Examples with KubernetesClient io.fabric8.kubernetes.client.KubernetesClient used on opensource projects

Example 86 with KubernetesClient

use of io.fabric8.kubernetes.client.KubernetesClient in project halyard by spinnaker.

the class KubernetesV1ProviderUtils method resize.

static void resize(AccountDeploymentDetails<KubernetesAccount> details, String namespace, String replicaSetName, int targetSize) {
    KubernetesClient client = getClient(details);
    client.extensions().replicaSets().inNamespace(namespace).withName(replicaSetName).scale(targetSize);
}

Example 87 with KubernetesClient

use of io.fabric8.kubernetes.client.KubernetesClient in project halyard by spinnaker.

the class KubernetesAccountValidator method validateKubeconfig.

private void validateKubeconfig(ConfigProblemSetBuilder psBuilder, KubernetesAccount account) {
    io.fabric8.kubernetes.api.model.Config kubeconfig;
    String context = account.getContext();
    String kubeconfigFile = account.getKubeconfigFile();
    String cluster = account.getCluster();
    String user = account.getUser();
    List<String> namespaces = account.getNamespaces();
    List<String> omitNamespaces = account.getOmitNamespaces();
    // This indicates if a first pass at the config looks OK. If we don't see any serious problems, we'll do one last check
    // against the requested kubernetes cluster to ensure that we can run spinnaker.
    boolean smoketest = true;
    boolean namespacesProvided = namespaces != null && !namespaces.isEmpty();
    boolean omitNamespacesProvided = omitNamespaces != null && !omitNamespaces.isEmpty();
    if (namespacesProvided && omitNamespacesProvided) {
        psBuilder.addProblem(ERROR, "At most one of \"namespaces\" and \"omitNamespaces\" can be supplied.");
        smoketest = false;
    }
    // TODO(lwander) find a good resource / list of resources for generating kubeconfig files to link to here.
    try {
        if (ValidatingFileReader.contents(psBuilder, kubeconfigFile) == null) {
            return;
        }
        File kubeconfigFileOpen = new File(kubeconfigFile);
        kubeconfig = KubeConfigUtils.parseConfig(kubeconfigFileOpen);
    } catch (IOException e) {
        psBuilder.addProblem(ERROR, e.getMessage());
        return;
    }
    System.out.println(context);
    if (context != null && !context.isEmpty()) {
        Optional<NamedContext> namedContext = kubeconfig.getContexts().stream().filter(c -> c.getName().equals(context)).findFirst();
        if (!namedContext.isPresent()) {
            psBuilder.addProblem(ERROR, "Context \"" + context + "\" not found in kubeconfig \"" + kubeconfigFile + "\".", "context").setRemediation("Either add this context to your kubeconfig, rely on the default context, or pick another kubeconfig file.");
            smoketest = false;
        }
    } else {
        String currentContext = kubeconfig.getCurrentContext();
        if (StringUtils.isEmpty(currentContext)) {
            psBuilder.addProblem(ERROR, "You have not specified a Kubernetes context, and your kubeconfig \"" + kubeconfigFile + "\" has no current-context.", "context").setRemediation("Either specify a context in your halconfig, or set a current-context in your kubeconfig.");
            smoketest = false;
        } else {
            psBuilder.addProblem(WARNING, "You have not specified a Kubernetes context in your halconfig, Spinnaker will use \"" + currentContext + "\" instead.", "context").setRemediation("We recommend explicitly setting a context in your halconfig, to ensure changes to your kubeconfig won't break your deployment.");
        }
    }
    if (smoketest) {
        Config config = KubernetesConfigParser.parse(kubeconfigFile, context, cluster, user, namespaces, false);
        try {
            KubernetesClient client = new DefaultKubernetesClient(config);
            client.namespaces().list();
        } catch (Exception e) {
            ConfigProblemBuilder pb = psBuilder.addProblem(ERROR, "Unable to communicate with your Kubernetes cluster: " + e.getMessage() + ".");
            if (e.getMessage().contains("Token may have expired")) {
                pb.setRemediation("If you downloaded these keys with gcloud, it's possible they are in the wrong format. To fix this, run \n\n" + "gcloud config set container/use_client_certificate true\n\ngcloud container clusters get-credentials $CLUSTERNAME");
            } else {
                pb.setRemediation("Unable to authenticate with your Kubernetes cluster. Try using kubectl to verify your credentials.");
            }
        }
    }
}

Example 88 with KubernetesClient

use of io.fabric8.kubernetes.client.KubernetesClient in project curiostack by curioswitch.

the class CreateClientCertTask method exec.

@TaskAction
public void exec() {
    ImmutableClusterExtension cluster = getProject().getExtensions().getByType(ClusterExtension.class);
    String commonName = (String) getProject().getRootProject().findProperty("commonName");
    checkNotNull(commonName, "-PcommonName must be set");
    final KeyPairGenerator keygen;
    try {
        keygen = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
        throw new IllegalStateException("Could not find RSA, can't happen.", e);
    }
    keygen.initialize(256, new SecureRandom());
    KeyPair keyPair = keygen.generateKeyPair();
    PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + commonName), keyPair.getPublic());
    final ContentSigner signer;
    try {
        signer = new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate());
    } catch (OperatorCreationException e) {
        throw new IllegalStateException("Could not find signer, can't happen.", e);
    }
    PKCS10CertificationRequest csr = p10Builder.build(signer);
    StringWriter csrWriter = new StringWriter();
    try (JcaPEMWriter pemWriter = new JcaPEMWriter(csrWriter)) {
        pemWriter.writeObject(csr);
    } catch (IOException e) {
        throw new IllegalStateException("Could not encode csr, can't happen.", e);
    }
    String encodedCsr = Base64.getEncoder().encodeToString(csrWriter.toString().getBytes(StandardCharsets.UTF_8));
    String csrName = cluster.namespace() + "." + commonName + ".client.crt";
    Map<Object, Object> csrApiRequest = ImmutableMap.of("apiVersion", "certificates.k8s.io/v1beta1", "kind", "CertificateSigningRequest", "metadata", ImmutableMap.of("name", csrName), "spec", ImmutableMap.of("request", encodedCsr, "usages", ImmutableList.of("digital signature", "key encipherment", "server auth", "client auth")));
    final byte[] encodedApiRequest;
    try {
        encodedApiRequest = OBJECT_MAPPER.writeValueAsBytes(csrApiRequest);
    } catch (JsonProcessingException e) {
        throw new IllegalStateException("Could not encode yaml", e);
    }
    ImmutableGcloudExtension config = getProject().getRootProject().getExtensions().getByType(GcloudExtension.class);
    String command = config.download() ? new File(config.platformConfig().gcloudBinDir(), "kubectl").getAbsolutePath() : "kubectl";
    getProject().exec(exec -> {
        exec.executable(command);
        exec.args("create", "-f", "-");
        exec.setStandardInput(new ByteArrayInputStream(encodedApiRequest));
    });
    getProject().exec(exec -> {
        exec.executable(command);
        exec.args("certificate", "approve", csrName);
    });
    // Need to wait a bit for certificate to propagate before fetching.
    try {
        TimeUnit.SECONDS.sleep(5);
    } catch (InterruptedException e) {
        throw new RuntimeException(e);
    }
    ByteArrayOutputStream certStream = new ByteArrayOutputStream();
    getProject().exec(exec -> {
        exec.executable(command);
        exec.args("get", "csr", csrName, "-o", "jsonpath={.status.certificate}");
        exec.setStandardOutput(certStream);
    });
    String certificate = new String(Base64.getDecoder().decode(certStream.toByteArray()), StandardCharsets.UTF_8);
    final JcaPKCS8Generator keyGenerator;
    final PemObject keyObject;
    try {
        keyGenerator = new JcaPKCS8Generator(keyPair.getPrivate(), null);
        keyObject = keyGenerator.generate();
    } catch (PemGenerationException e) {
        throw new IllegalStateException("Could not encode to pkcs8.", e);
    }
    StringWriter keyWriter = new StringWriter();
    try (JcaPEMWriter pemWriter = new JcaPEMWriter(keyWriter)) {
        pemWriter.writeObject(keyObject);
    } catch (IOException e) {
        throw new IllegalStateException("Could not encode csr, can't happen.", e);
    }
    String key = keyWriter.toString();
    KubernetesClient client = new DefaultKubernetesClient();
    Secret certificateSecret = new SecretBuilder().withMetadata(new ObjectMetaBuilder().withName(commonName + "-client-tls").withNamespace(cluster.namespace()).build()).withType("Opaque").withData(ImmutableMap.of("client.crt", Base64.getEncoder().encodeToString(certificate.getBytes(StandardCharsets.UTF_8)), "client-key.pem", Base64.getEncoder().encodeToString(key.getBytes(StandardCharsets.UTF_8)))).build();
    client.resource(certificateSecret).createOrReplace();
}

Example 89 with KubernetesClient

use of io.fabric8.kubernetes.client.KubernetesClient in project curiostack by curioswitch.

the class CreateClusterNamespaceTask method exec.

@TaskAction
public void exec() {
    ImmutableClusterExtension cluster = getProject().getExtensions().getByType(ClusterExtension.class);
    Namespace namespace = new NamespaceBuilder().withMetadata(new ObjectMetaBuilder().withName(cluster.namespace()).build()).build();
    KubernetesClient client = new DefaultKubernetesClient();
    client.resource(namespace).createOrReplace();
}

Example 90 with KubernetesClient

use of io.fabric8.kubernetes.client.KubernetesClient in project fabric8 by fabric8io.

the class DevOpsConnector method updateEnvironmentConfigMap.

public void updateEnvironmentConfigMap(Map<String, String> environments, KubernetesClient kubernetes, Map<String, String> annotations, String consoleUrl) {
    if (environments != null && !environments.isEmpty()) {
        String name = Environments.ENVIRONMENTS_CONFIG_MAP_NAME;
        getLog().info("Ensuring ConfigMap " + name + " is populated with enviroments: " + environments);
        ConfigMap environmentsConfigMap = Environments.getOrCreateEnvironments(kubernetes);
        boolean updatedEnvConfigMap = false;
        for (Map.Entry<String, String> entry : environments.entrySet()) {
            String label = entry.getKey();
            String value = entry.getValue();
            String key = value;
            annotations.put("fabric8.link.environment." + key + "/label", label);
            if (Strings.isNotBlank(consoleUrl)) {
                String environmentLink = URLUtils.pathJoin(consoleUrl, "/kubernetes/pods?namespace=" + value);
                annotations.put("fabric8.link.environment." + key + "/url", environmentLink);
                addLink(label, environmentLink);
            }
            String dataKey = label.toLowerCase().replace(' ', '-');
            boolean updated = Environments.ensureEnvironmentAdded(environmentsConfigMap, dataKey, label, value);
            updatedEnvConfigMap = updated || updatedEnvConfigMap;
        }
        if (updatedEnvConfigMap) {
            String ns = kubernetes.getNamespace();
            getLog().info("Updating ConfigMap " + name + " with data: " + environmentsConfigMap.getData());
            if (KubernetesHelper.getResourceVersion(environmentsConfigMap) == null) {
                kubernetes.configMaps().inNamespace(ns).create(environmentsConfigMap);
            } else {
                try {
                    kubernetes.configMaps().inNamespace(ns).withName(name).replace(environmentsConfigMap);
                } catch (Exception e) {
                    getLog().error("Failed to update the Environment ConfigMap with data: " + environments + ". Reason: " + e, e);
                }
            }
        } else {
            getLog().info("No need to update ConfigMap " + name + " as already has data: " + environmentsConfigMap.getData());
        }
    }
}