def build_k8s_config(config_path): cluster_path = os.path.join(config_path, "cluster.yaml") if not os.path.isfile(cluster_path): cluster_path = os.path.join(config_path, STATUS_YAML) with open(cluster_path) as f: cluster_config = yaml.full_load(f) config = Configuration() infra_host = find_infra_node_name(cluster_config["machines"]) if os.path.isfile(cluster_path): config.host = "https://%s.%s:1443" % ( infra_host, cluster_config["network"]["domain"]) basic_auth = cluster_config["basic_auth"] else: config.host = cluster_config["machines"][infra_host]["fqdns"] with open(os.path.join(config_path, "clusterID", "k8s_basic_auth.yml")) as auf: basic_auth = yaml.safe_load(auf)["basic_auth"] config.username = basic_auth.split(",")[1] config.password = basic_auth.split(",")[0] bearer = "%s:%s" % (config.username, config.password) encoded = base64.b64encode(bearer.encode("utf-8")).decode("utf-8") config.api_key["authorization"] = "Basic " + encoded config.ssl_ca_cert = os.path.join(config_path, "ssl/apiserver/ca.pem") return config
def _get_api(cluster): """ Get custom objects api associated with a cluster specifier. """ if cluster is None: load_incluster_config() api = CustomObjectsApi() elif cluster == 'remote_transcode': host = os.getenv('REMOTE_TRANSCODE_HOST') port = os.getenv('REMOTE_TRANSCODE_PORT') token = os.getenv('REMOTE_TRANSCODE_TOKEN') cert = os.getenv('REMOTE_TRANSCODE_CERT') conf = Configuration() conf.api_key['authorization'] = token conf.host = f'https://{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) api = CustomObjectsApi(api_client) else: cluster_obj = JobCluster.objects.get(pk=cluster) host = cluster_obj.host port = cluster_obj.port token = cluster_obj.token fd, cert = tempfile.mkstemp(text=True) with open(fd, 'w') as f: f.write(cluster_obj.cert) conf = Configuration() conf.api_key['authorization'] = token conf.host = f'https://{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) api = CustomObjectsApi(api_client) return api
def connect(): config_file = None if os.environ.get('RD_CONFIG_ENV') == 'incluster': config.load_incluster_config() return if os.environ.get('RD_CONFIG_CONFIG_FILE'): config_file = os.environ.get('RD_CONFIG_CONFIG_FILE') url = None if os.environ.get('RD_CONFIG_URL'): url = os.environ.get('RD_CONFIG_URL') verify_ssl = None if os.environ.get('RD_CONFIG_VERIFY_SSL'): verify_ssl = os.environ.get('RD_CONFIG_VERIFY_SSL') ssl_ca_cert = None if os.environ.get('RD_CONFIG_SSL_CA_CERT'): ssl_ca_cert = os.environ.get('RD_CONFIG_SSL_CA_CERT') token = None if os.environ.get('RD_CONFIG_TOKEN'): token = os.environ.get('RD_CONFIG_TOKEN') log.debug("config file") log.debug(config_file) log.debug("-------------------") if config_file: log.debug("getting settings from file %s" % config_file) config.load_kube_config(config_file=config_file) else: if url: log.debug("getting settings from pluing configuration") configuration = Configuration() configuration.host = url if verify_ssl == 'true': configuration.verify_ssl = verify_ssl else: configuration.verify_ssl = None if ssl_ca_cert: configuration.ssl_ca_cert = ssl_ca_cert configuration.api_key['authorization'] = token configuration.api_key_prefix['authorization'] = 'Bearer' client.Configuration.set_default(configuration) else: log.debug("getting from default config file") config.load_kube_config() c = Configuration() c.assert_hostname = False Configuration.set_default(c)
def _set_config(self): configuration = Configuration() configuration.host = CniService.config.host configuration.ssl_ca_cert = CniService.ssl_ca_cert configuration.api_key['authorization'] = CniService.config.api_key[ 'authorization'] Configuration.set_default(configuration)
def mock_kube_get_kubernetes_config(obj): config = Configuration() config.host = FAKE_API_ENDPOINT config.ssl_ca_cert = self.ssl_ca_file.name config.cert_file = self.cert_file.name config.key_file = self.key_file.name return config
def __init__(self): """ Intializes the connection. If environment variables for remote transcode are defined, connect to that cluster. """ host = os.getenv('REMOTE_TRANSCODE_HOST') port = os.getenv('REMOTE_TRANSCODE_PORT') token = os.getenv('REMOTE_TRANSCODE_TOKEN') cert = os.getenv('REMOTE_TRANSCODE_CERT') self.remote = host is not None if self.remote: conf = Configuration() conf.api_key['authorization'] = token conf.host = f'https://{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) self.corev1 = CoreV1Api(api_client) self.custom = CustomObjectsApi(api_client) else: load_incluster_config() self.corev1 = CoreV1Api() self.custom = CustomObjectsApi() self.setup_common_steps()
def build_client(self): configuration = Configuration() configuration.api_key['authorization'] = "Bearer {}".format(self.auth_info['K8S-Token']) configuration.host = self.auth_info['K8S-Endpoint'] configuration.verify_ssl = self._verify_ssl api_client = ApiClient(configuration) return K8sClient(api_client)
def __init__(self, alg): """ Intializes the connection. If algorithm object includes a remote cluster, use that. Otherwise, use this cluster. """ if alg.cluster: host = alg.cluster.host port = alg.cluster.port token = alg.cluster.token fd, cert = tempfile.mkstemp(text=True) with open(fd, 'w') as f: f.write(alg.cluster.cert) conf = Configuration() conf.api_key['authorization'] = token conf.host = f'{PROTO}{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) self.corev1 = CoreV1Api(api_client) self.custom = CustomObjectsApi(api_client) else: load_incluster_config() self.corev1 = CoreV1Api() self.custom = CustomObjectsApi() # Read in the manifest. if alg.manifest: self.manifest = yaml.safe_load(alg.manifest.open(mode='r')) # Save off the algorithm. self.alg = alg
def client(self): configuration = Configuration() configuration.api_key['authorization'] = "Bearer {}".format( self.headers['K8S-Token']) configuration.host = self.headers['K8S-Endpoint'] configuration.verify_ssl = self._verify_ssl api_client = ApiClient(configuration) return CoreV1Api(api_client)
def set_config(self): configuration = Configuration() configuration.api_key["authorization"] = self.get_access_token() configuration.api_key_prefix["authorization"] = "Bearer" configuration.host = os.environ.get("GKE_MASTER_SERVER") configuration.verify_ssl = False configuration.assert_hostname = False Configuration.set_default(configuration)
def get_api_client(self): configuration = Configuration() configuration.verify_ssl = False configuration.host = self.cluster.api configuration.api_key['authorization'] = self.cluster.token configuration.api_key_prefix['authorization'] = 'Bearer' api_client = ApiClient(configuration) return api_client
def get_rest_client(self): configuration = Configuration() configuration.verify_ssl = False configuration.host = self.cluster.api configuration.api_key['authorization'] = self.cluster.token configuration.api_key_prefix['authorization'] = 'Bearer' rest_client = RESTClientObject(configuration) return rest_client
def get_config(cluster): ''' :param cluster: k8s集群的配置对象 :return: 返回一个config对象 ''' configuration = Configuration() configuration.verify_ssl = False configuration.host = cluster.api configuration.api_key['authorization'] = cluster.token configuration.api_key_prefix['authorization'] = 'Bearer' return configuration
def __init__(self, websocket, **kwargs): self.websocket = websocket self.cols = int(kwargs.get('cols', 80)) self.rows = int(kwargs.get('rows', 24)) self.need_auth = bool(kwargs.get('need_auth', True)) self.auth_ok = not self.need_auth conf = Configuration() conf.host = KUBERNETES_API_SERVER_URL conf.verify_ssl = False conf.api_key = {"authorization": "Bearer " + KUBERNETES_CLUSTER_TOKEN} self.api_client = core_v1_api.CoreV1Api(ApiClient(conf)) self.api_response = None
def connect(): config_file = None if os.environ.get('RD_CONFIG_ENV') == 'incluster': config.load_incluster_config() return if os.environ.get('RD_CONFIG_CONFIG_FILE'): config_file = os.environ.get('RD_CONFIG_CONFIG_FILE') elif os.environ.get('RD_NODE_KUBERNETES_CONFIG_FILE'): config_file = os.environ.get('RD_NODE_KUBERNETES_CONFIG_FILE') verify_ssl = os.environ.get('RD_CONFIG_VERIFY_SSL') ssl_ca_cert = os.environ.get('RD_CONFIG_SSL_CA_CERT') url = os.environ.get('RD_CONFIG_URL') token = os.environ.get('RD_CONFIG_TOKEN') if not token: token = os.environ.get('RD_CONFIG_TOKEN_STORAGE_PATH') log.debug("config file") log.debug(config_file) log.debug("-------------------") if config_file: log.debug("getting settings from file %s", config_file) config.load_kube_config(config_file=config_file) else: if url and token: log.debug("getting settings from plugin configuration") configuration = Configuration() configuration.host = url if verify_ssl == 'true': configuration.verify_ssl = verify_ssl else: configuration.verify_ssl = None configuration.assert_hostname = False if ssl_ca_cert: configuration.ssl_ca_cert = ssl_ca_cert configuration.api_key['authorization'] = token configuration.api_key_prefix['authorization'] = 'Bearer' client.Configuration.set_default(configuration) else: log.debug( "Either URL or Token is not defined. Fall back to getting settings from default config file [$home/.kube/config]" ) config.load_kube_config()
def get_api_client(): proxy_url = os.getenv('HTTP_PROXY', None) if proxy_url: print("Setting proxy: {}".format(proxy_url)) my_api_config = Configuration() my_api_config.host = proxy_url my_api_config.proxy = proxy_url my_api_config = client.ApiClient(my_api_config) else: config.load_kube_config() my_api_config = client.ApiClient() return my_api_config
def setup_collector(): kube_config = Configuration() kube_config.host = "https://localhost:3000" kube_config.verify_ssl = False dyn_client = DynamicClient(ApiClient(configuration=kube_config)) username = "******" token = "gittoken" git_api = "localhost:3000" namespaces = ( "basic-nginx-build,basic-nginx-dev,basic-nginx-stage,basic-nginx-prod". split(",")) apps = None tls_verify = False return GitHubCommitCollector(dyn_client, username, token, namespaces, apps, git_api, tls_verify)
def _set_config(self, refresh_token): configuration = Configuration() configuration.host = self.host configuration.ssl_ca_cert = self.ssl_ca_cert configuration.api_key['authorization'] = "bearer " + self.token Configuration.set_default(configuration) if not refresh_token: return def wrap(f): in_cluster_config = self def wrapped(self, identifier): if identifier == 'authorization' and identifier in self.api_key and in_cluster_config.token_expires_at <= datetime.datetime.now(): in_cluster_config._read_token_file() self.api_key[identifier] = "bearer " + in_cluster_config.token return f(self, identifier) return wrapped Configuration.get_api_key_with_prefix = wrap(Configuration.get_api_key_with_prefix)
def init_k8s_client(kube_context: str) -> client.CoreV1Api: env = os.environ if kube_context: # config.load_kube_config() config.load_kube_config(kube_context) configuration = Configuration() configuration.verify_ssl = bool( strtobool((env.get("KUBERNETES_VERIFY_SSL", "false")))) api_client = client.ApiClient(configuration) return client.CoreV1Api(api_client) elif env.get("CHAOSTOOLKIT_IN_POD") == "true": config.load_incluster_config() proxy_url = os.getenv('HTTP_PROXY', None) if proxy_url: configuration = Configuration() configuration.proxy = proxy_url api_client = client.ApiClient(configuration) return client.CoreV1Api(api_client) else: api = client.ApiClient() return client.CoreV1Api(api) else: configuration = client.Configuration() configuration.debug = True configuration.host = os.environ.get("KUBERNETES_HOST", "http://localhost") configuration.verify_ssl = bool( strtobool((env.get("KUBERNETES_VERIFY_SSL", "false")))) configuration.cert_file = os.environ.get("KUBERNETES_CA_CERT_FILE") if "KUBERNETES_CERT_FILE" in env: configuration.cert_file = os.environ.get( "KUBERNETES_CERT_FILE") configuration.key_file = os.environ.get("KUBERNETES_KEY_FILE") elif "KUBERNETES_USERNAME" in env: configuration.username = os.environ.get("KUBERNETES_USERNAME") configuration.password = os.environ.get( "KUBERNETES_PASSWORD", "") proxy_url = os.getenv('HTTP_PROXY', None) if proxy_url: configuration.proxy = proxy_url api = client.ApiClient(configuration) return client.CoreV1Api(api)
def __init__(self, alg): """ Intializes the connection. If algorithm object includes a remote cluster, use that. Otherwise, use this cluster. """ if alg.cluster: host = alg.cluster.host port = alg.cluster.port token = alg.cluster.token fd, cert = tempfile.mkstemp(text=True) with open(fd, 'w') as f: f.write(alg.cluster.cert) conf = Configuration() conf.api_key['authorization'] = token conf.host = f'{PROTO}{host}:{port}' conf.verify_ssl = True conf.ssl_ca_cert = cert api_client = ApiClient(conf) self.corev1 = CoreV1Api(api_client) self.custom = CustomObjectsApi(api_client) else: load_incluster_config() self.corev1 = CoreV1Api() self.custom = CustomObjectsApi() # Read in the manifest. if alg.manifest: self.manifest = yaml.safe_load(alg.manifest.open(mode='r')) if 'volumeClaimTemplates' in self.manifest['spec']: for claim in self.manifest['spec']['volumeClaimTemplates']: storage_class_name = claim['spec'].get( 'storageClassName', None) if storage_class_name is None: claim['storageClassName'] = os.getenv( 'WORKFLOW_STORAGE_CLASS') logger.warning( f"Implicitly sc to pvc of Algo:{alg.pk}") # Save off the algorithm. self.alg = alg
def load_kubernetes_config(): """ dynamic load config file :return: """ # use kube config default location while there are no ENVIRONMENTS about kubernetes config try: if KUBE_HOST is not None: from kubernetes.client import Configuration configuration = Configuration() configuration.host = KUBE_HOST configuration.verify_ssl = False Configuration.set_default(configuration) return config.load_kube_config() if KUBE_CONFIG_FILE is not None: config.load_kube_config(KUBE_CONFIG_FILE) except FileNotFoundError as e: raise Exception(str(e), 500)
def create_pull_secrets(): if create_missing_pull_secrets_str.lower() != 'true': return None k8s_config = Configuration() k8s_config.host = kubernetes_api_endpoint k8s_api_client = ApiClient(configuration=k8s_config) v1 = k8sclient.CoreV1Api(api_client=k8s_api_client) namespaces = v1.list_namespace() for namespace in namespaces.items: ns_secrets = v1.list_namespaced_secret(namespace.metadata.name) has_ecr_secret = [ x for x in ns_secrets.items if x.metadata.name == pull_secret_name ] if not has_ecr_secret: k8s_secret = {'server': {'username': '******', 'password': '******'}} b64_k8s_secret = base64.b64encode( json.dumps(k8s_secret).encode('utf-8')).decode('utf-8') secret_body = { 'kind': 'Secret', 'apiVersion': 'v1', 'metadata': { 'name': pull_secret_name, 'creationTimestamp': None }, 'data': { '.dockerconfigjson': b64_k8s_secret }, 'type': 'kubernetes.io/dockerconfigjson' } logger.info('Creating secret %s in namespace %s', pull_secret_name, namespace.metadata.name) try: v1.create_namespaced_secret(namespace.metadata.name, secret_body) except ApiException: logger.exception('Could not create secret %s in namespace %s', pull_secret_name, namespace.metadata.name)
def _set_config(self): configuration = Configuration() configuration.host = self.host configuration.ssl_ca_cert = self.ssl_ca_cert configuration.api_key['authorization'] = "bearer " + self.token Configuration.set_default(configuration)
def update_ecr(): print('starting update loop') client = boto3.client('ecr') response = client.get_authorization_token() token = response['authorizationData'][0]['authorizationToken'] server = response['authorizationData'][0]['proxyEndpoint'] decoded_token = base64.b64decode(token) registry_username = decoded_token.split(':')[0] registry_password = decoded_token.split(':')[1] k8sconfig = Configuration() k8sconfig.host = "localhost:8001" myapiclient = ApiClient(config=k8sconfig) v1 = k8sclient.CoreV1Api(api_client=myapiclient) secrets = v1.list_secret_for_all_namespaces() registry_secrets = [ x for x in secrets._items if x.metadata.name == pull_secret_name ] print('pull secret name to search for: ' + pull_secret_name) print('found {} registry_secrets matching name'.format( str(len(registry_secrets)))) for secret in registry_secrets: secret_name = secret.metadata.name if secret.type == 'kubernetes.io/dockercfg': print('Updating secret {} (type kubernetes.io/dockercfg)'.format( secret_name)) k8s_secret = { server: { "username": registry_username, "password": registry_password } } body = { "kind": "Secret", "apiVersion": "v1", "metadata": { "name": "ecr", "creationTimestamp": None }, "data": { ".dockercfg": base64.b64encode(bytes(json.dumps(k8s_secret)), 'utf-8') }, "type": "kubernetes.io/dockercfg" } res = v1.patch_namespaced_secret(secret.metadata.name, secret.metadata.namespace, body) elif secret.type == 'kubernetes.io/dockerconfigjson': print('Updating secret {} (type kubernetes.io/dockerconfigjson)'. format(secret_name)) k8s_secret = { 'auths': { server: { "username": registry_username, "password": registry_password } } } body = { "kind": "Secret", "apiVersion": "v1", "metadata": { "name": "ecr", "creationTimestamp": None }, "data": { ".dockerconfigjson": base64.b64encode(bytes(json.dumps(k8s_secret)), 'utf-8') }, "type": "kubernetes.io/dockerconfigjson" } res = v1.patch_namespaced_secret(secret.metadata.name, secret.metadata.namespace, body) else: print('Unknown secret type for secret {}: {}'.format( secret_name, secret.type))
def get_kubernetes_api_client(): conf = Configuration() conf.host = KUBERNETES_API_SERVER_URL conf.verify_ssl = False conf.api_key = {"authorization": "Bearer " + KUBERNETES_CLUSTER_TOKEN} return ApiClient(conf)
import time from yaml import load as load_yaml from flask import Flask from json import dumps from kubernetes import client from kubernetes.client import Configuration, ApiClient from kubernetes.client.rest import ApiException app = Flask(__name__) k8s_local_config = Configuration() k8s_local_config.host = "localhost:8001" k8s_local_client = ApiClient(config=k8s_local_config) batch_api = client.BatchV1Api(api_client=k8s_local_client) @app.route('/trigger-job', methods=['POST']) def trigger_job(): print('trigger-job') with open('job-template.yaml', 'r') as yaml_file: job_spec = load_yaml(yaml_file) job_spec['metadata']['name'] = 'job-%s' % int(time.time() * 1000) try: batch_api.create_namespaced_job('default', job_spec) return dumps({'result': job_spec['metadata']['name']}), 200, { "Content-Type": "application/json"
def update_ecr(): logger.info('Starting ECR secret update loop ..') client = boto3.client('ecr') response = client.get_authorization_token() token = response['authorizationData'][0]['authorizationToken'] server = response['authorizationData'][0]['proxyEndpoint'] bare_server = server.replace('https://', '') decoded_token = base64.b64decode(token).decode('utf-8') registry_username = decoded_token.split(':')[0] registry_password = decoded_token.split(':')[1] k8s_config = Configuration() k8s_config.host = kubernetes_api_endpoint k8s_api_client = ApiClient(configuration=k8s_config) v1 = k8sclient.CoreV1Api(api_client=k8s_api_client) secrets = v1.list_secret_for_all_namespaces() registry_secrets = [ x for x in secrets.items if x.metadata.name == pull_secret_name ] logger.info('Found %s registry_secrets matching name %s', len(registry_secrets), pull_secret_name) for secret in registry_secrets: secret_name = secret.metadata.name if secret.type == 'kubernetes.io/dockercfg': logger.info( 'Updating secret %s (type kubernetes.io/dockercfg) in namespace %s', secret_name, secret.metadata.namespace) k8s_secret = { server: { 'username': registry_username, 'password': registry_password } } b64_k8s_secret = base64.b64encode( json.dumps(k8s_secret).encode('utf-8')).decode('utf-8') body = { 'kind': 'Secret', 'apiVersion': 'v1', 'metadata': { 'name': pull_secret_name, 'creationTimestamp': None }, 'data': { '.dockercfg': b64_k8s_secret }, 'type': 'kubernetes.io/dockercfg' } res = v1.patch_namespaced_secret(secret.metadata.name, secret.metadata.namespace, body) elif secret.type == 'kubernetes.io/dockerconfigjson': logger.info( 'Updating secret %s (type kubernetes.io/dockerconfigjson) in namespace %s', secret_name, secret.metadata.namespace) k8s_secret = { 'auths': { bare_server: { 'username': registry_username, 'password': registry_password } } } b64_k8s_secret = base64.b64encode( json.dumps(k8s_secret).encode('utf-8')).decode('utf-8') body = { 'kind': 'Secret', 'apiVersion': 'v1', 'metadata': { 'name': pull_secret_name, 'creationTimestamp': None }, 'data': { '.dockerconfigjson': b64_k8s_secret }, 'type': 'kubernetes.io/dockerconfigjson' } res = v1.patch_namespaced_secret(secret.metadata.name, secret.metadata.namespace, body) else: logger.warning('Unknown secret type for secret name %s: %s'.format( secret_name, secret.type))
def __init__(self, cluster_spec, cluster_conf=None, kubeconfig=None, kubeconfig_context=None, cephfs=False, cephfs_volume_size=None, cvmfs=False, debug=False, url=None): """Initialise Kubernetes specific ReanaBackend-object. :param cluster_spec: Dictionary representing complete REANA cluster spec file. :param cluster_conf: A generator/iterable of Kubernetes YAML manifests of REANA components as Python objects. If set to `None` cluster_conf will be generated from manifest templates in `templates` folder specified in `_conf.templates_folder` :param kubeconfig: Name of the kube-config file to use for configuring reana-cluster. If set to `None` then `$HOME/.kube/config` will be used. Note: Might pickup a config-file defined in $KUBECONFIG as well. :param kubeconfig_context: set the active context. If is set to `None`, current_context from config file will be used. :param cephfs: Boolean flag toggling the usage of a cephfs volume as storage backend. :param cephfs_volume_size: Int number which represents cephfs volume size (GB) :param cvmfs: Boolean flag toggling the mounting of cvmfs volumes in the cluster pods. :param debug: Boolean flag setting debug mode. :param url: REANA cluster url. """ logging.debug('Creating a ReanaBackend object ' 'for Kubernetes interaction.') # Load Kubernetes cluster configuration. If reana-cluster.yaml # doesn't specify this K8S Python API defaults to '$HOME/.kube/config' self.kubeconfig = kubeconfig or \ cluster_spec['cluster'].get('config', None) self.kubeconfig_context = kubeconfig_context or \ cluster_spec['cluster'].get('config_context', None) k8s_api_client_config = Configuration() if cluster_spec['cluster'].get('kubeproxy', None): k8s_api_client_config.host = cluster_spec['cluster'].get( 'kubeproxy') else: k8s_config.load_kube_config(kubeconfig, self.kubeconfig_context, k8s_api_client_config) Configuration.set_default(k8s_api_client_config) # Instantiate clients for various Kubernetes REST APIs self._corev1api = k8s_client.CoreV1Api() self._versionapi = k8s_client.VersionApi() self._extbetav1api = k8s_client.ExtensionsV1beta1Api() self._rbacauthorizationv1api = k8s_client.RbacAuthorizationV1Api() self._storagev1api = k8s_client.StorageV1Api() self.k8s_api_client_config = k8s_api_client_config self.cluster_spec = cluster_spec self.cluster_conf = cluster_conf or \ self.generate_configuration(cluster_spec, cephfs=cephfs, cephfs_volume_size=cephfs_volume_size, debug=debug, url=url)
def _set_config(self): configuration = Configuration() configuration.host = self.host configuration.ssl_ca_cert = self.ssl_ca_cert configuration.api_key['authorization'] = "bearer " + self.token Configuration.set_default(configuration)