Module: Sensu::Plugins::Kubernetes::Client
- Included in:
- CLI
- Defined in:
- lib/sensu-plugins-kubernetes/client.rb
Overview
A mixin module that provides Kubernetes client (kubeclient) support.
Constant Summary collapse
- INCLUSTER_CA_FILE =
The location of the service account provided CA. (if the cluster is configured to provide it)
'/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
- INCLUSTER_TOKEN_FILE =
The location of the service account provided authentication token.
'/var/run/secrets/kubernetes.io/serviceaccount/token'
Instance Method Summary collapse
-
#kubeclient(options = {}) ⇒ Object
Creates a new Kubeclient::Client instance using the given SSL and authentication options (if any).
Instance Method Details
#kubeclient(options = {}) ⇒ Object
Creates a new Kubeclient::Client instance using the given SSL and authentication options (if any)
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
# File 'lib/sensu-plugins-kubernetes/client.rb', line 50 def kubeclient( = {}) raise(ArgumentError, 'options must be a hash') unless .is_a?(Hash) if [:kube_config] begin config = Kubeclient::Config.read([:kube_config]) api_server = config.context.api_endpoint api_version = config.context.api_version = config.context. = config.context. rescue StandardError => e raise e, "Unable to read kubeconfig: #{e}", e.backtrace end else api_server = [:server] api_version = [:version] = { ca_file: [:ca_file] } = { username: [:username], password: [:password], bearer_token: [:token], bearer_token_file: [:token_file] } end if %i[client_cert_file client_key_file].count { |k| [k] } == 1 raise ArgumentError, 'SSL requires both client cert and client key' end if [:client_cert_file] begin [:client_cert] = OpenSSL::X509::Certificate.new(File.read([:client_cert_file])) rescue StandardError => e raise e, "Unable to read client certificate: #{e}", e.backtrace end end if [:client_key_file] begin [:client_key] = OpenSSL::PKey::RSA.new(File.read([:client_key_file])) rescue StandardError => e raise e, "Unable to read client key: #{e}", e.backtrace end end if [:incluster] # Provide in-cluster defaults, if not already specified # (following the kubernetes incluster config code, more or less) # api-server # TODO: use in-cluster DNS ?? if api_server.nil? host = ENV['KUBERNETES_SERVICE_HOST'] port = ENV['KUBERNETES_SERVICE_PORT'] if host.nil? || port.nil? raise ArgumentError, 'unable to load in-cluster configuration,'\ ' KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT'\ ' must be defined' end api_server = URI::HTTPS.build(host: host, port: port, path: '/api') end # ca file, but only if it exists if [:ca_file].nil? && File.exist?(INCLUSTER_CA_FILE) # Readability/permission issues should be left to kubeclient [:ca_file] = INCLUSTER_CA_FILE end # token file if [:bearer_token_file].nil? [:bearer_token_file] = INCLUSTER_TOKEN_FILE end end [:verify_ssl] = [:ca_file] ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE begin # new only throws errors on bad arguments Kubeclient::Client.new(api_server, api_version, ssl_options: , auth_options: ) rescue URI::InvalidURIError => e # except for this one, which we'll re-wrap to make catching easier raise ArgumentError, "Invalid API server: #{e}", e.backtrace end end |