Module: Gitlab::Kubernetes

Included in:

Clusters::KubernetesNamespace, Clusters::Platforms::Kubernetes

Defined in:

lib/gitlab/kubernetes.rb,
lib/gitlab/kubernetes/pod.rb,
lib/gitlab/kubernetes/helm.rb,
lib/gitlab/kubernetes/node.rb,
lib/gitlab/kubernetes/role.rb,
lib/gitlab/kubernetes/errors.rb,
lib/gitlab/kubernetes/logger.rb,
lib/gitlab/kubernetes/ingress.rb,
lib/gitlab/kubernetes/pod_cmd.rb,
lib/gitlab/kubernetes/namespace.rb,
lib/gitlab/kubernetes/config_map.rb,
lib/gitlab/kubernetes/deployment.rb,
lib/gitlab/kubernetes/tls_secret.rb,
lib/gitlab/kubernetes/kube_client.rb,
lib/gitlab/kubernetes/kubectl_cmd.rb,
lib/gitlab/kubernetes/role_binding.rb,
lib/gitlab/kubernetes/generic_secret.rb,
lib/gitlab/kubernetes/rollout_status.rb,
lib/gitlab/kubernetes/service_account.rb,
lib/gitlab/kubernetes/default_namespace.rb,
lib/gitlab/kubernetes/rollout_instances.rb,
lib/gitlab/kubernetes/kubeconfig/template.rb,
lib/gitlab/kubernetes/cluster_role_binding.rb,
lib/gitlab/kubernetes/kubeconfig/entry/user.rb,
lib/gitlab/kubernetes/service_account_token.rb,
lib/gitlab/kubernetes/kubeconfig/entry/cluster.rb,
lib/gitlab/kubernetes/kubeconfig/entry/context.rb,
lib/gitlab/kubernetes/config_maps/aws_node_auth.rb

Overview

Helper methods to do with Kubernetes network services & resources

Defined Under Namespace

Modules: ConfigMaps, Errors, Helm, Kubeconfig, KubectlCmd, PodCmd Classes: ClusterRoleBinding, ConfigMap, DefaultNamespace, Deployment, GenericSecret, Ingress, KubeClient, Logger, Namespace, Node, Pod, Role, RoleBinding, RolloutInstances, RolloutStatus, ServiceAccount, ServiceAccountToken, TlsSecret

Constant Summary

EXEC_COMMAND =

This is the comand that is run to start a terminal session. Kubernetes expects ‘command=foo&command=bar, not `command[]=foo&command=bar`

URI.encode_www_form(
  ['sh', '-c', 'bash || sh'].map { |value| ['command', value] }
)

Class Method Summary

• .build_header_hash ⇒ Object

Instance Method Summary

• #add_terminal_auth(terminal, token:, max_session_time:, ca_pem: nil) ⇒ Object
• #container_exec_url(api_url, namespace, pod_name, container_name) ⇒ Object
• #filter_by_annotation(items, annotations = {}) ⇒ Object

  Filters an array of pods (as returned by the kubernetes API) by their annotations.

• #filter_by_label(items, labels = {}) ⇒ Object

  Filters an array of pods (as returned by the kubernetes API) by their labels.

• #filter_by_legacy_label(items, app, env) ⇒ Object
• #filter_by_project_environment(items, app, env) ⇒ Object

  Filters an array of pods (as returned by the kubernetes API) by their project and environment.

• #terminals_for_pod(api_url, namespace, pod) ⇒ Object

  Converts a pod (as returned by the kubernetes API) into a terminal.

• #to_kubeconfig(url:, namespace:, token:, ca_pem: nil) ⇒ Object

Class Method Details

.build_header_hash ⇒ Object

# File 'lib/gitlab/kubernetes.rb', line 6

def self.build_header_hash
  Hash.new { |h, k| h[k] = [] }
end

Instance Method Details

#add_terminal_auth(terminal, token:, max_session_time:, ca_pem: nil) ⇒ Object

# File 'lib/gitlab/kubernetes.rb', line 83

def add_terminal_auth(terminal, token:, max_session_time:, ca_pem: nil)
  terminal[:headers] ||= ::Gitlab::Kubernetes.build_header_hash
  terminal[:headers]['Authorization'] << "Bearer #{token}"
  terminal[:max_session_time] = max_session_time
  terminal[:ca_pem] = ca_pem if ca_pem.present?
end

#container_exec_url(api_url, namespace, pod_name, container_name) ⇒ Object

# File 'lib/gitlab/kubernetes.rb', line 90

def container_exec_url(api_url, namespace, pod_name, container_name)
  url = URI.parse(api_url)
  url.path = [
    url.path.sub(%r{/+\z}, ''),
    'api', 'v1',
    'namespaces', ERB::Util.url_encode(namespace),
    'pods', ERB::Util.url_encode(pod_name),
    'exec'
  ].join('/')

  url.query = {
    container: container_name,
    tty: true,
    stdin: true,
    stdout: true,
    stderr: true
  }.to_query + '&' + EXEC_COMMAND

  case url.scheme
  when 'http'
    url.scheme = 'ws'
  when 'https'
    url.scheme = 'wss'
  end

  url.to_s
end

#filter_by_annotation(items, annotations = {}) ⇒ Object

Filters an array of pods (as returned by the kubernetes API) by their annotations

# File 'lib/gitlab/kubernetes.rb', line 28

def filter_by_annotation(items, annotations = {})
  items.select do |item|
    metadata = item.fetch("metadata", {})
    item_annotations = metadata.fetch("annotations", nil)
    next unless item_annotations

    annotations.all? { |k, v| item_annotations[k.to_s] == v }
  end
end

#filter_by_label(items, labels = {}) ⇒ Object

Filters an array of pods (as returned by the kubernetes API) by their labels

# File 'lib/gitlab/kubernetes.rb', line 17

def filter_by_label(items, labels = {})
  items.select do |item|
    metadata = item.fetch("metadata", {})
    item_labels = metadata.fetch("labels", nil)
    next unless item_labels

    labels.all? { |k, v| item_labels[k.to_s] == v }
  end
end

#filter_by_legacy_label(items, app, env) ⇒ Object

# File 'lib/gitlab/kubernetes.rb', line 46

def filter_by_legacy_label(items, app, env)
  legacy_items = filter_by_label(items, { app: env })

  non_legacy_items = filter_by_project_environment(legacy_items, app, env)

  legacy_items - non_legacy_items
end

#filter_by_project_environment(items, app, env) ⇒ Object

Filters an array of pods (as returned by the kubernetes API) by their project and environment

# File 'lib/gitlab/kubernetes.rb', line 39

def filter_by_project_environment(items, app, env)
  filter_by_annotation(items, {
    'app.gitlab.com/app' => app,
    'app.gitlab.com/env' => env
  })
end

#terminals_for_pod(api_url, namespace, pod) ⇒ Object

Converts a pod (as returned by the kubernetes API) into a terminal

# File 'lib/gitlab/kubernetes.rb', line 55

def terminals_for_pod(api_url, namespace, pod)
  metadata = pod.fetch("metadata", {})
  status   = pod.fetch("status", {})
  spec     = pod.fetch("spec", {})

  containers = spec["containers"]
  pod_name   = metadata["name"]
  phase      = status["phase"]

  return unless containers.present? && pod_name.present? && phase == "Running"

  created_at = begin
    DateTime.parse(metadata["creationTimestamp"])
  rescue StandardError
    nil
  end

  containers.map do |container|
    {
      selectors: { pod: pod_name, container: container["name"] },
      url: container_exec_url(api_url, namespace, pod_name, container["name"]),
      subprotocols: ['channel.k8s.io'],
      headers: ::Gitlab::Kubernetes.build_header_hash,
      created_at: created_at
    }
  end
end

#to_kubeconfig(url:, namespace:, token:, ca_pem: nil) ⇒ Object

# File 'lib/gitlab/kubernetes.rb', line 118

def to_kubeconfig(url:, namespace:, token:, ca_pem: nil)
  return unless token.present?

  config = {
    apiVersion: 'v1',
    clusters: [
      name: 'gitlab-deploy',
      cluster: {
        server: url
      }
    ],
    contexts: [
      name: 'gitlab-deploy',
      context: {
        cluster: 'gitlab-deploy',
        namespace: namespace,
        user: 'gitlab-deploy'
      }
    ],
    'current-context': 'gitlab-deploy',
    kind: 'Config',
    users: [
      {
        name: 'gitlab-deploy',
        user: { token: token }
      }
    ]
  }

  kubeconfig_embed_ca_pem(config, ca_pem) if ca_pem

  YAML.dump(config.deep_stringify_keys)
end