Skip to content
This repository has been archived by the owner on Jul 6, 2023. It is now read-only.

Commit

Permalink
Merge pull request #563 from lpabon/namespace_pr
Browse files Browse the repository at this point in the history 
kubernetes: Use namespace from secret
  • Loading branch information
Luis Pabón committed Nov 3, 2016
2 parents 4e74207 + 660c685 commit 4a5a9d3
Show file tree
Hide file tree
Showing 9 changed files with 77 additions and 162 deletions.
7 changes: 5 additions & 2 deletions executors/kubeexec/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,13 @@ type KubeConfig struct {
Insecure bool `json:"insecure"`
User string `json:"user"`
Password string `json:"password"`
Token string `json:"token"`
Namespace string `json:"namespace"`
// Use Secrets to get the Bearerkey
UseSecrets bool `json:"use_secrets"`
TokenFile string `json:"token"`
UseSecrets bool `json:"use_secrets"`

TokenFile string `json:"token_file"`
NamespaceFile string `json:"namespace_file"`

// Use POD name instead of using label
// to access POD
Expand Down
48 changes: 30 additions & 18 deletions executors/kubeexec/kubeexec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,6 @@ import (
"github.com/heketi/heketi/pkg/utils"
)

type KubernetesClient interface {
}

type KubernetesRemoteCommand interface {
}

type KubernetesRemoteCommandStream interface {
}

const (
KubeGlusterFSPodLabelKey = "glusterfs-node"
)
Expand Down Expand Up @@ -139,6 +130,11 @@ func setWithEnvVariables(config *KubeConfig) {
config.TokenFile = env
}

env = os.Getenv("HEKETI_KUBE_NAMESPACEFILE")
if "" != env {
config.NamespaceFile = env
}

// Use POD names
env = os.Getenv("HEKETI_KUBE_USE_POD_NAMES")
if "" != env {
Expand Down Expand Up @@ -168,6 +164,13 @@ func NewKubeExecutor(config *KubeConfig) (*KubeExecutor, error) {
}

// Check required values
if k.config.NamespaceFile != "" {
var err error
k.config.Namespace, err = k.readAllLinesFromFile(k.config.NamespaceFile)
if err != nil {
return nil, err
}
}
if k.config.Namespace == "" {
return nil, fmt.Errorf("Namespace must be provided in configuration")
}
Expand All @@ -193,13 +196,12 @@ func (k *KubeExecutor) RemoteCommandExecute(host string,

// Execute
return k.ConnectAndExec(host,
k.config.Namespace,
"pods",
commands,
timeoutMinutes)
}

func (k *KubeExecutor) ConnectAndExec(host, namespace, resource string,
func (k *KubeExecutor) ConnectAndExec(host, resource string,
commands []string,
timeoutMinutes int) ([]string, error) {

Expand All @@ -213,7 +215,10 @@ func (k *KubeExecutor) ConnectAndExec(host, namespace, resource string,
clientConfig.Insecure = k.config.Insecure

// Login
if k.config.User != "" && k.config.Password != "" {
if k.config.UseSecrets == false &&
k.config.User != "" &&
k.config.Password != "" {

token, err := tokenCreator(clientConfig,
nil,
k.config.User,
Expand All @@ -224,12 +229,11 @@ func (k *KubeExecutor) ConnectAndExec(host, namespace, resource string,
}
clientConfig.BearerToken = token
} else if k.config.UseSecrets {
tokenBytes, err := ioutil.ReadFile(k.config.TokenFile)
var err error
clientConfig.BearerToken, err = k.readAllLinesFromFile(k.config.TokenFile)
if err != nil {
logger.Err(err)
return nil, logger.LogError("Secret token not found in %v", k.config.TokenFile)
return nil, err
}
clientConfig.BearerToken = string(tokenBytes)
}

// Get a client
Expand All @@ -254,7 +258,7 @@ func (k *KubeExecutor) ConnectAndExec(host, namespace, resource string,
}

// Get a list of pods
pods, err := conn.Pods(namespace).List(api.ListOptions{
pods, err := conn.Pods(k.config.Namespace).List(api.ListOptions{
LabelSelector: selector,
FieldSelector: fields.Everything(),
})
Expand Down Expand Up @@ -294,7 +298,7 @@ func (k *KubeExecutor) ConnectAndExec(host, namespace, resource string,
req := conn.RESTClient.Post().
Resource(resource).
Name(podName).
Namespace(namespace).
Namespace(k.config.Namespace).
SubResource("exec")
req.VersionedParams(&api.PodExecOptions{
Command: []string{"/bin/bash", "-c", command},
Expand Down Expand Up @@ -339,3 +343,11 @@ func (k *KubeExecutor) RebalanceOnExpansion() bool {
func (k *KubeExecutor) SnapShotLimit() int {
return k.config.SnapShotLimit
}

func (k *KubeExecutor) readAllLinesFromFile(filename string) (string, error) {
fileBytes, err := ioutil.ReadFile(filename)
if err != nil {
return "", logger.LogError("Error reading %v file: %v", filename, err.Error())
}
return string(fileBytes), nil
}
5 changes: 2 additions & 3 deletions extras/kubernetes/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,10 @@ $ heketi_secret=$(kubectl get sa heketi-service-account -o="go-template" --templ

* Deploy deploy-heketi. Before deploying you will need to determine the Kubernetes API endpoint and namespace.

In this example, we will use `https://1.1.1.1:443` as our Kubernetes API endpoint, and `default` as the namespace:
In this example, we will use `https://1.1.1.1:443` as our Kubernetes API endpoint

```
$ sed -e "s#<HEKETI_KUBE_NAMESPACE>#\"default\"#" \
-e "s#<HEKETI_KUBE_SECRETNAME>#\"$heketi_secret\"#" \
$ sed -e "s#<HEKETI_KUBE_SECRETNAME>#\"$heketi_secret\"#" \
-e "s#<HEKETI_KUBE_APIHOST>#\"http://1.1.1.1:443\"#" deploy-heketi-deployment.json | kubectl create -f -
```

Expand Down
10 changes: 5 additions & 5 deletions extras/kubernetes/deploy-heketi-deployment.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"spec": {
"containers": [
{
"image": "heketi/heketi:dev",
"image": "heketi/heketi",
"imagePullPolicy": "Always",
"name": "deploy-heketi",
"env": [
Expand All @@ -66,6 +66,10 @@
"name": "HEKETI_KUBE_TOKENFILE",
"value": "/var/lib/heketi/secret/token"
},
{
"name": "HEKETI_KUBE_NAMESPACEFILE",
"value": "/var/lib/heketi/secret/namespace"
},
{
"name": "HEKETI_FSTAB",
"value": "/var/lib/heketi/fstab"
Expand All @@ -78,10 +82,6 @@
"name": "HEKETI_KUBE_INSECURE",
"value": "y"
},
{
"name": "HEKETI_KUBE_NAMESPACE",
"value": <HEKETI_KUBE_NAMESPACE>
},
{
"name": "HEKETI_KUBE_APIHOST",
"value": <HEKETI_KUBE_APIHOST>
Expand Down
10 changes: 5 additions & 5 deletions extras/kubernetes/heketi-deployment.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"spec": {
"containers": [
{
"image": "heketi/heketi:dev",
"image": "heketi/heketi",
"imagePullPolicy": "Always",
"name": "heketi",
"env": [
Expand All @@ -65,6 +65,10 @@
"name": "HEKETI_KUBE_TOKENFILE",
"value": "/var/lib/heketi/secret/token"
},
{
"name": "HEKETI_KUBE_NAMESPACEFILE",
"value": "/var/lib/heketi/secret/namespace"
},
{
"name": "HEKETI_FSTAB",
"value": "/var/lib/heketi/fstab"
Expand All @@ -77,10 +81,6 @@
"name": "HEKETI_KUBE_INSECURE",
"value": "y"
},
{
"name": "HEKETI_KUBE_NAMESPACE",
"value": <HEKETI_KUBE_NAMESPACE>
},
{
"name": "HEKETI_KUBE_APIHOST",
"value": <HEKETI_KUBE_APIHOST>
Expand Down
4 changes: 0 additions & 4 deletions tests/functional/TestKubeSmokeTest/ServiceAccount.yaml
View file

This file was deleted.

1 change: 1 addition & 0 deletions tests/functional/TestKubeSmokeTest/run.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ build_heketi() {

copy_client_files() {
cp $CLIENTDIR/heketi-cli $RESOURCES_DIR || fail "Unable to copy client files"
cp $TOP/extras/kubernetes/* $RESOURCES_DIR || fail "Unable to copy kubernetes deployment files"
}

teardown() {
Expand Down
110 changes: 0 additions & 110 deletions tests/functional/TestKubeSmokeTest/test-heketi-deployment.json
View file

This file was deleted.

Loading

0 comments on commit 4a5a9d3

Please sign in to comment.