment_sample_data.replicas,
selector=client.V1LabelSelector(
match_labels={'alicek106_love_is_you':
'ls'}, # Default Label for matching ReplicaSets
),
template=client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels=labels), spec=spec_pod))
deployment_body = client.AppsV1beta1Deployment(kind='Deployment',
metadata=metadata,
spec=spec_deployment)
try:
api_instance.create_namespaced_deployment(
namespace=deployment_sample_data.namespace,
body=deployment_body)
return GeneralError(200, 'success').serialize(), 200
except ApiException as e:
error = json.loads(e.body)
return GeneralError(
409, 'Reason: %s, %s' %
(error['reason'], error['message'])).serialize(), 409
def simple_networkpolicy():
"""Return the Kubernetes config matching the simple-networkpolicy.yaml manifest."""
return client.V1NetworkPolicy(
api_version='networking.k8s.io/v1',
kind='NetworkPolicy',
metadata=client.V1ObjectMeta(name='default-deny'),
spec=client.V1NetworkPolicySpec(
pod_selector=client.V1LabelSelector(),
policy_types=["Egress", "Ingress"],
))
def create_affinity_term(item):
return client.V1WeightedPodAffinityTerm(
weight=item['weight'],
pod_affinity_term=client.V1PodAffinityTerm(
topology_key=item['label'],
namespaces=item['namespaces'],
label_selector=client.V1LabelSelector(match_expressions=[
create_affinity_selector(s) for s in item['selectors']
], ),
))
def generate_deployment_spec(self, pod_template_spec):
return k8s_client.V1Deployment(api_version="apps/v1",
kind="Deployment",
metadata=k8s_client.V1ObjectMeta(
generate_name="fairing-deployer-"),
spec=k8s_client.V1DeploymentSpec(
selector=k8s_client.V1LabelSelector(
match_labels=self.labels, ),
template=pod_template_spec,
))
def create_namespace(self, body, message):
"""
Listen to the `exchange` namespace,
| and create the namespace accordly to the messages.
| Idempotent.
:param body: The message's content.
:type body: dict
:param message: The namespace to create.
:type message: kombu.message.Message
:returns: The creation state
:rtype: bool
"""
payload = client.V1Namespace()
payload.metadata = client.V1ObjectMeta(name=body['namespace'])
core_v1 = client.CoreV1Api()
network_v1 = client.NetworkingV1Api()
policy = client.V1NetworkPolicy(api_version='networking.k8s.io/v1',
kind='NetworkPolicy')
policy.metadata = client.V1ObjectMeta(name='deny-namespaces-traffic',
namespace=body['namespace'])
policy.spec = client.V1NetworkPolicySpec(
pod_selector=client.V1LabelSelector(match_labels={}),
ingress=[
client.V1NetworkPolicyIngressRule(_from=[
client.V1NetworkPolicyPeer(
pod_selector=client.V1LabelSelector())
])
])
#Idempotent
try:
core_v1.create_namespace(payload)
core_v1.patch_namespaced_service_account(
'default', body['namespace'],
{'automount_service_account_token': False})
network_v1.create_namespaced_network_policy(
body['namespace'], policy)
except ApiException as e:
LOGGER.error(e)
if e.status != 409: # 409 == Conclict => Already exist
raise
message.ack()
return True
def test_network_policy_hairpin_traffic(self):
namespace_name, namespace = self.create_namespace()
self.addCleanup(self.delete_namespace, namespace_name)
svc_name, svc_pods = self.create_setup_for_service_test(
namespace=namespace_name, cleanup=False, save=False, pod_num=1)
self.check_service_internal_connectivity(namespace=namespace_name,
pod_num=1,
service_name=svc_name,
pod_name=svc_pods[0])
policy_name = data_utils.rand_name(prefix='kuryr-policy')
np = k8s_client.V1NetworkPolicy(
kind='NetworkPolicy',
api_version='networking.k8s.io/v1',
metadata=k8s_client.V1ObjectMeta(name=policy_name,
namespace=namespace_name),
spec=k8s_client.V1NetworkPolicySpec(
pod_selector=k8s_client.V1LabelSelector(),
policy_types=['Egress', 'Ingress'],
ingress=[
k8s_client.V1NetworkPolicyIngressRule(_from=[
k8s_client.V1NetworkPolicyPeer(
pod_selector=k8s_client.V1LabelSelector(), ),
], ),
],
egress=[
k8s_client.V1NetworkPolicyEgressRule(to=[
k8s_client.V1NetworkPolicyPeer(
pod_selector=k8s_client.V1LabelSelector(), ),
], ),
],
),
)
k8s_client.NetworkingV1Api().create_namespaced_network_policy(
namespace=namespace_name, body=np)
# Just to wait for SGs.
self.get_sg_rules_for_np(namespace_name, policy_name)
self.check_service_internal_connectivity(namespace=namespace_name,
pod_num=1,
service_name=svc_name,
pod_name=svc_pods[0])
def create_deployment(self,
node_name,
deployment_name,
pod_label,
image_name,
container_name,
cpu_requests=None,
cpu_limits=None,
container_port=7000,
env=None,
volume=None):
# Load config from default location
config.load_kube_config()
extension = client.ExtensionsV1beta1Api()
if cpu_limits is None and cpu_requests is None:
container_resource = None
else:
container_resource = client.V1ResourceRequirements(
limits={'cpu': cpu_limits}, requests={'cpu': cpu_requests})
container = client.V1Container(
name=container_name,
image=image_name,
image_pull_policy='IfNotPresent',
ports=[client.V1ContainerPort(container_port=container_port)],
resources=container_resource,
tty=True,
stdin=True,
env=env,
volume_mounts=volume)
# Create and configurate a spec section
template = client.V1PodTemplateSpec(
metadata=client.V1ObjectMeta(labels={"app": pod_label}),
spec=client.V1PodSpec(node_name=node_name, containers=[container]))
selector = client.V1LabelSelector(match_labels={'app': pod_label})
# Create the specification of deployment
spec = client.ExtensionsV1beta1DeploymentSpec(replicas=1,
selector=selector,
template=template)
# Instantiate the deployment object
deployment = client.ExtensionsV1beta1Deployment(
api_version="extensions/v1beta1",
kind="Deployment",
metadata=client.V1ObjectMeta(name=deployment_name),
spec=spec)
# create deployment
extension.create_namespaced_deployment(namespace="default",
body=deployment)
