/
clusters_controller.rb
100 lines (88 loc) · 2.8 KB
/
clusters_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# frozen_string_literal: true
class Kubernetes::ClustersController < ResourceController
PUBLIC = [:index, :show].freeze
HIDDEN = "-- hidden --"
before_action :authorize_admin!, except: PUBLIC
before_action :authorize_super_admin!, except: PUBLIC + [:seed_ecr]
before_action :set_resource, only: [:show, :edit, :update, :destroy, :seed_ecr, :new, :create]
def new
super
@kubernetes_cluster.config_filepath ||= new_config_filepath
end
def index
@kubernetes_clusters = ::Kubernetes::Cluster.all.sort_by { |c| Samson::NaturalOrder.convert(c.name) }
if params[:capacity]
@cluster_nodes = Samson::Parallelizer.map(@kubernetes_clusters) do |cluster|
[cluster.id, cluster.schedulable_nodes]
end.to_h
end
end
def seed_ecr
SamsonAwsEcr::SamsonPlugin.refresh_credentials
@kubernetes_cluster.namespaces.each do |namespace|
update_secret namespace
end
redirect_to({action: :index}, notice: "Seeded!")
end
def edit
@kubernetes_cluster.client_cert = HIDDEN if @kubernetes_cluster.client_cert?
@kubernetes_cluster.client_key = HIDDEN if @kubernetes_cluster.client_key?
super
end
private
def resource_params
params = super.permit(
:name, :config_filepath, :config_context, :description, :ip_prefix,
:auth_method, :api_endpoint, :verify_ssl, :client_cert, :client_key,
:kritis_breakglass,
deploy_group_ids: []
)
params.delete_if { |_, v| v == HIDDEN }
params
end
def new_config_filepath
if file = ENV['KUBE_CONFIG_FILE']
File.expand_path(file)
else
::Kubernetes::Cluster.last&.config_filepath
end
end
# same as this does under the hood:
# http://kubernetes.io/docs/user-guide/images/#using-aws-ec2-container-registry
# kubectl create secret docker-registry kube-ecr-auth --docker-server=X --docker-username=X --docker-password=X
def update_secret(namespace)
docker_config = DockerRegistry.all.each_with_object({}) do |r, h|
h[r.host] = {username: r.username, password: r.password}
end
secret = {
kind: "Secret",
apiVersion: "v1",
metadata: {
name: "kube-ecr-auth",
namespace: namespace,
annotations: {
via: "Samson",
created_at: Time.now.to_s(:db)
}
},
data: {
".dockercfg" => Base64.encode64(JSON.dump(docker_config))
},
type: "kubernetes.io/dockercfg"
}
if secret_exist?(secret)
secrets_client.update_secret(secret)
else
secrets_client.create_secret(secret)
end
end
def secret_exist?(secret)
secrets_client.get_secret(secret.fetch(:metadata).fetch(:name), secret.fetch(:metadata).fetch(:namespace))
true
rescue *SamsonKubernetes.connection_errors
false
end
def secrets_client
@kubernetes_cluster.client('v1')
end
end