BigW Consortium Gitlab

Commit 5fbf4069 by Shinya Maeda

Fetch k8s token from k8s username/password

parent e9d05a2c
...@@ -40,20 +40,37 @@ class Projects::ClustersController < Projects::ApplicationController ...@@ -40,20 +40,37 @@ class Projects::ClustersController < Projects::ApplicationController
params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] params['gcp_project_id'], params['cluster_zone'], params['cluster_name']
) )
# Get k8s token
token = ''
KubernetesService.new.tap do |ks|
ks.api_url = 'https://' + gke_cluster.endpoint
ks.ca_pem = Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate)
ks.username = gke_cluster.master_auth.username
ks.password = gke_cluster.master_auth.password
secrets = ks.read_secrets
secrets.each do |secret|
name = secret.dig('metadata', 'name')
if /default-token/ =~ name
token_base64 = secret.dig('data', 'token')
token = Base64.decode64(token_base64)
break
end
end
end
# Update service # Update service
kubernetes_service.attributes = service_params( kubernetes_service.attributes = service_params(
active: true, active: true,
api_url: gke_cluster.endpoint, api_url: 'https://' + gke_cluster.endpoint,
ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
namespace: params['project_namespace'], namespace: params['project_namespace'],
token: 'aaa' # TODO: username/password token: token
) )
kubernetes_service.save! kubernetes_service.save!
# Save info # Save info
project.clusters.create( project.clusters.create(
creation_type: params['creation_type'],
gcp_project_id: params['gcp_project_id'], gcp_project_id: params['gcp_project_id'],
cluster_zone: params['cluster_zone'], cluster_zone: params['cluster_zone'],
cluster_name: params['cluster_name'], cluster_name: params['cluster_name'],
......
...@@ -15,6 +15,7 @@ class KubernetesService < DeploymentService ...@@ -15,6 +15,7 @@ class KubernetesService < DeploymentService
# Bearer authentication # Bearer authentication
# TODO: user/password auth, client certificates # TODO: user/password auth, client certificates
prop_accessor :token prop_accessor :token
attr_accessor :username, :password
# Provide a custom CA bundle for self-signed deployments # Provide a custom CA bundle for self-signed deployments
prop_accessor :ca_pem prop_accessor :ca_pem
...@@ -138,6 +139,15 @@ class KubernetesService < DeploymentService ...@@ -138,6 +139,15 @@ class KubernetesService < DeploymentService
TEMPLATE_PLACEHOLDER = 'Kubernetes namespace'.freeze TEMPLATE_PLACEHOLDER = 'Kubernetes namespace'.freeze
def read_secrets
kubeclient = build_kubeclient!
kubeclient.get_secrets.as_json
rescue KubeException => err
raise err unless err.error_code == 404
[]
end
private private
def kubeconfig def kubeconfig
...@@ -157,7 +167,7 @@ class KubernetesService < DeploymentService ...@@ -157,7 +167,7 @@ class KubernetesService < DeploymentService
end end
def build_kubeclient!(api_path: 'api', api_version: 'v1') def build_kubeclient!(api_path: 'api', api_version: 'v1')
raise "Incomplete settings" unless api_url && actual_namespace && token raise "Incomplete settings" unless api_url && (token || (username && password))
::Kubeclient::Client.new( ::Kubeclient::Client.new(
join_api_url(api_path), join_api_url(api_path),
...@@ -190,7 +200,11 @@ class KubernetesService < DeploymentService ...@@ -190,7 +200,11 @@ class KubernetesService < DeploymentService
end end
def kubeclient_auth_options def kubeclient_auth_options
if token
{ bearer_token: token } { bearer_token: token }
else
{ username: username, password: password }
end
end end
def join_api_url(api_path) def join_api_url(api_path)
......
Create a new cluster Create a new cluster
%br %br
= link_to "Create on Google Container Engine", namespace_project_clusters_path(@project.namespace, @project, cluster_name: "gke-test-creation#{Random.rand(100)}", gcp_project_id: 'gitlab-internal-153318', cluster_zone: 'us-central1-a', cluster_size: '1', project_namespace: 'aaa', machine_type: '???'), method: :post = link_to "Create on Google Container Engine", namespace_project_clusters_path(@project.namespace, @project, cluster_name: "gke-test-creation42", gcp_project_id: 'gitlab-internal-153318', cluster_zone: 'us-central1-a', cluster_size: '1', project_namespace: 'aaa', machine_type: '???'), method: :post
-# gke-test-creation#{Random.rand(100)}
edit/show cluster edit/show cluster
%br %br
= @cluster.inspect = @cluster.inspect
= @cluster.service.inspect
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment