Example 31 with TaskAction
use of org.gradle.api.tasks.TaskAction in project curiostack by curioswitch.
the class DeployPodTask method exec.
@TaskAction
public void exec() {
ImmutableDeploymentExtension config = getProject().getExtensions().getByType(DeploymentExtension.class);
final ImmutableDeploymentConfiguration deploymentConfig = config.getTypes().getByName(type);
ImmutableGcloudExtension gcloud = getProject().getRootProject().getExtensions().getByType(GcloudExtension.class);
ImmutableList.Builder<EnvVar> envVars = ImmutableList.<EnvVar>builder().addAll(deploymentConfig.envVars().entrySet().stream().map((entry) -> new EnvVar(entry.getKey(), entry.getValue(), null))::iterator).addAll(deploymentConfig.secretEnvVars().entrySet().stream().map((entry) -> new EnvVar(entry.getKey(), null, new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelectorBuilder().withName(entry.getValue().get(0)).withKey(entry.getValue().get(1)).build()).build()))::iterator);
if (!deploymentConfig.envVars().containsKey("JAVA_OPTS")) {
int heapSize = deploymentConfig.jvmHeapMb();
StringBuilder javaOpts = new StringBuilder();
javaOpts.append("--add-opens java.base/jdk.internal.misc=ALL-UNNAMED ").append("--add-opens jdk.unsupported/sun.misc=ALL-UNNAMED ").append("-Xms").append(heapSize).append("m ").append("-Xmx").append(heapSize).append("m ").append("-Dconfig.resource=application-").append(type).append(".conf ").append("-Dmonitoring.stackdriverProjectId=").append(gcloud.clusterProject()).append(" ").append("-Dmonitoring.serverName=").append(deploymentConfig.deploymentName()).append(" ");
if (!deploymentConfig.request()) {
int numCpus = (int) Math.ceil(Double.parseDouble(deploymentConfig.cpu()));
int numWorkers = numCpus * 2;
javaOpts.append("-XX:ParallelGCThreads=").append(numCpus).append(" ").append("-Dcom.linecorp.armeria.numCommonWorkers=").append(numWorkers).append(" ").append("-Dio.netty.availableProcessors=").append(numCpus).append(" ");
}
if (!type.equals("prod")) {
javaOpts.append("-Dcom.linecorp.armeria.verboseExceptions=true ");
}
envVars.add(new EnvVar("JAVA_OPTS", javaOpts.toString(), null));
}
Map<String, Quantity> resources = ImmutableMap.of("cpu", new Quantity(deploymentConfig.cpu()), "memory", new Quantity(deploymentConfig.memoryMb() + "Mi"));
Deployment deployment = new DeploymentBuilder().withMetadata(new ObjectMetaBuilder().withNamespace(deploymentConfig.namespace()).withName(deploymentConfig.deploymentName()).build()).withSpec(new DeploymentSpecBuilder().withReplicas(deploymentConfig.replicas()).withStrategy(new DeploymentStrategyBuilder().withType("RollingUpdate").withRollingUpdate(new RollingUpdateDeploymentBuilder().withNewMaxUnavailable(0).build()).build()).withSelector(new LabelSelectorBuilder().withMatchLabels(ImmutableMap.of("name", deploymentConfig.deploymentName())).build()).withTemplate(new PodTemplateSpecBuilder().withMetadata(new ObjectMetaBuilder().withLabels(ImmutableMap.of("name", deploymentConfig.deploymentName(), "revision", System.getenv().getOrDefault("REVISION_ID", "none"))).withAnnotations(ImmutableMap.<String, String>builder().put("prometheus.io/scrape", "true").put("prometheus.io/scheme", "https").put("prometheus.io/path", "/internal/metrics").put("prometheus.io/port", String.valueOf(deploymentConfig.containerPort())).build()).build()).withSpec(new PodSpecBuilder().withContainers(new ContainerBuilder().withResources(new ResourceRequirementsBuilder().withLimits(!deploymentConfig.request() ? resources : ImmutableMap.of()).withRequests(deploymentConfig.request() ? resources : ImmutableMap.of()).build()).withImage(deploymentConfig.image()).withName(deploymentConfig.deploymentName()).withEnv(envVars.build()).withImagePullPolicy("Always").withReadinessProbe(createProbe(deploymentConfig, Duration.ofSeconds(5))).withLivenessProbe(createProbe(deploymentConfig, Duration.ofSeconds(15))).withPorts(ImmutableList.of(new ContainerPortBuilder().withContainerPort(deploymentConfig.containerPort()).withName("http").build())).withVolumeMounts(new VolumeMountBuilder().withName("tls").withMountPath("/etc/tls").withReadOnly(true).build(), new VolumeMountBuilder().withName("rpcacls").withMountPath("/etc/rpcacls").withReadOnly(true).build()).build()).withVolumes(new VolumeBuilder().withName("tls").withSecret(new SecretVolumeSourceBuilder().withSecretName("server-tls").build()).build(), new VolumeBuilder().withName("rpcacls").withConfigMap(new ConfigMapVolumeSourceBuilder().withName("rpcacls").build()).build()).build()).build()).build()).build();
KubernetesClient client = new DefaultKubernetesClient();
Service service = new ServiceBuilder().withMetadata(new ObjectMetaBuilder().withName(deploymentConfig.deploymentName()).withNamespace(deploymentConfig.namespace()).withAnnotations(ImmutableMap.<String, String>builder().put("service.alpha.kubernetes.io/app-protocols", "{\"https\":\"HTTPS\"}").put("prometheus.io/scrape", "true").put("prometheus.io/scheme", "https").put("prometheus.io/path", "/internal/metrics").put("prometheus.io/port", String.valueOf(deploymentConfig.containerPort())).put("prometheus.io/probe", "true").build()).build()).withSpec(createServiceSpec(deploymentConfig)).build();
Map<String, Service> additionalServices = new HashMap<>();
for (String path : deploymentConfig.additionalServicePaths()) {
String sanitizedPath = path;
if (sanitizedPath.endsWith("/*")) {
sanitizedPath = sanitizedPath.substring(0, path.length() - 2);
}
String serviceName = deploymentConfig.deploymentName() + sanitizedPath.replace('/', '-');
additionalServices.put(path, new ServiceBuilder().withMetadata(new ObjectMetaBuilder().withName(serviceName).withNamespace(deploymentConfig.namespace()).withAnnotations(ImmutableMap.of("service.alpha.kubernetes.io/app-protocols", "{\"https\":\"HTTPS\"}")).build()).withSpec(createServiceSpec(deploymentConfig)).build());
}
client.resource(deployment).createOrReplace();
deployService(service, client);
additionalServices.values().forEach(s -> deployService(s, client));
if (deploymentConfig.externalHost() != null) {
List<HTTPIngressPath> ingressPaths = new ArrayList<>();
additionalServices.forEach((path, s) -> ingressPaths.add(createIngressPath(path, s.getMetadata().getName(), deploymentConfig)));
ingressPaths.add(createIngressPath("/*", deploymentConfig.deploymentName(), deploymentConfig));
Ingress ingress = new IngressBuilder().withMetadata(new ObjectMetaBuilder().withNamespace(deploymentConfig.namespace()).withName(deploymentConfig.deploymentName()).withAnnotations(ImmutableMap.of("kubernetes.io/tls-acme", "true", "kubernetes.io/ingress.class", "gce")).build()).withSpec(new IngressSpecBuilder().withTls(new IngressTLSBuilder().withSecretName(deploymentConfig.deploymentName() + "-tls").withHosts(deploymentConfig.externalHost()).build()).withRules(new IngressRuleBuilder().withHost(deploymentConfig.externalHost()).withHttp(new HTTPIngressRuleValueBuilder().withPaths(ingressPaths).build()).build()).build()).build();
client.resource(ingress).createOrReplace();
}
}
Also used :
Quantity(io.fabric8.kubernetes.api.model.Quantity)
ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
IngressRuleBuilder(io.fabric8.kubernetes.api.model.extensions.IngressRuleBuilder)
Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment)
ImmutableDeploymentExtension(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension)
ImmutableDeploymentConfiguration(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension.ImmutableDeploymentConfiguration)
TaskAction(org.gradle.api.tasks.TaskAction)
VolumeMountBuilder(io.fabric8.kubernetes.api.model.VolumeMountBuilder)
Duration(java.time.Duration)
Map(java.util.Map)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
DefaultTask(org.gradle.api.DefaultTask)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
ServiceBuilder(io.fabric8.kubernetes.api.model.ServiceBuilder)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
IngressBackendBuilder(io.fabric8.kubernetes.api.model.extensions.IngressBackendBuilder)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
ImmutableMap(com.google.common.collect.ImmutableMap)
HTTPIngressRuleValueBuilder(io.fabric8.kubernetes.api.model.extensions.HTTPIngressRuleValueBuilder)
Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
List(java.util.List)
RollingUpdateDeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.RollingUpdateDeploymentBuilder)
DeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentBuilder)
GcloudExtension(org.curioswitch.gradle.plugins.gcloud.GcloudExtension)
HTTPGetActionBuilder(io.fabric8.kubernetes.api.model.HTTPGetActionBuilder)
ProbeBuilder(io.fabric8.kubernetes.api.model.ProbeBuilder)
ServiceSpec(io.fabric8.kubernetes.api.model.ServiceSpec)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
IngressTLSBuilder(io.fabric8.kubernetes.api.model.extensions.IngressTLSBuilder)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ImmutableList(com.google.common.collect.ImmutableList)
PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder)
EnvVarSourceBuilder(io.fabric8.kubernetes.api.model.EnvVarSourceBuilder)
ServiceSpecBuilder(io.fabric8.kubernetes.api.model.ServiceSpecBuilder)
Service(io.fabric8.kubernetes.api.model.Service)
HTTPIngressPathBuilder(io.fabric8.kubernetes.api.model.extensions.HTTPIngressPathBuilder)
HTTPIngressPath(io.fabric8.kubernetes.api.model.extensions.HTTPIngressPath)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
DeploymentExtension(org.curioswitch.gradle.plugins.curioserver.DeploymentExtension)
PodTemplateSpecBuilder(io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder)
Probe(io.fabric8.kubernetes.api.model.Probe)
IngressBuilder(io.fabric8.kubernetes.api.model.extensions.IngressBuilder)
SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
DeploymentSpecBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentSpecBuilder)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
DeploymentStrategyBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentStrategyBuilder)
IngressSpecBuilder(io.fabric8.kubernetes.api.model.extensions.IngressSpecBuilder)
IngressRuleBuilder(io.fabric8.kubernetes.api.model.extensions.IngressRuleBuilder)
DeploymentSpecBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentSpecBuilder)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
HashMap(java.util.HashMap)
ImmutableList(com.google.common.collect.ImmutableList)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
ArrayList(java.util.ArrayList)
Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
HTTPIngressPath(io.fabric8.kubernetes.api.model.extensions.HTTPIngressPath)
ServiceBuilder(io.fabric8.kubernetes.api.model.ServiceBuilder)
EnvVarSourceBuilder(io.fabric8.kubernetes.api.model.EnvVarSourceBuilder)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
HTTPIngressRuleValueBuilder(io.fabric8.kubernetes.api.model.extensions.HTTPIngressRuleValueBuilder)
RollingUpdateDeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.RollingUpdateDeploymentBuilder)
ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
IngressTLSBuilder(io.fabric8.kubernetes.api.model.extensions.IngressTLSBuilder)
ImmutableDeploymentConfiguration(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension.ImmutableDeploymentConfiguration)
SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder)
PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
Service(io.fabric8.kubernetes.api.model.Service)
Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress)
DeploymentStrategyBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentStrategyBuilder)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
VolumeMountBuilder(io.fabric8.kubernetes.api.model.VolumeMountBuilder)
IngressBuilder(io.fabric8.kubernetes.api.model.extensions.IngressBuilder)
ImmutableDeploymentExtension(org.curioswitch.gradle.plugins.curioserver.ImmutableDeploymentExtension)
IngressSpecBuilder(io.fabric8.kubernetes.api.model.extensions.IngressSpecBuilder)
PodTemplateSpecBuilder(io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
RollingUpdateDeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.RollingUpdateDeploymentBuilder)
DeploymentBuilder(io.fabric8.kubernetes.api.model.extensions.DeploymentBuilder)
TaskAction(org.gradle.api.tasks.TaskAction)
Example 32 with TaskAction
use of org.gradle.api.tasks.TaskAction in project curiostack by curioswitch.
the class CreateShellConfigTask method exec.
@TaskAction
public void exec() {
String joinedPath = getPaths().stream().map(path -> {
if (Os.isFamily(Os.FAMILY_WINDOWS)) {
// Assume msys or cygwin for now.
return "/" + path.substring(0, 1).toLowerCase() + "/" + path.substring("C:\\".length()).replace('\\', '/');
} else {
return path;
}
}).collect(Collectors.joining(":"));
String homeDir = System.getProperty("user.shellHome", System.getProperty("user.home", ""));
if (homeDir.isEmpty()) {
return;
}
List<String> configLines = ImmutableList.of(MARKER, "export PATH=" + joinedPath + ":$PATH", "export CLOUDSDK_PYTHON=" + CommandUtil.getPythonExecutable(getProject(), "dev"), "export CLOUDSDK_PYTHON_SITEPACKAGES=1", ". " + CommandUtil.getCondaBaseDir(getProject()).resolve("etc/profile.d/conda.sh").toString(), MARKER);
for (String rcFile : SHELL_RCS) {
Path rcPath = Paths.get(homeDir, rcFile);
if (!Files.exists(rcPath)) {
continue;
}
final List<String> lines;
try {
lines = Files.readAllLines(rcPath, StandardCharsets.UTF_8);
} catch (IOException e) {
throw new UncheckedIOException("Could not read shell file.", e);
}
int firstMarkerIndex = lines.indexOf(MARKER);
final Iterable<String> rcLines;
if (firstMarkerIndex == -1) {
rcLines = Iterables.concat(lines, ImmutableList.of("\n"), configLines);
} else {
int lastMarkerIndex = lines.lastIndexOf(MARKER);
rcLines = Iterables.concat(lines.subList(0, firstMarkerIndex), configLines, lines.subList(lastMarkerIndex + 1, lines.size()));
}
try {
Files.write(rcPath, rcLines, StandardCharsets.UTF_8);
} catch (IOException e) {
throw new UncheckedIOException("Could not write to shell file.", e);
}
}
}
Also used :
Iterables(com.google.common.collect.Iterables)
Files(java.nio.file.Files)
ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
StandardCharsets(java.nio.charset.StandardCharsets)
UncheckedIOException(java.io.UncheckedIOException)
TaskAction(org.gradle.api.tasks.TaskAction)
List(java.util.List)
Os(org.apache.tools.ant.taskdefs.condition.Os)
ImmutableList(com.google.common.collect.ImmutableList)
Paths(java.nio.file.Paths)
CommandUtil(org.curioswitch.gradle.plugins.shared.CommandUtil)
DefaultTask(org.gradle.api.DefaultTask)
Input(org.gradle.api.tasks.Input)
Path(java.nio.file.Path)
Path(java.nio.file.Path)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
TaskAction(org.gradle.api.tasks.TaskAction)
Example 33 with TaskAction
use of org.gradle.api.tasks.TaskAction in project curiostack by curioswitch.
the class DeployDevDbPodTask method exec.
@TaskAction
public void exec() {
ImmutableDatabaseExtension config = getProject().getExtensions().getByType(DatabaseExtension.class);
PersistentVolumeClaim volumeClaim = new PersistentVolumeClaimBuilder().withMetadata(new ObjectMetaBuilder().withName(config.devDbPodName() + "-pvc").withNamespace(config.devDbPodNamespace()).build()).withSpec(new PersistentVolumeClaimSpecBuilder().withAccessModes("ReadWriteOnce").withResources(new ResourceRequirementsBuilder().withRequests(ImmutableMap.of("storage", new Quantity("5Gi"))).build()).build()).build();
Pod pod = new PodBuilder().withMetadata(new ObjectMetaBuilder().withName(config.devDbPodName()).withLabels(ImmutableMap.of("name", config.devDbPodName())).withNamespace(config.devDbPodNamespace()).build()).withSpec(new PodSpecBuilder().withContainers(new ContainerBuilder().withResources(new ResourceRequirementsBuilder().withLimits(ImmutableMap.of("cpu", new Quantity("0.1"), "memory", new Quantity("512Mi"))).build()).withImage(config.devDockerImageTag()).withName(config.devDbPodName()).withImagePullPolicy("Always").withPorts(new ContainerPortBuilder().withContainerPort(3306).withName("mysql").build()).withVolumeMounts(new VolumeMountBuilder().withName(config.devDbPodName() + "-data").withMountPath("/var/lib/mysql").build()).withArgs("--ignore-db-dir=lost+found").build()).withVolumes(new VolumeBuilder().withName(config.devDbPodName() + "-data").withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSourceBuilder().withClaimName(volumeClaim.getMetadata().getName()).build()).build()).build()).build();
Service service = new ServiceBuilder().withMetadata(new ObjectMetaBuilder().withName(config.devDbPodName()).withNamespace(config.devDbPodNamespace()).build()).withSpec(new ServiceSpecBuilder().withPorts(new ServicePortBuilder().withPort(3306).withTargetPort(new IntOrString(3306)).build()).withSelector(ImmutableMap.of("name", config.devDbPodName())).withType("LoadBalancer").withLoadBalancerSourceRanges(config.devDbIpRestrictions()).build()).build();
KubernetesClient client = new DefaultKubernetesClient();
try {
client.resource(volumeClaim).createOrReplace();
} catch (Exception e) {
// TODO(choko): Find a better way to idempotently setup.
// Ignore
}
try {
client.resourceList(pod).createOrReplace();
} catch (Exception e) {
// TODO(choko): Find a better way to idempotently setup.
// Ignore
}
client.resource(service).createOrReplace();
}
Also used :
PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
ImmutableDatabaseExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableDatabaseExtension)
Pod(io.fabric8.kubernetes.api.model.Pod)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
PodBuilder(io.fabric8.kubernetes.api.model.PodBuilder)
PersistentVolumeClaimBuilder(io.fabric8.kubernetes.api.model.PersistentVolumeClaimBuilder)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
Service(io.fabric8.kubernetes.api.model.Service)
PersistentVolumeClaimVolumeSourceBuilder(io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSourceBuilder)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
VolumeMountBuilder(io.fabric8.kubernetes.api.model.VolumeMountBuilder)
VolumeBuilder(io.fabric8.kubernetes.api.model.VolumeBuilder)
ServiceBuilder(io.fabric8.kubernetes.api.model.ServiceBuilder)
ServiceSpecBuilder(io.fabric8.kubernetes.api.model.ServiceSpecBuilder)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
PersistentVolumeClaimSpecBuilder(io.fabric8.kubernetes.api.model.PersistentVolumeClaimSpecBuilder)
PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
TaskAction(org.gradle.api.tasks.TaskAction)
Example 34 with TaskAction
use of org.gradle.api.tasks.TaskAction in project curiostack by curioswitch.
the class GcloudTask method exec.
@TaskAction
public void exec() {
ImmutableGcloudExtension config = getProject().getRootProject().getExtensions().getByType(GcloudExtension.class);
String command = Os.isFamily(Os.FAMILY_WINDOWS) ? COMMAND + ".cmd" : COMMAND;
String executable = CommandUtil.getGcloudSdkBinDir(getProject()).resolve(command).toString();
List<Object> fullArgs = ImmutableList.builder().add("--project=" + config.clusterProject()).add("--quiet").addAll(args).build();
getProject().exec(exec -> {
exec.executable(executable);
exec.args(fullArgs);
if (config.download()) {
exec.environment("PATH", CommandUtil.getGcloudSdkBinDir(getProject()) + File.pathSeparator + exec.getEnvironment().get("PATH"));
exec.environment("CLOUDSDK_PYTHON", CommandUtil.getPythonExecutable(getProject(), "build"));
exec.environment("CLOUDSDK_PYTHON_SITEPACKAGES", "1");
}
exec.setStandardInput(System.in);
});
}
Also used :
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
TaskAction(org.gradle.api.tasks.TaskAction)
Example 35 with TaskAction
use of org.gradle.api.tasks.TaskAction in project curiostack by curioswitch.
the class RequestNamespaceCertTask method exec.
@TaskAction
public void exec() {
ImmutableClusterExtension cluster = getProject().getExtensions().getByType(ClusterExtension.class);
final KeyPairGenerator keygen;
try {
keygen = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new IllegalStateException("Could not find RSA, can't happen.", e);
}
keygen.initialize(256, new SecureRandom());
KeyPair keyPair = keygen.generateKeyPair();
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + cluster.namespace() + ".ns.cluster.stellarstation.com"), keyPair.getPublic());
Stream<GeneralName> generalNames = Streams.concat(Stream.of(new GeneralName(GeneralName.dNSName, "*." + cluster.namespace()), new GeneralName(GeneralName.dNSName, "*." + cluster.namespace() + ".svc"), new GeneralName(GeneralName.dNSName, "*." + cluster.namespace() + ".svc.cluster.local")), cluster.extraNamespaceTlsHosts().stream().map(name -> new GeneralName(GeneralName.dNSName, name)));
GeneralNames subjectAltNames = new GeneralNames(generalNames.toArray(GeneralName[]::new));
ExtensionsGenerator extensions = new ExtensionsGenerator();
try {
extensions.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
p10Builder.setAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions.generate());
} catch (IOException e) {
throw new IllegalStateException("Could not encode cert name, can't happen.", e);
}
final ContentSigner signer;
try {
signer = new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate());
} catch (OperatorCreationException e) {
throw new IllegalStateException("Could not find signer, can't happen.", e);
}
PKCS10CertificationRequest csr = p10Builder.build(signer);
StringWriter csrWriter = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(csrWriter)) {
pemWriter.writeObject(csr);
} catch (IOException e) {
throw new IllegalStateException("Could not encode csr, can't happen.", e);
}
String encodedCsr = Base64.getEncoder().encodeToString(csrWriter.toString().getBytes(StandardCharsets.UTF_8));
Map<Object, Object> csrApiRequest = ImmutableMap.of("apiVersion", "certificates.k8s.io/v1beta1", "kind", "CertificateSigningRequest", "metadata", ImmutableMap.of("name", cluster.namespace() + ".server.crt"), "spec", ImmutableMap.of("request", encodedCsr, "usages", ImmutableList.of("digital signature", "key encipherment", "server auth", "client auth")));
final byte[] encodedApiRequest;
try {
encodedApiRequest = OBJECT_MAPPER.writeValueAsBytes(csrApiRequest);
} catch (JsonProcessingException e) {
throw new IllegalStateException("Could not encode yaml", e);
}
ImmutableGcloudExtension config = getProject().getRootProject().getExtensions().getByType(GcloudExtension.class);
String command = config.download() ? CommandUtil.getGcloudSdkBinDir(getProject()).resolve("kubectl").toAbsolutePath().toString() : "kubectl";
getProject().exec(exec -> {
exec.executable(command);
exec.args("create", "-f", "-");
exec.setStandardInput(new ByteArrayInputStream(encodedApiRequest));
});
getProject().exec(exec -> {
exec.executable(command);
exec.args("certificate", "approve", cluster.namespace() + ".server.crt");
});
// Need to wait a bit for certificate to propagate before fetching.
try {
TimeUnit.SECONDS.sleep(5);
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
// Gradle Exec seems to be flaky when reading from stdout, so use normal ProcessBuilder.
final byte[] certificateBytes;
try {
Process getCertProcess = new ProcessBuilder(command, "get", "csr", cluster.namespace() + ".server.crt", "-o", "jsonpath={.status.certificate}").start();
certificateBytes = ByteStreams.toByteArray(getCertProcess.getInputStream());
} catch (IOException e) {
throw new UncheckedIOException("Could not fetch certificate.", e);
}
String certificate = new String(Base64.getDecoder().decode(certificateBytes), StandardCharsets.UTF_8);
final JcaPKCS8Generator keyGenerator;
final PemObject keyObject;
try {
keyGenerator = new JcaPKCS8Generator(keyPair.getPrivate(), null);
keyObject = keyGenerator.generate();
} catch (PemGenerationException e) {
throw new IllegalStateException("Could not encode to pkcs8.", e);
}
StringWriter keyWriter = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(keyWriter)) {
pemWriter.writeObject(keyObject);
} catch (IOException e) {
throw new IllegalStateException("Could not encode csr, can't happen.", e);
}
String key = keyWriter.toString();
KubernetesClient client = new DefaultKubernetesClient();
Secret certificateSecret = new SecretBuilder().withMetadata(new ObjectMetaBuilder().withName("server-tls").withNamespace(cluster.namespace()).build()).withType("Opaque").withData(ImmutableMap.of("server.crt", Base64.getEncoder().encodeToString(certificate.getBytes(StandardCharsets.UTF_8)), "server-key.pem", Base64.getEncoder().encodeToString(key.getBytes(StandardCharsets.UTF_8)))).build();
client.resource(certificateSecret).createOrReplace();
}
Also used :
KeyPair(java.security.KeyPair)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
Extension(org.bouncycastle.asn1.x509.Extension)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Security(java.security.Security)
SecureRandom(java.security.SecureRandom)
TaskAction(org.gradle.api.tasks.TaskAction)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Map(java.util.Map)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
DefaultTask(org.gradle.api.DefaultTask)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
KeyPairGenerator(java.security.KeyPairGenerator)
PemObject(org.bouncycastle.util.io.pem.PemObject)
ImmutableMap(com.google.common.collect.ImmutableMap)
Streams(com.google.common.collect.Streams)
StandardCharsets(java.nio.charset.StandardCharsets)
UncheckedIOException(java.io.UncheckedIOException)
Base64(java.util.Base64)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Stream(java.util.stream.Stream)
GcloudExtension(org.curioswitch.gradle.plugins.gcloud.GcloudExtension)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ByteStreams(com.google.common.io.ByteStreams)
Secret(io.fabric8.kubernetes.api.model.Secret)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
X500Principal(javax.security.auth.x500.X500Principal)
PKCSObjectIdentifiers(org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ImmutableClusterExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableClusterExtension)
ImmutableList(com.google.common.collect.ImmutableList)
ClusterExtension(org.curioswitch.gradle.plugins.gcloud.ClusterExtension)
YAMLFactory(com.fasterxml.jackson.dataformat.yaml.YAMLFactory)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
StringWriter(java.io.StringWriter)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
IOException(java.io.IOException)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
TimeUnit(java.util.concurrent.TimeUnit)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
CommandUtil(org.curioswitch.gradle.plugins.shared.CommandUtil)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
JcaPKCS8Generator(org.bouncycastle.openssl.jcajce.JcaPKCS8Generator)
NoSuchProviderException(java.security.NoSuchProviderException)
ImmutableGcloudExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableGcloudExtension)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
UncheckedIOException(java.io.UncheckedIOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ImmutableClusterExtension(org.curioswitch.gradle.plugins.gcloud.ImmutableClusterExtension)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
StringWriter(java.io.StringWriter)
JcaPKCS8Generator(org.bouncycastle.openssl.jcajce.JcaPKCS8Generator)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
KeyPairGenerator(java.security.KeyPairGenerator)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder)
ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)
Secret(io.fabric8.kubernetes.api.model.Secret)
PemObject(org.bouncycastle.util.io.pem.PemObject)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X500Principal(javax.security.auth.x500.X500Principal)
PemObject(org.bouncycastle.util.io.pem.PemObject)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient)
NoSuchProviderException(java.security.NoSuchProviderException)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
TaskAction(org.gradle.api.tasks.TaskAction)
Aggregations
TaskAction (org.gradle.api.tasks.TaskAction)167
File (java.io.File)66
GradleException (org.gradle.api.GradleException)38
IOException (java.io.IOException)35
MtlBaseTaskAction (com.taobao.android.builder.tasks.manager.MtlBaseTaskAction)32
ArrayList (java.util.ArrayList)29
Project (org.gradle.api.Project)18
AwbBundle (com.taobao.android.builder.dependency.model.AwbBundle)16
InputFile (org.gradle.api.tasks.InputFile)16
OutputFile (org.gradle.api.tasks.OutputFile)15
FileCollection (org.gradle.api.file.FileCollection)13
AtlasDependencyTree (com.taobao.android.builder.dependency.AtlasDependencyTree)12
ExecutorServicesHelper (com.taobao.android.builder.tools.concurrent.ExecutorServicesHelper)12
Map (java.util.Map)12
DefaultTask (org.gradle.api.DefaultTask)12
HashMap (java.util.HashMap)10
InvalidUserDataException (org.gradle.api.InvalidUserDataException)9
AndroidLibrary (com.android.builder.model.AndroidLibrary)8
URLClassLoader (java.net.URLClassLoader)8
WorkResult (org.gradle.api.tasks.WorkResult)8
