Class: Gitlab::Kubernetes::KubeClient
- Inherits:
-
Object
- Object
- Gitlab::Kubernetes::KubeClient
- Includes:
- Utils::StrongMemoize
- Defined in:
- lib/gitlab/kubernetes/kube_client.rb
Overview
Wrapper around Kubeclient::Client to dispatch the right message to the client that can respond to the message. We must have a kubeclient for each ApiGroup as there is no other way to use the Kubeclient gem.
Constant Summary collapse
- SUPPORTED_API_GROUPS =
{ core: { group: 'api', version: 'v1' }, rbac: { group: 'apis/rbac.authorization.k8s.io', version: 'v1' }, apps: { group: 'apis/apps', version: 'v1' }, extensions: { group: 'apis/extensions', version: 'v1beta1' }, istio: { group: 'apis/networking.istio.io', version: 'v1alpha3' }, knative: { group: 'apis/serving.knative.dev', version: 'v1alpha1' }, metrics: { group: 'apis/metrics.k8s.io', version: 'v1beta1' }, networking: { group: 'apis/networking.k8s.io', version: 'v1' }, cilium_networking: { group: 'apis/cilium.io', version: 'v2' } }.freeze
- DEFAULT_KUBECLIENT_OPTIONS =
{ timeouts: { open: 10, read: 30 } }.freeze
Instance Attribute Summary collapse
-
#api_prefix ⇒ Object
readonly
Returns the value of attribute api_prefix.
-
#kubeclient_options ⇒ Object
readonly
Returns the value of attribute kubeclient_options.
Class Method Summary collapse
- .graceful_request(cluster_id) ⇒ Object
-
.kubeclient_error_status(message) ⇒ Object
KubeClient uses the same error class For connection errors (eg. timeout) and for Kubernetes errors.
Instance Method Summary collapse
- #create_or_update_cluster_role_binding(resource) ⇒ Object
-
#create_or_update_role_binding(resource) ⇒ Object
Note that we cannot update roleRef as that is immutable.
- #create_or_update_secret(resource) ⇒ Object
- #create_or_update_service_account(resource) ⇒ Object
-
#initialize(api_prefix, **kubeclient_options) ⇒ KubeClient
constructor
We disable redirects through ‘http_max_redirects: 0’, so that KubeClient does not follow redirects and expose internal services.
Constructor Details
#initialize(api_prefix, **kubeclient_options) ⇒ KubeClient
We disable redirects through ‘http_max_redirects: 0’, so that KubeClient does not follow redirects and expose internal services.
125 126 127 128 129 130 131 132 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 125 def initialize(api_prefix, **) @api_prefix = api_prefix @kubeclient_options = DEFAULT_KUBECLIENT_OPTIONS .deep_merge() .merge(http_max_redirects: 0) validate_url! end |
Instance Attribute Details
#api_prefix ⇒ Object (readonly)
Returns the value of attribute api_prefix.
88 89 90 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 88 def api_prefix @api_prefix end |
#kubeclient_options ⇒ Object (readonly)
Returns the value of attribute kubeclient_options.
88 89 90 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 88 def @kubeclient_options end |
Class Method Details
.graceful_request(cluster_id) ⇒ Object
97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 97 def self.graceful_request(cluster_id) { status: :connected, response: yield } rescue *Gitlab::Kubernetes::Errors::CONNECTION { status: :unreachable, connection_error: :connection_error } rescue *Gitlab::Kubernetes::Errors::AUTHENTICATION { status: :authentication_failure, connection_error: :authentication_error } rescue Kubeclient::HttpError => e { status: kubeclient_error_status(e.), connection_error: :http_error } rescue StandardError => e Gitlab::ErrorTracking.track_exception(e, cluster_id: cluster_id) { status: :unknown_failure, connection_error: :unknown_error } end |
.kubeclient_error_status(message) ⇒ Object
KubeClient uses the same error class For connection errors (eg. timeout) and for Kubernetes errors.
114 115 116 117 118 119 120 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 114 def self.kubeclient_error_status() if &.match?(/timed out|timeout/i) :unreachable else :authentication_failure end end |
Instance Method Details
#create_or_update_cluster_role_binding(resource) ⇒ Object
134 135 136 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 134 def create_or_update_cluster_role_binding(resource) update_cluster_role_binding(resource) end |
#create_or_update_role_binding(resource) ⇒ Object
Note that we cannot update roleRef as that is immutable
139 140 141 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 139 def create_or_update_role_binding(resource) update_role_binding(resource) end |
#create_or_update_secret(resource) ⇒ Object
151 152 153 154 155 156 157 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 151 def create_or_update_secret(resource) if secret_exists?(resource) update_secret(resource) else create_secret(resource) end end |
#create_or_update_service_account(resource) ⇒ Object
143 144 145 146 147 148 149 |
# File 'lib/gitlab/kubernetes/kube_client.rb', line 143 def create_or_update_service_account(resource) if service_account_exists?(resource) update_service_account(resource) else create_service_account(resource) end end |