Module: Gitlab::Kubernetes

Included in:
Clusters::KubernetesNamespace, Clusters::Platforms::Kubernetes
Defined in:
lib/gitlab/kubernetes.rb,
lib/gitlab/kubernetes/pod.rb,
lib/gitlab/kubernetes/helm.rb,
lib/gitlab/kubernetes/node.rb,
lib/gitlab/kubernetes/role.rb,
lib/gitlab/kubernetes/errors.rb,
lib/gitlab/kubernetes/logger.rb,
lib/gitlab/kubernetes/helm/api.rb,
lib/gitlab/kubernetes/helm/pod.rb,
lib/gitlab/kubernetes/namespace.rb,
lib/gitlab/kubernetes/config_map.rb,
lib/gitlab/kubernetes/tls_secret.rb,
lib/gitlab/kubernetes/kube_client.rb,
lib/gitlab/kubernetes/kubectl_cmd.rb,
lib/gitlab/kubernetes/role_binding.rb,
lib/gitlab/kubernetes/generic_secret.rb,
lib/gitlab/kubernetes/network_policy.rb,
lib/gitlab/kubernetes/service_account.rb,
lib/gitlab/kubernetes/helm/certificate.rb,
lib/gitlab/kubernetes/default_namespace.rb,
lib/gitlab/kubernetes/helm/base_command.rb,
lib/gitlab/kubernetes/helm/init_command.rb,
lib/gitlab/kubernetes/helm/patch_command.rb,
lib/gitlab/kubernetes/helm/reset_command.rb,
lib/gitlab/kubernetes/helm/client_command.rb,
lib/gitlab/kubernetes/helm/delete_command.rb,
lib/gitlab/kubernetes/cluster_role_binding.rb,
lib/gitlab/kubernetes/helm/install_command.rb,
lib/gitlab/kubernetes/helm/parsers/list_v2.rb,
lib/gitlab/kubernetes/cilium_network_policy.rb,
lib/gitlab/kubernetes/network_policy_common.rb,
lib/gitlab/kubernetes/service_account_token.rb,
lib/gitlab/kubernetes/config_maps/aws_node_auth.rb

Overview

Helper methods to do with Kubernetes network services & resources

Defined Under Namespace

Modules: ConfigMaps, Errors, Helm, KubectlCmd, NetworkPolicyCommon, Pod Classes: CiliumNetworkPolicy, ClusterRoleBinding, ConfigMap, DefaultNamespace, GenericSecret, KubeClient, Logger, Namespace, NetworkPolicy, Node, Role, RoleBinding, ServiceAccount, ServiceAccountToken, TlsSecret

Constant Summary collapse

EXEC_COMMAND =

This is the comand that is run to start a terminal session. Kubernetes expects `command=foo&command=bar, not `command[]=foo&command=bar`

URI.encode_www_form(
  ['sh', '-c', 'bash || sh'].map { |value| ['command', value] }
)

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.build_header_hashObject


6
7
8
# File 'lib/gitlab/kubernetes.rb', line 6

def self.build_header_hash
  Hash.new { |h, k| h[k] = [] }
end

Instance Method Details

#add_terminal_auth(terminal, token:, max_session_time:, ca_pem: nil) ⇒ Object


79
80
81
82
83
84
# File 'lib/gitlab/kubernetes.rb', line 79

def add_terminal_auth(terminal, token:, max_session_time:, ca_pem: nil)
  terminal[:headers] ||= ::Gitlab::Kubernetes.build_header_hash
  terminal[:headers]['Authorization'] << "Bearer #{token}"
  terminal[:max_session_time] = max_session_time
  terminal[:ca_pem] = ca_pem if ca_pem.present?
end

#container_exec_url(api_url, namespace, pod_name, container_name) ⇒ Object


86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# File 'lib/gitlab/kubernetes.rb', line 86

def container_exec_url(api_url, namespace, pod_name, container_name)
  url = URI.parse(api_url)
  url.path = [
    url.path.sub(%r{/+\z}, ''),
    'api', 'v1',
    'namespaces', ERB::Util.url_encode(namespace),
    'pods', ERB::Util.url_encode(pod_name),
    'exec'
  ].join('/')

  url.query = {
    container: container_name,
    tty: true,
    stdin: true,
    stdout: true,
    stderr: true
  }.to_query + '&' + EXEC_COMMAND

  case url.scheme
  when 'http'
    url.scheme = 'ws'
  when 'https'
    url.scheme = 'wss'
  end

  url.to_s
end

#filter_by_annotation(items, annotations = {}) ⇒ Object

Filters an array of pods (as returned by the kubernetes API) by their annotations


28
29
30
31
32
33
34
35
36
# File 'lib/gitlab/kubernetes.rb', line 28

def filter_by_annotation(items, annotations = {})
  items.select do |item|
     = item.fetch("metadata", {})
    item_annotations = .fetch("annotations", nil)
    next unless item_annotations

    annotations.all? { |k, v| item_annotations[k.to_s] == v }
  end
end

#filter_by_label(items, labels = {}) ⇒ Object

Filters an array of pods (as returned by the kubernetes API) by their labels


17
18
19
20
21
22
23
24
25
# File 'lib/gitlab/kubernetes.rb', line 17

def filter_by_label(items, labels = {})
  items.select do |item|
     = item.fetch("metadata", {})
    item_labels = .fetch("labels", nil)
    next unless item_labels

    labels.all? { |k, v| item_labels[k.to_s] == v }
  end
end

#filter_by_legacy_label(items, app, env) ⇒ Object


46
47
48
49
50
51
52
# File 'lib/gitlab/kubernetes.rb', line 46

def filter_by_legacy_label(items, app, env)
  legacy_items = filter_by_label(items, { app: env })

  non_legacy_items = filter_by_project_environment(legacy_items, app, env)

  legacy_items - non_legacy_items
end

#filter_by_project_environment(items, app, env) ⇒ Object

Filters an array of pods (as returned by the kubernetes API) by their project and environment


39
40
41
42
43
44
# File 'lib/gitlab/kubernetes.rb', line 39

def filter_by_project_environment(items, app, env)
  filter_by_annotation(items, {
    'app.gitlab.com/app' => app,
    'app.gitlab.com/env' => env
  })
end

#terminals_for_pod(api_url, namespace, pod) ⇒ Object

Converts a pod (as returned by the kubernetes API) into a terminal


55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/gitlab/kubernetes.rb', line 55

def terminals_for_pod(api_url, namespace, pod)
   = pod.fetch("metadata", {})
  status   = pod.fetch("status", {})
  spec     = pod.fetch("spec", {})

  containers = spec["containers"]
  pod_name   = ["name"]
  phase      = status["phase"]

  return unless containers.present? && pod_name.present? && phase == "Running"

  created_at = DateTime.parse(["creationTimestamp"]) rescue nil

  containers.map do |container|
    {
      selectors:    { pod: pod_name, container: container["name"] },
      url:          container_exec_url(api_url, namespace, pod_name, container["name"]),
      subprotocols: ['channel.k8s.io'],
      headers:      ::Gitlab::Kubernetes.build_header_hash,
      created_at:   created_at
    }
  end
end

#to_kubeconfig(url:, namespace:, token:, ca_pem: nil) ⇒ Object


114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'lib/gitlab/kubernetes.rb', line 114

def to_kubeconfig(url:, namespace:, token:, ca_pem: nil)
  return unless token.present?

  config = {
    apiVersion: 'v1',
    clusters: [
      name: 'gitlab-deploy',
      cluster: {
        server: url
      }
    ],
    contexts: [
      name: 'gitlab-deploy',
      context: {
        cluster: 'gitlab-deploy',
        namespace: namespace,
        user: 'gitlab-deploy'
      }
    ],
    'current-context': 'gitlab-deploy',
    kind: 'Config',
    users: [
      {
        name: 'gitlab-deploy',
        user: { token: token }
      }
    ]
  }

  kubeconfig_embed_ca_pem(config, ca_pem) if ca_pem

  YAML.dump(config.deep_stringify_keys)
end