-
Notifications
You must be signed in to change notification settings - Fork 0
/
kubernetes.go
147 lines (122 loc) · 5.07 KB
/
kubernetes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
package utils
import (
"net/http"
"os"
"github.com/equinor/radix-api/api/metrics"
radixmodels "github.com/equinor/radix-common/models"
radixclient "github.com/equinor/radix-operator/pkg/client/clientset/versioned"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
"github.com/prometheus/client_golang/prometheus/promhttp"
log "github.com/sirupsen/logrus"
"k8s.io/client-go/kubernetes"
restclient "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
secretProviderClient "sigs.k8s.io/secrets-store-csi-driver/pkg/client/clientset/versioned"
)
type RestClientConfigOption func(*restclient.Config)
func WithQPS(qps float32) RestClientConfigOption {
return func(cfg *restclient.Config) {
cfg.QPS = qps
}
}
func WithBurst(burst int) RestClientConfigOption {
return func(cfg *restclient.Config) {
cfg.Burst = burst
}
}
// KubeUtil Interface to be mocked in tests
type KubeUtil interface {
GetOutClusterKubernetesClient(string, ...RestClientConfigOption) (kubernetes.Interface, radixclient.Interface, secretProviderClient.Interface)
GetOutClusterKubernetesClientWithImpersonation(string, radixmodels.Impersonation, ...RestClientConfigOption) (kubernetes.Interface, radixclient.Interface, secretProviderClient.Interface)
GetInClusterKubernetesClient(...RestClientConfigOption) (kubernetes.Interface, radixclient.Interface, secretProviderClient.Interface)
}
type kubeUtil struct {
useOutClusterClient bool
}
var (
nrRequests = promauto.NewHistogramVec(prometheus.HistogramOpts{
Name: "radix_api_k8s_request_duration_seconds",
Help: "request duration done to k8s api in seconds bucket",
Buckets: metrics.DefaultBuckets(),
}, []string{"code", "method"})
)
// NewKubeUtil Constructor
func NewKubeUtil(useOutClusterClient bool) KubeUtil {
return &kubeUtil{
useOutClusterClient,
}
}
//GetOutClusterKubernetesClient Gets a kubernetes client using the bearer token from the radix api client
func (ku *kubeUtil) GetOutClusterKubernetesClient(token string, options ...RestClientConfigOption) (kubernetes.Interface, radixclient.Interface, secretProviderClient.Interface) {
return ku.GetOutClusterKubernetesClientWithImpersonation(token, radixmodels.Impersonation{}, options...)
}
//GetOutClusterKubernetesClientWithImpersonation Gets a kubernetes client using the bearer token from the radix api client
func (ku *kubeUtil) GetOutClusterKubernetesClientWithImpersonation(token string, impersonation radixmodels.Impersonation, options ...RestClientConfigOption) (kubernetes.Interface, radixclient.Interface, secretProviderClient.Interface) {
if ku.useOutClusterClient {
config := getOutClusterClientConfig(token, impersonation, options)
return getKubernetesClientFromConfig(config)
}
return ku.GetInClusterKubernetesClient(options...)
}
// GetInClusterKubernetesClient Gets a kubernetes client using the config of the running pod
func (ku *kubeUtil) GetInClusterKubernetesClient(options ...RestClientConfigOption) (kubernetes.Interface, radixclient.Interface, secretProviderClient.Interface) {
config := getInClusterClientConfig(options)
return getKubernetesClientFromConfig(config)
}
func getOutClusterClientConfig(token string, impersonation radixmodels.Impersonation, options []RestClientConfigOption) *restclient.Config {
host := os.Getenv("K8S_API_HOST")
if host == "" {
host = "https://kubernetes.default.svc"
}
kubeConfig := &restclient.Config{
Host: host,
BearerToken: token,
TLSClientConfig: restclient.TLSClientConfig{
Insecure: true,
},
}
if impersonation.PerformImpersonation() {
impersonationConfig := restclient.ImpersonationConfig{
UserName: impersonation.User,
Groups: []string{impersonation.Group},
}
kubeConfig.Impersonate = impersonationConfig
}
return addCommonConfigs(kubeConfig, options)
}
func getInClusterClientConfig(options []RestClientConfigOption) *restclient.Config {
kubeConfigPath := os.Getenv("HOME") + "/.kube/config"
config, err := clientcmd.BuildConfigFromFlags("", kubeConfigPath)
if err != nil {
config, err = restclient.InClusterConfig()
if err != nil {
log.Fatalf("getClusterConfig InClusterConfig: %v", err)
}
}
return addCommonConfigs(config, options)
}
func addCommonConfigs(config *restclient.Config, options []RestClientConfigOption) *restclient.Config {
for _, opt := range options {
opt(config)
}
config.WrapTransport = func(rt http.RoundTripper) http.RoundTripper {
return promhttp.InstrumentRoundTripperDuration(nrRequests, rt)
}
return config
}
func getKubernetesClientFromConfig(config *restclient.Config) (kubernetes.Interface, radixclient.Interface, secretProviderClient.Interface) {
client, err := kubernetes.NewForConfig(config)
if err != nil {
log.Fatalf("getClusterConfig k8s client: %v", err)
}
radixClient, err := radixclient.NewForConfig(config)
if err != nil {
log.Fatalf("getClusterConfig radix client: %v", err)
}
secretProviderClient, err := secretProviderClient.NewForConfig(config)
if err != nil {
log.Fatalf("getClusterConfig secret provider client client: %v", err)
}
return client, radixClient, secretProviderClient
}