diff --git a/docker-compose.demo.yml b/docker-compose.demo.yml index c35545a7..a8a368c3 100644 --- a/docker-compose.demo.yml +++ b/docker-compose.demo.yml @@ -1,15 +1,14 @@ version: '2' services: api: -# image: kqueen/api:v0.18 - image: vnaumov/kqueen-api:mk1 + image: kqueen/api:v0.18 ports: - 127.0.0.1:5000:5000 depends_on: - etcd environment: KQUEEN_CONFIG_FILE: config/demo.py - KQUEEN_DEBUG: 'True' + KQUEEN_DEBUG: 'False' KQUEEN_LDAP_URI: 'ldap://ldap' KQUEEN_LDAP_DN: 'cn=admin,dc=example,dc=org' KQUEEN_LDAP_PASSWORD: 'heslo123' @@ -24,16 +23,14 @@ services: extra_hosts: - "ci.mcp.mirantis.net:172.16.48.254" ui: -# image: kqueen/ui:v0.9 -# image: vnaumov/kqueen-ui:mk2 - image: vnaumov/kqueen-ui:mk1 + image: kqueen/ui:v0.9 ports: - 127.0.0.1:5080:5080 depends_on: - api environment: KQUEEN_UI_CONFIG_FILE: config/demo.py - KQUEENUI_DEBUG: 'True' + KQUEENUI_DEBUG: 'False' KQUEENUI_SECRET_KEY: 'SecretSecretSecret123' KQUEENUI_KQUEEN_API_URL: http://api:5000/api/v1/ KQUEENUI_KQUEEN_AUTH_URL: http://api:5000/api/v1/auth diff --git a/kqueen/blueprints/api/views.py b/kqueen/blueprints/api/views.py index 3a304994..1c906c44 100644 --- a/kqueen/blueprints/api/views.py +++ b/kqueen/blueprints/api/views.py @@ -230,7 +230,7 @@ def cluster_set_network_policy(pk): data = request.json if not all(k in data for k in ('provider', 'enabled')): - msg = 'Failed to get network policy configuration' + msg = 'Incorrect network policy configuration {}'.format(data) logger.error(msg) abort(400, description=msg) diff --git a/kqueen/config/base.py b/kqueen/config/base.py index 7bca9e7e..4961f272 100644 --- a/kqueen/config/base.py +++ b/kqueen/config/base.py @@ -29,7 +29,7 @@ class BaseConfig: CLUSTER_OK_STATE = 'OK' CLUSTER_PROVISIONING_STATE = 'Deploying' CLUSTER_DEPROVISIONING_STATE = 'Destroying' - CLUSTER_RESIZING_STATE = 'Resizing' + CLUSTER_UPDATING_STATE = 'Updating' CLUSTER_UNKNOWN_STATE = 'Unknown' CLUSTER_STATE_ON_LIST = True diff --git a/kqueen/engines/aks.py b/kqueen/engines/aks.py index 3b34ea7e..54c149d2 100644 --- a/kqueen/engines/aks.py +++ b/kqueen/engines/aks.py @@ -20,7 +20,7 @@ 'Succeeded': config.get('CLUSTER_OK_STATE'), 'Deleting': config.get('CLUSTER_DEPROVISIONING_STATE'), 'Failed': config.get('CLUSTER_ERROR_STATE'), - 'Updating': config.get('CLUSTER_RESIZING_STATE') + 'Updating': config.get('CLUSTER_UPDATING_STATE') } diff --git a/kqueen/engines/gce.py b/kqueen/engines/gce.py index 9352a1aa..db403898 100644 --- a/kqueen/engines/gce.py +++ b/kqueen/engines/gce.py @@ -14,7 +14,7 @@ 'PROVISIONING': config.get('CLUSTER_PROVISIONING_STATE'), 'RUNNING': config.get('CLUSTER_OK_STATE'), 'STOPPING': config.get('CLUSTER_DEPROVISIONING_STATE'), - 'RECONCILING': config.get('CLUSTER_RESIZING_STATE') + 'RECONCILING': config.get('CLUSTER_UPDATING_STATE') } @@ -103,31 +103,31 @@ class GceEngine(BaseEngine): 'required': True } }, + 'network_range': { + 'type': 'text', + 'label': 'Network range CIDR', + 'order': 5, + 'placeholder': '10.0.0.0/14', + 'validators': { + 'required': False, + 'regexp': '(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}' + '([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])' + '(/([0-9]|[1-9][0-9]|2[0-4]))?$)?' + } + }, 'network_policy': { 'type': 'select', 'label': 'Network Policy', 'order': 4, 'choices': [ - ('none', '(None)'), + ('PROVIDER_UNSPECIFIED', '(None)'), ('CALICO', 'Calico') ], - 'default': 'none', + 'default': 'PROVIDER_UNSPECIFIED', 'validators': { 'required': False }, 'class_name': 'network-policy' - }, - 'network_range': { - 'type': 'text', - 'label': 'Network range CIDR', - 'order': 5, - 'placeholder': '10.0.0.0/14', - 'validators': { - 'required': False, - 'regexp': '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}' - '([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])' - '(/([0-9]|[1-9][0-9]|2[0-4]))?$' - } } } } @@ -143,6 +143,19 @@ def __init__(self, cluster, **kwargs): self.project = self.service_account_info.get('project_id', '') self.zone = kwargs.get('zone', '-') self.cluster_id = 'a' + self.cluster.id.replace('-', '') + + # Generate metadata for Network Policies if empty + if not isinstance(cluster.metadata.get('network_policy'), dict): + network_provider = kwargs.get('network_policy', 'PROVIDER_UNSPECIFIED') + self.cluster.metadata['network_policy'] = { + 'provider': network_provider, + 'enabled': network_provider != 'PROVIDER_UNSPECIFIED' + } + logger.debug('Generate metadata for network policies: {}' + .format(self.cluster.metadata['network_policy'])) + self.cluster.save() + + meta = self.cluster.metadata self.cluster_config = { 'cluster': { 'name': self.cluster_id, @@ -150,19 +163,18 @@ def __init__(self, cluster, **kwargs): 'nodeConfig': { 'machineType': kwargs.get('machine_type', 'n1-standard-1') }, - 'addonsConfig': {}, + 'addonsConfig': { + 'networkPolicyConfig': { + 'disabled': meta['network_policy'].get('provider', 'PROVIDER_UNSPECIFIED') == 'PROVIDER_UNSPECIFIED' + } + }, 'clusterIpv4Cidr': kwargs.get('network_range', ''), 'networkPolicy': { - 'provider': kwargs.get('network_policy', 'PROVIDER_UNSPECIFIED'), - 'enabled': bool(kwargs.get('network_policy', False)) + 'provider': meta['network_policy'].get('provider', 'PROVIDER_UNSPECIFIED'), + 'enabled': meta['network_policy'].get('enabled', False) } } } - if self.cluster_config['cluster']['networkPolicy']['enabled'] is True: - logger.debug('Network addon for GKE enabled') - self.cluster_config = self._set_addon_config(cluster_config=self.cluster_config, - addon='networkPolicyConfig', - disabled=False) logger.debug('GKE cluster configuration: {}'.format(self.cluster_config)) self.client = self._get_client() @@ -180,29 +192,6 @@ def _get_client(self): return client - def _set_addon_config(self, cluster_config, addon, disabled): - """Set addon configutation to the cluster. - - Args: - cluster_config(dict): Current cluster configuration - addon(str): Name of supported addon - disabled(bool): Enable/Disable addon - - Returns: - dict: Updated cluster configuration - - """ - addons_body = { - addon: { - 'disabled': disabled - } - } - addons_config = cluster_config['cluster'].get('addonsConfig', {}) - addons_config[addon] = addons_body[addon] - logger.debug('Setting {} addon in cluster_config {}'.format(addon, cluster_config)) - - return cluster_config - def provision(self, **kwargs): """ Implementation of :func:`~kqueen.engines.base.BaseEngine.provision` @@ -211,6 +200,16 @@ def provision(self, **kwargs): request = self.client.projects().zones().clusters().create(projectId=self.project, zone=self.zone, body=self.cluster_config) + cluster_config = self.cluster_config['cluster'] + network_meta = self.cluster.metadata['network_policy'] + if network_meta['provider'] == 'CALICO' and int(cluster_config['initialNodeCount']) < 2: + msg = 'Setting {} Network Policy for the cluster {} denied due to '\ + 'unsupported configuration. The minimal size of the '\ + 'cluster to run network policy enforcement is 2 '\ + 'n1-standard-1 instances'.format(network_meta['provider'], + self.cluster_id) + logger.error(msg) + return False, msg try: request.execute() # TODO: check if provisioning response is healthy @@ -220,15 +219,13 @@ def provision(self, **kwargs): logger.exception(msg) return False, msg - cluster_config = self.cluster_config['cluster'] - if cluster_config['networkPolicy']['provider'] is not None: - self.cluster.metadata['network_policy'] = cluster_config['networkPolicy'] - logger.critical('Provisioning cluster {} started, updating metadata...{}' - .format(self.cluster_id, cluster_config['networkPolicy'])) + if cluster_config['networkPolicy']['provider'] != 'PROVIDER_UNSPECIFIED': + network_meta['provider'] = cluster_config['networkPolicy']['provider'] + network_meta['enabled'] = cluster_config['networkPolicy']['enabled'] + logger.debug('Provisioning cluster {} started, updating metadata...{}' + .format(self.cluster_id, self.cluster.metadata)) self.cluster.save() - logger.critical(self.cluster.metadata) - return True, None def deprovision(self, **kwargs): @@ -339,11 +336,10 @@ def set_network_policy(self, network_provider='CALICO', enabled=False, **kwargs) saving metadata...'.format(network_provider, self.cluster_id)) meta = self.cluster.metadata.get('network_policy', {}) - logger.critical('current NETMETA..{}'.format(meta)) meta['provider'] = network_provider meta['enabled'] = enabled - logger.critical('Updating NETWORK POLICY for cluster {} started, saving metadata...{}' - .format(self.cluster_id, self.cluster.metadata['network_policy'])) + logger.debug('Updating network policy for cluster {} started, saving metadata...{}' + .format(self.cluster_id, self.cluster.metadata['network_policy'])) self.cluster.save() return True, None