Example 1 with SecurityContextBuilder
use of io.fabric8.kubernetes.api.model.SecurityContextBuilder in project shinyproxy by openanalytics.
the class KubernetesBackend method doStartProxy.
@Override
protected void doStartProxy(KubernetesContainerProxy proxy) throws Exception {
String kubeNamespace = getProperty(PROPERTY_NAMESPACE, proxy.getApp(), DEFAULT_NAMESPACE);
String apiVersion = getProperty(PROPERTY_API_VERSION, proxy.getApp(), DEFAULT_API_VERSION);
String[] volumeStrings = Optional.ofNullable(proxy.getApp().getDockerVolumes()).orElse(new String[] {});
Volume[] volumes = new Volume[volumeStrings.length];
VolumeMount[] volumeMounts = new VolumeMount[volumeStrings.length];
for (int i = 0; i < volumeStrings.length; i++) {
String[] volume = volumeStrings[i].split(":");
String hostSource = volume[0];
String containerDest = volume[1];
String name = "shinyproxy-volume-" + i;
volumes[i] = new VolumeBuilder().withNewHostPath(hostSource).withName(name).build();
volumeMounts[i] = new VolumeMountBuilder().withMountPath(containerDest).withName(name).build();
}
List<EnvVar> envVars = new ArrayList<>();
for (String envString : buildEnv(proxy.getUserId(), proxy.getApp())) {
int idx = envString.indexOf('=');
if (idx == -1)
log.warn("Invalid environment variable: " + envString);
envVars.add(new EnvVar(envString.substring(0, idx), envString.substring(idx + 1), null));
}
SecurityContext security = new SecurityContextBuilder().withPrivileged(Boolean.valueOf(getProperty(PROPERTY_PRIVILEGED, proxy.getApp(), DEFAULT_PRIVILEGED))).build();
ContainerBuilder containerBuilder = new ContainerBuilder().withImage(proxy.getApp().getDockerImage()).withName("shiny-container").withPorts(new ContainerPortBuilder().withContainerPort(getAppPort(proxy)).build()).withVolumeMounts(volumeMounts).withSecurityContext(security).withEnv(envVars);
String imagePullPolicy = getProperty(PROPERTY_IMG_PULL_POLICY, proxy.getApp(), null);
if (imagePullPolicy != null)
containerBuilder.withImagePullPolicy(imagePullPolicy);
if (proxy.getApp().getDockerCmd() != null)
containerBuilder.withCommand(proxy.getApp().getDockerCmd());
String[] imagePullSecrets = getProperty(PROPERTY_IMG_PULL_SECRETS, proxy.getApp(), String[].class, null);
if (imagePullSecrets == null) {
String imagePullSecret = getProperty(PROPERTY_IMG_PULL_SECRET, proxy.getApp(), null);
if (imagePullSecret != null) {
imagePullSecrets = new String[] { imagePullSecret };
} else {
imagePullSecrets = new String[0];
}
}
Pod pod = kubeClient.pods().inNamespace(kubeNamespace).createNew().withApiVersion(apiVersion).withKind("Pod").withNewMetadata().withName(proxy.getName()).addToLabels("app", proxy.getName()).endMetadata().withNewSpec().withContainers(Collections.singletonList(containerBuilder.build())).withVolumes(volumes).withImagePullSecrets(Arrays.asList(imagePullSecrets).stream().map(LocalObjectReference::new).collect(Collectors.toList())).endSpec().done();
proxy.setPod(kubeClient.resource(pod).waitUntilReady(600, TimeUnit.SECONDS));
if (!isUseInternalNetwork()) {
// If SP runs outside the cluster, a NodePort service is needed to access the pod externally.
Service service = kubeClient.services().inNamespace(kubeNamespace).createNew().withApiVersion(apiVersion).withKind("Service").withNewMetadata().withName(proxy.getName() + "service").endMetadata().withNewSpec().addToSelector("app", proxy.getName()).withType("NodePort").withPorts(new ServicePortBuilder().withPort(getAppPort(proxy)).build()).endSpec().done();
// Retry, because if this is done too fast, an 'endpoint not found' exception will be thrown.
Utils.retry(i -> {
try {
proxy.setService(kubeClient.resource(service).waitUntilReady(600, TimeUnit.SECONDS));
} catch (Exception e) {
return false;
}
return true;
}, 5, 1000);
releasePort(proxy.getPort());
proxy.setPort(proxy.getService().getSpec().getPorts().get(0).getNodePort());
}
}
Also used :
Pod(io.fabric8.kubernetes.api.model.Pod)
ArrayList(java.util.ArrayList)
Service(io.fabric8.kubernetes.api.model.Service)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
VolumeMountBuilder(io.fabric8.kubernetes.api.model.VolumeMountBuilder)
IOException(java.io.IOException)
ShinyProxyException(eu.openanalytics.shinyproxy.ShinyProxyException)
SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
Volume(io.fabric8.kubernetes.api.model.Volume)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext)
VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
Aggregations
ShinyProxyException (eu.openanalytics.shinyproxy.ShinyProxyException)1
ContainerBuilder (io.fabric8.kubernetes.api.model.ContainerBuilder)1
ContainerPortBuilder (io.fabric8.kubernetes.api.model.ContainerPortBuilder)1
EnvVar (io.fabric8.kubernetes.api.model.EnvVar)1
LocalObjectReference (io.fabric8.kubernetes.api.model.LocalObjectReference)1
Pod (io.fabric8.kubernetes.api.model.Pod)1
SecurityContext (io.fabric8.kubernetes.api.model.SecurityContext)1
SecurityContextBuilder (io.fabric8.kubernetes.api.model.SecurityContextBuilder)1
Service (io.fabric8.kubernetes.api.model.Service)1
ServicePortBuilder (io.fabric8.kubernetes.api.model.ServicePortBuilder)1
Volume (io.fabric8.kubernetes.api.model.Volume)1
VolumeBuilder (io.fabric8.kubernetes.api.model.VolumeBuilder)1
VolumeMount (io.fabric8.kubernetes.api.model.VolumeMount)1
VolumeMountBuilder (io.fabric8.kubernetes.api.model.VolumeMountBuilder)1
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
