def login_fn(**kwargs):
proxy = os.environ.get('KUBE_PROXY')
connect_info = kopf.login_via_client(**kwargs)
if proxy:
print('config proxy')
kubernetes.config.load_incluster_config()
config = kubernetes.client.Configuration()
config.proxy = proxy
header: Optional[str] = config.get_api_key_with_prefix('authorization')
parts: Sequence[str] = header.split(' ', 1) if header else []
scheme, token = ((None, None) if len(parts) == 0 else
(None, parts[0]) if len(parts) == 1 else
(parts[0], parts[1]))
return kopf.ConnectionInfo(
server=config.proxy,
# ca_path=config.ssl_ca_cert, # can be a temporary file
insecure=False,
# username=config.username or None, # an empty string when not defined
# password=config.password or None, # an empty string when not defined
scheme='Bear',
token=token,
# certificate_path=config.cert_file, # can be a temporary file
# private_key_path=config.key_file, # can be a temporary file
priority=PRIORITY_OF_CLIENT,
)
else:
return connect_info
def login_handler(**kwargs):
"""
Implements a login handler to make Kopf work outside of a Kubernetes
cluster. Doesn't work without having a proxy connection opened with the
Kubernetes cluster using `kubectl proxy`.
"""
return kopf.ConnectionInfo(server="http://localhost:8001", insecure=True,)
def callback_login(**kwargs: Dict) -> kopf.ConnectionInfo:
"""
Execute the login routine, authenticating the client if needed.
:kwargs (Dict) A dictionary containing optional parameters (for compatibility).
"""
if utils.envvar_bool('AUTH'):
return kopf.ConnectionInfo(
server=os.environ.get('KUBERNETES_PORT').replace('tcp', 'https'),
ca_path='/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
scheme='Bearer',
token=open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r").read()
)
# Black magic here, don't ask why the second does not work
# Or look it out yourself, but be aware that you might encounter elves and dragons along the way...
return kopf.login_via_client(**kwargs)
async def login_fn(**kwargs):
print('Logging in in 2s...')
await asyncio.sleep(2.0)
# An equivalent of kopf.login_via_pykube(), but shrinked for demo purposes.
config = pykube.KubeConfig.from_env()
ca = config.cluster.get('certificate-authority')
cert = config.user.get('client-certificate')
pkey = config.user.get('client-key')
return kopf.ConnectionInfo(
server=config.cluster.get('server'),
ca_path=ca.filename() if ca else None, # can be a temporary file
insecure=config.cluster.get('insecure-skip-tls-verify'),
username=config.user.get('username'),
password=config.user.get('password'),
token=config.user.get('token'),
certificate_path=cert.filename() if cert else None, # can be a temporary file
private_key_path=pkey.filename() if pkey else None, # can be a temporary file
default_namespace=config.namespace,
)
async def login_fn(**kwargs):
await asyncio.sleep(2.0)
return kopf.ConnectionInfo(server='http://localhost:8001', insecure=True)