Class: Gitlab::Kubernetes::KubeClient

Inherits:

Object

• Object
• Gitlab::Kubernetes::KubeClient

Includes:

Utils::StrongMemoize

Defined in:

lib/gitlab/kubernetes/kube_client.rb

Overview

Wrapper around Kubeclient::Client to dispatch the right message to the client that can respond to the message. We must have a kubeclient for each ApiGroup as there is no other way to use the Kubeclient gem.

See github.com/abonas/kubeclient/issues/348.

Constant Summary

SUPPORTED_API_GROUPS =

{
  core: { group: 'api', version: 'v1' },
  rbac: { group: 'apis/rbac.authorization.k8s.io', version: 'v1' },
  apps: { group: 'apis/apps', version: 'v1' },
  extensions: { group: 'apis/extensions', version: 'v1beta1' },
  istio: { group: 'apis/networking.istio.io', version: 'v1alpha3' },
  knative: { group: 'apis/serving.knative.dev', version: 'v1alpha1' },
  metrics: { group: 'apis/metrics.k8s.io', version: 'v1beta1' },
  networking: { group: 'apis/networking.k8s.io', version: 'v1' },
  cilium_networking: { group: 'apis/cilium.io', version: 'v2' }
}.freeze

DEFAULT_KUBECLIENT_OPTIONS =

{
  timeouts: {
    open: 10,
    read: 30
  }
}.freeze

Instance Attribute Summary

• #api_prefix ⇒ Object readonly

  Returns the value of attribute api_prefix.

• #kubeclient_options ⇒ Object readonly

  Returns the value of attribute kubeclient_options.

Class Method Summary

• .graceful_request(cluster_id) ⇒ Object
• .kubeclient_error_status(message) ⇒ Object

  KubeClient uses the same error class For connection errors (eg. timeout) and for Kubernetes errors.

Instance Method Summary

• #create_or_update_cluster_role_binding(resource) ⇒ Object
• #create_or_update_role_binding(resource) ⇒ Object

  Note that we cannot update roleRef as that is immutable.

• #create_or_update_secret(resource) ⇒ Object
• #create_or_update_service_account(resource) ⇒ Object
• #initialize(api_prefix, **kubeclient_options) ⇒ KubeClient constructor

  We disable redirects through ‘http_max_redirects: 0’, so that KubeClient does not follow redirects and expose internal services.

Constructor Details

#initialize(api_prefix, **kubeclient_options) ⇒ KubeClient

We disable redirects through ‘http_max_redirects: 0’, so that KubeClient does not follow redirects and expose internal services.

# File 'lib/gitlab/kubernetes/kube_client.rb', line 125

def initialize(api_prefix, **kubeclient_options)
  @api_prefix = api_prefix
  @kubeclient_options = DEFAULT_KUBECLIENT_OPTIONS
    .deep_merge(kubeclient_options)
    .merge(http_max_redirects: 0)

  validate_url!
end

Instance Attribute Details

#api_prefix ⇒ Object (readonly)

Returns the value of attribute api_prefix.

# File 'lib/gitlab/kubernetes/kube_client.rb', line 88

def api_prefix
  @api_prefix
end

#kubeclient_options ⇒ Object (readonly)

Returns the value of attribute kubeclient_options.

# File 'lib/gitlab/kubernetes/kube_client.rb', line 88

def kubeclient_options
  @kubeclient_options
end

Class Method Details

.graceful_request(cluster_id) ⇒ Object

# File 'lib/gitlab/kubernetes/kube_client.rb', line 97

def self.graceful_request(cluster_id)
  { status: :connected, response: yield }
rescue *Gitlab::Kubernetes::Errors::CONNECTION
  { status: :unreachable, connection_error: :connection_error }
rescue *Gitlab::Kubernetes::Errors::AUTHENTICATION
  { status: :authentication_failure, connection_error: :authentication_error }
rescue Kubeclient::HttpError => e
  { status: kubeclient_error_status(e.message), connection_error: :http_error }
rescue StandardError => e
  Gitlab::ErrorTracking.track_exception(e, cluster_id: cluster_id)

  { status: :unknown_failure, connection_error: :unknown_error }
end

.kubeclient_error_status(message) ⇒ Object

KubeClient uses the same error class For connection errors (eg. timeout) and for Kubernetes errors.

# File 'lib/gitlab/kubernetes/kube_client.rb', line 114

def self.kubeclient_error_status(message)
  if message&.match?(/timed out|timeout/i)
    :unreachable
  else
    :authentication_failure
  end
end

Instance Method Details

#create_or_update_cluster_role_binding(resource) ⇒ Object

# File 'lib/gitlab/kubernetes/kube_client.rb', line 134

def create_or_update_cluster_role_binding(resource)
  update_cluster_role_binding(resource)
end

#create_or_update_role_binding(resource) ⇒ Object

Note that we cannot update roleRef as that is immutable

# File 'lib/gitlab/kubernetes/kube_client.rb', line 139

def create_or_update_role_binding(resource)
  update_role_binding(resource)
end

#create_or_update_secret(resource) ⇒ Object

# File 'lib/gitlab/kubernetes/kube_client.rb', line 151

def create_or_update_secret(resource)
  if secret_exists?(resource)
    update_secret(resource)
  else
    create_secret(resource)
  end
end

#create_or_update_service_account(resource) ⇒ Object

# File 'lib/gitlab/kubernetes/kube_client.rb', line 143

def create_or_update_service_account(resource)
  if service_account_exists?(resource)
    update_service_account(resource)
  else
    create_service_account(resource)
  end
end