BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
5fbf4069
Commit
5fbf4069
authored
Sep 27, 2017
by
Shinya Maeda
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fetch k8s token from k8s username/password
parent
e9d05a2c
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
38 additions
and
5 deletions
+38
-5
clusters_controller.rb
app/controllers/projects/clusters_controller.rb
+20
-3
kubernetes_service.rb
app/models/project_services/kubernetes_service.rb
+15
-1
_form.html.haml
app/views/projects/clusters/_form.html.haml
+2
-1
edit.html.haml
app/views/projects/clusters/edit.html.haml
+1
-0
No files found.
app/controllers/projects/clusters_controller.rb
View file @
5fbf4069
...
@@ -40,20 +40,37 @@ class Projects::ClustersController < Projects::ApplicationController
...
@@ -40,20 +40,37 @@ class Projects::ClustersController < Projects::ApplicationController
params
[
'gcp_project_id'
],
params
[
'cluster_zone'
],
params
[
'cluster_name'
]
params
[
'gcp_project_id'
],
params
[
'cluster_zone'
],
params
[
'cluster_name'
]
)
)
# Get k8s token
token
=
''
KubernetesService
.
new
.
tap
do
|
ks
|
ks
.
api_url
=
'https://'
+
gke_cluster
.
endpoint
ks
.
ca_pem
=
Base64
.
decode64
(
gke_cluster
.
master_auth
.
cluster_ca_certificate
)
ks
.
username
=
gke_cluster
.
master_auth
.
username
ks
.
password
=
gke_cluster
.
master_auth
.
password
secrets
=
ks
.
read_secrets
secrets
.
each
do
|
secret
|
name
=
secret
.
dig
(
'metadata'
,
'name'
)
if
/default-token/
=~
name
token_base64
=
secret
.
dig
(
'data'
,
'token'
)
token
=
Base64
.
decode64
(
token_base64
)
break
end
end
end
# Update service
# Update service
kubernetes_service
.
attributes
=
service_params
(
kubernetes_service
.
attributes
=
service_params
(
active:
true
,
active:
true
,
api_url:
gke_cluster
.
endpoint
,
api_url:
'https://'
+
gke_cluster
.
endpoint
,
ca_pem:
Base64
.
decode64
(
gke_cluster
.
master_auth
.
cluster_ca_certificate
),
ca_pem:
Base64
.
decode64
(
gke_cluster
.
master_auth
.
cluster_ca_certificate
),
namespace:
params
[
'project_namespace'
],
namespace:
params
[
'project_namespace'
],
token:
'aaa'
# TODO: username/password
token:
token
)
)
kubernetes_service
.
save!
kubernetes_service
.
save!
# Save info
# Save info
project
.
clusters
.
create
(
project
.
clusters
.
create
(
creation_type:
params
[
'creation_type'
],
gcp_project_id:
params
[
'gcp_project_id'
],
gcp_project_id:
params
[
'gcp_project_id'
],
cluster_zone:
params
[
'cluster_zone'
],
cluster_zone:
params
[
'cluster_zone'
],
cluster_name:
params
[
'cluster_name'
],
cluster_name:
params
[
'cluster_name'
],
...
...
app/models/project_services/kubernetes_service.rb
View file @
5fbf4069
...
@@ -15,6 +15,7 @@ class KubernetesService < DeploymentService
...
@@ -15,6 +15,7 @@ class KubernetesService < DeploymentService
# Bearer authentication
# Bearer authentication
# TODO: user/password auth, client certificates
# TODO: user/password auth, client certificates
prop_accessor
:token
prop_accessor
:token
attr_accessor
:username
,
:password
# Provide a custom CA bundle for self-signed deployments
# Provide a custom CA bundle for self-signed deployments
prop_accessor
:ca_pem
prop_accessor
:ca_pem
...
@@ -138,6 +139,15 @@ class KubernetesService < DeploymentService
...
@@ -138,6 +139,15 @@ class KubernetesService < DeploymentService
TEMPLATE_PLACEHOLDER
=
'Kubernetes namespace'
.
freeze
TEMPLATE_PLACEHOLDER
=
'Kubernetes namespace'
.
freeze
def
read_secrets
kubeclient
=
build_kubeclient!
kubeclient
.
get_secrets
.
as_json
rescue
KubeException
=>
err
raise
err
unless
err
.
error_code
==
404
[]
end
private
private
def
kubeconfig
def
kubeconfig
...
@@ -157,7 +167,7 @@ class KubernetesService < DeploymentService
...
@@ -157,7 +167,7 @@ class KubernetesService < DeploymentService
end
end
def
build_kubeclient!
(
api_path:
'api'
,
api_version:
'v1'
)
def
build_kubeclient!
(
api_path:
'api'
,
api_version:
'v1'
)
raise
"Incomplete settings"
unless
api_url
&&
actual_namespace
&&
token
raise
"Incomplete settings"
unless
api_url
&&
(
token
||
(
username
&&
password
))
::
Kubeclient
::
Client
.
new
(
::
Kubeclient
::
Client
.
new
(
join_api_url
(
api_path
),
join_api_url
(
api_path
),
...
@@ -190,7 +200,11 @@ class KubernetesService < DeploymentService
...
@@ -190,7 +200,11 @@ class KubernetesService < DeploymentService
end
end
def
kubeclient_auth_options
def
kubeclient_auth_options
if
token
{
bearer_token:
token
}
{
bearer_token:
token
}
else
{
username:
username
,
password:
password
}
end
end
end
def
join_api_url
(
api_path
)
def
join_api_url
(
api_path
)
...
...
app/views/projects/clusters/_form.html.haml
View file @
5fbf4069
Create a new cluster
Create a new cluster
%br
%br
=
link_to
"Create on Google Container Engine"
,
namespace_project_clusters_path
(
@project
.
namespace
,
@project
,
cluster_name:
"gke-test-creation
#{
Random
.
rand
(
100
)
}
"
,
gcp_project_id:
'gitlab-internal-153318'
,
cluster_zone:
'us-central1-a'
,
cluster_size:
'1'
,
project_namespace:
'aaa'
,
machine_type:
'???'
),
method: :post
=
link_to
"Create on Google Container Engine"
,
namespace_project_clusters_path
(
@project
.
namespace
,
@project
,
cluster_name:
"gke-test-creation42"
,
gcp_project_id:
'gitlab-internal-153318'
,
cluster_zone:
'us-central1-a'
,
cluster_size:
'1'
,
project_namespace:
'aaa'
,
machine_type:
'???'
),
method: :post
-# gke-test-creation#{Random.rand(100)}
app/views/projects/clusters/edit.html.haml
View file @
5fbf4069
edit/show cluster
edit/show cluster
%br
%br
=
@cluster
.
inspect
=
@cluster
.
inspect
=
@cluster
.
service
.
inspect
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment