Example 1 with Server
use of io.fabric8.insight.metrics.model.Server in project camel by apache.
the class KubernetesReplicationControllersProducerTest method createScaleAndDeleteReplicationController.
@Test
public void createScaleAndDeleteReplicationController() throws Exception {
if (ObjectHelper.isEmpty(authToken)) {
return;
}
Exchange ex = template.request("direct:createReplicationController", new Processor() {
@Override
public void process(Exchange exchange) throws Exception {
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_NAMESPACE_NAME, "default");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_NAME, "test");
Map<String, String> labels = new HashMap<String, String>();
labels.put("this", "rocks");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLERS_LABELS, labels);
ReplicationControllerSpec rcSpec = new ReplicationControllerSpec();
rcSpec.setReplicas(1);
PodTemplateSpecBuilder builder = new PodTemplateSpecBuilder();
PodTemplateSpec t = builder.withNewMetadata().withName("nginx-template").addToLabels("server", "nginx").endMetadata().withNewSpec().addNewContainer().withName("wildfly").withImage("jboss/wildfly").addNewPort().withContainerPort(80).endPort().endContainer().endSpec().build();
rcSpec.setTemplate(t);
Map<String, String> selectorMap = new HashMap<String, String>();
selectorMap.put("server", "nginx");
rcSpec.setSelector(selectorMap);
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_SPEC, rcSpec);
}
});
ReplicationController rc = ex.getOut().getBody(ReplicationController.class);
assertEquals(rc.getMetadata().getName(), "test");
ex = template.request("direct:scaleReplicationController", new Processor() {
@Override
public void process(Exchange exchange) throws Exception {
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_NAMESPACE_NAME, "default");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_NAME, "test");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_REPLICAS, 2);
}
});
Thread.sleep(10000);
Integer replicas = ex.getOut().getBody(Integer.class);
assertTrue(replicas == 2);
ex = template.request("direct:deleteReplicationController", new Processor() {
@Override
public void process(Exchange exchange) throws Exception {
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_NAMESPACE_NAME, "default");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_NAME, "test");
}
});
boolean rcDeleted = ex.getOut().getBody(Boolean.class);
assertTrue(rcDeleted);
}
Also used :
Processor(org.apache.camel.Processor)
Exchange(org.apache.camel.Exchange)
PodTemplateSpec(io.fabric8.kubernetes.api.model.PodTemplateSpec)
PodTemplateSpecBuilder(io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder)
ReplicationController(io.fabric8.kubernetes.api.model.ReplicationController)
HashMap(java.util.HashMap)
Map(java.util.Map)
ReplicationControllerSpec(io.fabric8.kubernetes.api.model.ReplicationControllerSpec)
Test(org.junit.Test)
Example 2 with Server
use of io.fabric8.insight.metrics.model.Server in project camel by apache.
the class KubernetesReplicationControllersProducerTest method createAndDeleteReplicationController.
@Test
public void createAndDeleteReplicationController() throws Exception {
if (ObjectHelper.isEmpty(authToken)) {
return;
}
Exchange ex = template.request("direct:createReplicationController", new Processor() {
@Override
public void process(Exchange exchange) throws Exception {
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_NAMESPACE_NAME, "default");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_NAME, "test");
Map<String, String> labels = new HashMap<String, String>();
labels.put("this", "rocks");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLERS_LABELS, labels);
ReplicationControllerSpec rcSpec = new ReplicationControllerSpec();
rcSpec.setReplicas(2);
PodTemplateSpecBuilder builder = new PodTemplateSpecBuilder();
PodTemplateSpec t = builder.withNewMetadata().withName("nginx-template").addToLabels("server", "nginx").endMetadata().withNewSpec().addNewContainer().withName("wildfly").withImage("jboss/wildfly").addNewPort().withContainerPort(80).endPort().endContainer().endSpec().build();
rcSpec.setTemplate(t);
Map<String, String> selectorMap = new HashMap<String, String>();
selectorMap.put("server", "nginx");
rcSpec.setSelector(selectorMap);
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_SPEC, rcSpec);
}
});
ReplicationController rc = ex.getOut().getBody(ReplicationController.class);
assertEquals(rc.getMetadata().getName(), "test");
ex = template.request("direct:deleteReplicationController", new Processor() {
@Override
public void process(Exchange exchange) throws Exception {
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_NAMESPACE_NAME, "default");
exchange.getIn().setHeader(KubernetesConstants.KUBERNETES_REPLICATION_CONTROLLER_NAME, "test");
}
});
boolean rcDeleted = ex.getOut().getBody(Boolean.class);
assertTrue(rcDeleted);
}
Also used :
Exchange(org.apache.camel.Exchange)
PodTemplateSpec(io.fabric8.kubernetes.api.model.PodTemplateSpec)
Processor(org.apache.camel.Processor)
PodTemplateSpecBuilder(io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder)
ReplicationController(io.fabric8.kubernetes.api.model.ReplicationController)
HashMap(java.util.HashMap)
Map(java.util.Map)
ReplicationControllerSpec(io.fabric8.kubernetes.api.model.ReplicationControllerSpec)
Test(org.junit.Test)
Example 3 with Server
use of io.fabric8.insight.metrics.model.Server in project curiostack by curioswitch.
the class DeployPodTask method exec.
@TaskAction
public void exec() {
ImmutableDeploymentExtension config = getProject().getExtensions().getByType(DeploymentExtension.class);
final ImmutableDeploymentConfiguration deploymentConfig = config.getTypes().getByName(type);
ImmutableGcloudExtension gcloud = getProject().getRootProject().getExtensions().getByType(GcloudExtension.class);
ImmutableList.Builder<EnvVar> envVars = ImmutableList.<EnvVar>builder().addAll(deploymentConfig.envVars().entrySet().stream().map((entry) -> new EnvVar(entry.getKey(), entry.getValue(), null))::iterator).addAll(deploymentConfig.secretEnvVars().entrySet().stream().map((entry) -> new EnvVar(entry.getKey(), null, new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelectorBuilder().withName(entry.getValue().get(0)).withKey(entry.getValue().get(1)).build()).build()))::iterator);
if (!deploymentConfig.envVars().containsKey("JAVA_OPTS")) {
int heapSize = deploymentConfig.jvmHeapMb();
StringBuilder javaOpts = new StringBuilder();
javaOpts.append("--add-opens java.base/jdk.internal.misc=ALL-UNNAMED ").append("--add-opens jdk.unsupported/sun.misc=ALL-UNNAMED ").append("-Xms").append(heapSize).append("m ").append("-Xmx").append(heapSize).append("m ").append("-Dconfig.resource=application-").append(type).append(".conf ").append("-Dmonitoring.stackdriverProjectId=").append(gcloud.clusterProject()).append(" ").append("-Dmonitoring.serverName=").append(deploymentConfig.deploymentName()).append(" ");
if (!deploymentConfig.request()) {
int numCpus = (int) Math.ceil(Double.parseDouble(deploymentConfig.cpu()));
int numWorkers = numCpus * 2;
javaOpts.append("-XX:ParallelGCThreads=").append(numCpus).append(" ").append("-Dcom.linecorp.armeria.numCommonWorkers=").append(numWorkers).append(" ").append("-Dio.netty.availableProcessors=").append(numCpus).append(" ");
}
if (!type.equals("prod")) {
javaOpts.append("-Dcom.linecorp.armeria.verboseExceptions=true ");
}
envVars.add(new EnvVar("JAVA_OPTS", javaOpts.toString(), null));
}
Map<String, Quantity> resources = ImmutableMap.of("cpu", new Quantity(deploymentConfig.cpu()), "memory", new Quantity(deploymentConfig.memoryMb() + "Mi"));
Deployment deployment = new DeploymentBuilder().withMetadata(new ObjectMetaBuilder().withNamespace(deploymentConfig.namespace()).withName(deploymentConfig.deploymentName()).build()).withSpec(new DeploymentSpecBuilder().withReplicas(deploymentConfig.replicas()).withStrategy(new DeploymentStrategyBuilder().withType("RollingUpdate").withRollingUpdate(new RollingUpdateDeploymentBuilder().withNewMaxUnavailable(0).build()).build()).withSelector(new LabelSelectorBuilder().withMatchLabels(ImmutableMap.of("name", deploymentConfig.deploymentName())).build()).withTemplate(new PodTemplateSpecBuilder().withMetadata(new ObjectMetaBuilder().withLabels(ImmutableMap.of("name", deploymentConfig.deploymentName(), "revision", System.getenv().getOrDefault("REVISION_ID", "none"))).withAnnotations(ImmutableMap.<String, String>builder().put("prometheus.io/scrape", "true").put("prometheus.io/scheme", "https").put("prometheus.io/path", "/internal/metrics").put("prometheus.io/port", String.valueOf(deploymentConfig.containerPort())).build()).build()).withSpec(new PodSpecBuilder().withContainers(new ContainerBuilder().withResources(new ResourceRequirementsBuilder().withLimits(!deploymentConfig.request() ? resources : ImmutableMap.of()).withRequests(deploymentConfig.request() ? resources : ImmutableMap.of()).build()).withImage(deploymentConfig.image()).withName(deploymentConfig.deploymentName()).withEnv(envVars.build()).withImagePullPolicy("Always").withReadinessProbe(createProbe(deploymentConfig, Duration.ofSeconds(5))).withLivenessProbe(createProbe(deploymentConfig, Duration.ofSeconds(15))).withPorts(ImmutableList.of(new ContainerPortBuilder().withContainerPort(deploymentConfig.containerPort()).withName("http").build())).withVolumeMounts(new VolumeMountBuilder().withName("tls").withMountPath("/etc/tls").withReadOnly(true).build(), new VolumeMountBuilder().withName("rpcacls").withMountPath("/etc/rpcacls").withReadOnly(true).build()).build()).withVolumes(new VolumeBuilder().withName("tls").withSecret(new SecretVolumeSourceBuilder().withSecretName("server-tls").build()).build(), new VolumeBuilder().withName("rpcacls").withConfigMap(new ConfigMapVolumeSourceBuilder().withName("rpcacls").build()).build()).build()).build()).build()).build();
KubernetesClient client = new DefaultKubernetesClient();
Service service = new ServiceBuilder().withMetadata(new ObjectMetaBuilder().withName(deploymentConfig.deploymentName()).withNamespace(deploymentConfig.namespace()).withAnnotations(ImmutableMap.<String, String>builder().put("service.alpha.kubernetes.io/app-protocols", "{\"https\":\"HTTPS\"}").put("prometheus.io/scrape", "true").put("prometheus.io/scheme", "https").put("prometheus.io/path", "/internal/metrics").put("prometheus.io/port", String.valueOf(deploymentConfig.containerPort())).put("prometheus.io/probe", "true").build()).build()).withSpec(createServiceSpec(deploymentConfig)).build();
Map<String, Service> additionalServices = new HashMap<>();
for (String path : deploymentConfig.additionalServicePaths()) {
String sanitizedPath = path;
if (sanitizedPath.endsWith("/*")) {
sanitizedPath = sanitizedPath.substring(0, path.length() - 2);
}
String serviceName = deploymentConfig.deploymentName() + sanitizedPath.replace('/', '-');
additionalServices.put(path, new ServiceBuilder().withMetadata(new ObjectMetaBuilder().withName(serviceName).withNamespace(deploymentConfig.namespace()).withAnnotations(ImmutableMap.of("service.alpha.kubernetes.io/app-protocols", "{\"https\":\"HTTPS\"}")).build()).withSpec(createServiceSpec(deploymentConfig)).build());
}
client.resource(deployment).createOrReplace();
deployService(service, client);
additionalServices.values().forEach(s -> deployService(s, client));
if (deploymentConfig.externalHost() != null) {
List<HTTPIngressPath> ingressPaths = new ArrayList<>();
additionalServices.forEach((path, s) -> ingressPaths.add(createIngressPath(path, s.getMetadata().getName(), deploymentConfig)));
ingressPaths.add(createIngressPath("/*", deploymentConfig.deploymentName(), deploymentConfig));
Ingress ingress = new IngressBuilder().withMetadata(new ObjectMetaBuilder().withNamespace(deploymentConfig.namespace()).withName(deploymentConfig.deploymentName()).withAnnotations(ImmutableMap.of("kubernetes.io/tls-acme", "true", "kubernetes.io/ingress.class", "gce")).build()).withSpec(new IngressSpecBuilder().withTls(new IngressTLSBuilder().withSecretName(deploymentConfig.deploymentName() + "-tls").withHosts(deploymentConfig.externalHost()).build()).withRules(new IngressRuleBuilder().withHost(deploymentConfig.externalHost()).withHttp(new HTTPIngressRuleValueBuilder().withPaths(ingressPaths).build()).build()).build()).build();
client.resource(ingress).createOrReplace();
}
}
Also used :
Quantity(io.fabric8.kubernetes.api.model.Quantity)
ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
IngressRuleBuilder(io.fabric8.kubernetes.api.model.extensions.IngressRuleBuilder)
Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment)
ImmutableDeploymentExtension(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension)
ImmutableDeploymentConfiguration(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension.ImmutableDeploymentConfiguration)
TaskAction(org.gradle.api.tasks.TaskAction)
VolumeMountBuilder(io.fabric8.kubernetes.api.model.VolumeMountBuilder)
Duration(java.time.Duration)
Map(java.util.Map)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
DefaultTask(org.gradle.api.DefaultTask)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
ServiceBuilder(io.fabric8.kubernetes.api.model.ServiceBuilder)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
IngressBackendBuilder(io.fabric8.kubernetes.api.model.extensions.IngressBackendBuilder)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
ImmutableMap(com.google.common.collect.ImmutableMap)
HTTPIngressRuleValueBuilder(io.fabric8.kubernetes.api.model.extensions.HTTPIngressRuleValueBuilder)
Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
List(java.util.List)
RollingUpdateDeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.RollingUpdateDeploymentBuilder)
DeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentBuilder)
GcloudExtension(org.curioswitch.gradle.plugins.gcloud.GcloudExtension)
HTTPGetActionBuilder(io.fabric8.kubernetes.api.model.HTTPGetActionBuilder)
ProbeBuilder(io.fabric8.kubernetes.api.model.ProbeBuilder)
ServiceSpec(io.fabric8.kubernetes.api.model.ServiceSpec)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
IngressTLSBuilder(io.fabric8.kubernetes.api.model.extensions.IngressTLSBuilder)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ImmutableList(com.google.common.collect.ImmutableList)
PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder)
EnvVarSourceBuilder(io.fabric8.kubernetes.api.model.EnvVarSourceBuilder)
ServiceSpecBuilder(io.fabric8.kubernetes.api.model.ServiceSpecBuilder)
Service(io.fabric8.kubernetes.api.model.Service)
HTTPIngressPathBuilder(io.fabric8.kubernetes.api.model.extensions.HTTPIngressPathBuilder)
HTTPIngressPath(io.fabric8.kubernetes.api.model.extensions.HTTPIngressPath)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
DeploymentExtension(org.curioswitch.gradle.plugins.curioserver.DeploymentExtension)
PodTemplateSpecBuilder(io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder)
Probe(io.fabric8.kubernetes.api.model.Probe)
IngressBuilder(io.fabric8.kubernetes.api.model.extensions.IngressBuilder)
SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
DeploymentSpecBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentSpecBuilder)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
DeploymentStrategyBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentStrategyBuilder)
IngressSpecBuilder(io.fabric8.kubernetes.api.model.extensions.IngressSpecBuilder)
IngressRuleBuilder(io.fabric8.kubernetes.api.model.extensions.IngressRuleBuilder)
DeploymentSpecBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentSpecBuilder)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
HashMap(java.util.HashMap)
ImmutableList(com.google.common.collect.ImmutableList)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
ArrayList(java.util.ArrayList)
Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
HTTPIngressPath(io.fabric8.kubernetes.api.model.extensions.HTTPIngressPath)
ServiceBuilder(io.fabric8.kubernetes.api.model.ServiceBuilder)
EnvVarSourceBuilder(io.fabric8.kubernetes.api.model.EnvVarSourceBuilder)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
HTTPIngressRuleValueBuilder(io.fabric8.kubernetes.api.model.extensions.HTTPIngressRuleValueBuilder)
RollingUpdateDeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.RollingUpdateDeploymentBuilder)
ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
IngressTLSBuilder(io.fabric8.kubernetes.api.model.extensions.IngressTLSBuilder)
ImmutableDeploymentConfiguration(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension.ImmutableDeploymentConfiguration)
SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder)
PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
Service(io.fabric8.kubernetes.api.model.Service)
Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress)
DeploymentStrategyBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentStrategyBuilder)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
VolumeMountBuilder(io.fabric8.kubernetes.api.model.VolumeMountBuilder)
IngressBuilder(io.fabric8.kubernetes.api.model.extensions.IngressBuilder)
ImmutableDeploymentExtension(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension)
IngressSpecBuilder(io.fabric8.kubernetes.api.model.extensions.IngressSpecBuilder)
PodTemplateSpecBuilder(io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
RollingUpdateDeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.RollingUpdateDeploymentBuilder)
DeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentBuilder)
TaskAction(org.gradle.api.tasks.TaskAction)
Example 4 with Server
use of io.fabric8.insight.metrics.model.Server in project curiostack by curioswitch.
the class RequestNamespaceCertTask method exec.
@TaskAction
public void exec() {
ImmutableClusterExtension cluster = getProject().getExtensions().getByType(ClusterExtension.class);
final KeyPairGenerator keygen;
try {
keygen = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new IllegalStateException("Could not find RSA, can't happen.", e);
}
keygen.initialize(256, new SecureRandom());
KeyPair keyPair = keygen.generateKeyPair();
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + cluster.namespace() + ".ns.cluster.stellarstation.com"), keyPair.getPublic());
Stream<GeneralName> generalNames = Streams.concat(Stream.of(new GeneralName(GeneralName.dNSName, "*." + cluster.namespace()), new GeneralName(GeneralName.dNSName, "*." + cluster.namespace() + ".svc"), new GeneralName(GeneralName.dNSName, "*." + cluster.namespace() + ".svc.cluster.local")), cluster.extraNamespaceTlsHosts().stream().map(name -> new GeneralName(GeneralName.dNSName, name)));
GeneralNames subjectAltNames = new GeneralNames(generalNames.toArray(GeneralName[]::new));
ExtensionsGenerator extensions = new ExtensionsGenerator();
try {
extensions.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
p10Builder.setAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions.generate());
} catch (IOException e) {
throw new IllegalStateException("Could not encode cert name, can't happen.", e);
}
final ContentSigner signer;
try {
signer = new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate());
} catch (OperatorCreationException e) {
throw new IllegalStateException("Could not find signer, can't happen.", e);
}
PKCS10CertificationRequest csr = p10Builder.build(signer);
StringWriter csrWriter = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(csrWriter)) {
pemWriter.writeObject(csr);
} catch (IOException e) {
throw new IllegalStateException("Could not encode csr, can't happen.", e);
}
String encodedCsr = Base64.getEncoder().encodeToString(csrWriter.toString().getBytes(StandardCharsets.UTF_8));
Map<Object, Object> csrApiRequest = ImmutableMap.of("apiVersion", "certificates.k8s.io/v1beta1", "kind", "CertificateSigningRequest", "metadata", ImmutableMap.of("name", cluster.namespace() + ".server.crt"), "spec", ImmutableMap.of("request", encodedCsr, "usages", ImmutableList.of("digital signature", "key encipherment", "server auth", "client auth")));
final byte[] encodedApiRequest;
try {
encodedApiRequest = OBJECT_MAPPER.writeValueAsBytes(csrApiRequest);
} catch (JsonProcessingException e) {
throw new IllegalStateException("Could not encode yaml", e);
}
ImmutableGcloudExtension config = getProject().getRootProject().getExtensions().getByType(GcloudExtension.class);
String command = config.download() ? CommandUtil.getGcloudSdkBinDir(getProject()).resolve("kubectl").toAbsolutePath().toString() : "kubectl";
getProject().exec(exec -> {
exec.executable(command);
exec.args("create", "-f", "-");
exec.setStandardInput(new ByteArrayInputStream(encodedApiRequest));
});
getProject().exec(exec -> {
exec.executable(command);
exec.args("certificate", "approve", cluster.namespace() + ".server.crt");
});
// Need to wait a bit for certificate to propagate before fetching.
try {
TimeUnit.SECONDS.sleep(5);
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
// Gradle Exec seems to be flaky when reading from stdout, so use normal ProcessBuilder.
final byte[] certificateBytes;
try {
Process getCertProcess = new ProcessBuilder(command, "get", "csr", cluster.namespace() + ".server.crt", "-o", "jsonpath={.status.certificate}").start();
certificateBytes = ByteStreams.toByteArray(getCertProcess.getInputStream());
} catch (IOException e) {
throw new UncheckedIOException("Could not fetch certificate.", e);
}
String certificate = new String(Base64.getDecoder().decode(certificateBytes), StandardCharsets.UTF_8);
final JcaPKCS8Generator keyGenerator;
final PemObject keyObject;
try {
keyGenerator = new JcaPKCS8Generator(keyPair.getPrivate(), null);
keyObject = keyGenerator.generate();
} catch (PemGenerationException e) {
throw new IllegalStateException("Could not encode to pkcs8.", e);
}
StringWriter keyWriter = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(keyWriter)) {
pemWriter.writeObject(keyObject);
} catch (IOException e) {
throw new IllegalStateException("Could not encode csr, can't happen.", e);
}
String key = keyWriter.toString();
KubernetesClient client = new DefaultKubernetesClient();
Secret certificateSecret = new SecretBuilder().withMetadata(new ObjectMetaBuilder().withName("server-tls").withNamespace(cluster.namespace()).build()).withType("Opaque").withData(ImmutableMap.of("server.crt", Base64.getEncoder().encodeToString(certificate.getBytes(StandardCharsets.UTF_8)), "server-key.pem", Base64.getEncoder().encodeToString(key.getBytes(StandardCharsets.UTF_8)))).build();
client.resource(certificateSecret).createOrReplace();
}
Also used :
KeyPair(java.security.KeyPair)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
Extension(org.bouncycastle.asn1.x509.Extension)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Security(java.security.Security)
SecureRandom(java.security.SecureRandom)
TaskAction(org.gradle.api.tasks.TaskAction)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Map(java.util.Map)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
DefaultTask(org.gradle.api.DefaultTask)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
KeyPairGenerator(java.security.KeyPairGenerator)
PemObject(org.bouncycastle.util.io.pem.PemObject)
ImmutableMap(com.google.common.collect.ImmutableMap)
Streams(com.google.common.collect.Streams)
StandardCharsets(java.nio.charset.StandardCharsets)
UncheckedIOException(java.io.UncheckedIOException)
Base64(java.util.Base64)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Stream(java.util.stream.Stream)
GcloudExtension(org.curioswitch.gradle.plugins.gcloud.GcloudExtension)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ByteStreams(com.google.common.io.ByteStreams)
Secret(io.fabric8.kubernetes.api.model.Secret)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
X500Principal(javax.security.auth.x500.X500Principal)
PKCSObjectIdentifiers(org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ImmutableClusterExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableClusterExtension)
ImmutableList(com.google.common.collect.ImmutableList)
ClusterExtension(org.curioswitch.gradle.plugins.gcloud.ClusterExtension)
YAMLFactory(com.fasterxml.jackson.dataformat.yaml.YAMLFactory)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
StringWriter(java.io.StringWriter)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
IOException(java.io.IOException)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
TimeUnit(java.util.concurrent.TimeUnit)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
CommandUtil(org.curioswitch.gradle.plugins.shared.CommandUtil)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
JcaPKCS8Generator(org.bouncycastle.openssl.jcajce.JcaPKCS8Generator)
NoSuchProviderException(java.security.NoSuchProviderException)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
UncheckedIOException(java.io.UncheckedIOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ImmutableClusterExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableClusterExtension)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
StringWriter(java.io.StringWriter)
JcaPKCS8Generator(org.bouncycastle.openssl.jcajce.JcaPKCS8Generator)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
KeyPairGenerator(java.security.KeyPairGenerator)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Secret(io.fabric8.kubernetes.api.model.Secret)
PemObject(org.bouncycastle.util.io.pem.PemObject)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X500Principal(javax.security.auth.x500.X500Principal)
PemObject(org.bouncycastle.util.io.pem.PemObject)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
NoSuchProviderException(java.security.NoSuchProviderException)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
TaskAction(org.gradle.api.tasks.TaskAction)
Example 5 with Server
use of io.fabric8.insight.metrics.model.Server in project docker-maven-plugin by fabric8io.
the class DockerAccessFactory method createDockerAccess.
public DockerAccess createDockerAccess(DockerAccessContext dockerAccessContext) throws MojoExecutionException, MojoFailureException {
try {
DockerConnectionDetector dockerConnectionDetector = createDockerConnectionDetector(dockerAccessContext, dockerAccessContext.getLog());
DockerConnectionDetector.ConnectionParameter connectionParam = dockerConnectionDetector.detectConnectionParameter(dockerAccessContext.getDockerHost(), dockerAccessContext.getCertPath());
String version = dockerAccessContext.getMinimalApiVersion() != null ? dockerAccessContext.getMinimalApiVersion() : API_VERSION;
DockerAccess access = new DockerAccessWithHcClient("v" + version, connectionParam.getUrl(), connectionParam.getCertPath(), dockerAccessContext.getMaxConnections(), dockerAccessContext.getLog());
access.start();
setDockerHostAddressProperty(dockerAccessContext, connectionParam.getUrl());
String serverVersion = access.getServerApiVersion();
if (!EnvUtil.greaterOrEqualsVersion(serverVersion, version)) {
throw new MojoExecutionException(String.format("Server API version %s is smaller than required API version %s", serverVersion, version));
}
return access;
} catch (IOException e) {
throw new MojoExecutionException("Cannot create docker access object ", e);
}
}
Also used :
DockerAccess(io.fabric8.maven.docker.access.DockerAccess)
DockerAccessWithHcClient(io.fabric8.maven.docker.access.hc.DockerAccessWithHcClient)
MojoExecutionException(org.apache.maven.plugin.MojoExecutionException)
DockerConnectionDetector(io.fabric8.maven.docker.access.DockerConnectionDetector)
IOException(java.io.IOException)
Aggregations
HashMap (java.util.HashMap)20
Test (org.junit.Test)19
IOException (java.io.IOException)18
File (java.io.File)9
Map (java.util.Map)9
ClientInvokerImpl (io.fabric8.dosgi.tcp.ClientInvokerImpl)8
ServerInvokerImpl (io.fabric8.dosgi.tcp.ServerInvokerImpl)8
ArrayList (java.util.ArrayList)8
Profile (io.fabric8.api.Profile)7
ServerInvoker (io.fabric8.dosgi.io.ServerInvoker)7
InvocationHandler (java.lang.reflect.InvocationHandler)7
DispatchQueue (org.fusesource.hawtdispatch.DispatchQueue)7
Container (io.fabric8.api.Container)6
KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)6
Version (io.fabric8.api.Version)5
CuratorFramework (org.apache.curator.framework.CuratorFramework)5
FabricException (io.fabric8.api.FabricException)4
RuntimeProperties (io.fabric8.api.RuntimeProperties)4
InputStream (java.io.InputStream)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
