gitlab-org--gitlab-foss/lib/gitlab/kubernetes.rb

module Gitlab
  # Helper methods to do with Kubernetes network services & resources
  module Kubernetes
    # This is the comand that is run to start a terminal session. Kubernetes
    # expects `command=foo&command=bar, not `command[]=foo&command[]=bar`
    EXEC_COMMAND = URI.encode_www_form(
      ['sh', '-c', 'bash || sh'].map { |value| ['command', value] }
    )

    # Filters an array of pods (as returned by the kubernetes API) by their labels
    def filter_by_label(items, labels = {})
      items.select do |item|
        metadata = item.fetch("metadata", {})
        item_labels = metadata.fetch("labels", nil)
        next unless item_labels

        labels.all? { |k, v| item_labels[k.to_s] == v }
      end
    end

    # Converts a pod (as returned by the kubernetes API) into a terminal
    def terminals_for_pod(api_url, namespace, pod)
      metadata = pod.fetch("metadata", {})
      status   = pod.fetch("status", {})
      spec     = pod.fetch("spec", {})

      containers = spec["containers"]
      pod_name   = metadata["name"]
      phase      = status["phase"]

      return unless containers.present? && pod_name.present? && phase == "Running"

      created_at = DateTime.parse(metadata["creationTimestamp"]) rescue nil

      containers.map do |container|
        {
          selectors:    { pod: pod_name, container: container["name"] },
          url:          container_exec_url(api_url, namespace, pod_name, container["name"]),
          subprotocols: ['channel.k8s.io'],
          headers:      Hash.new { |h, k| h[k] = [] },
          created_at:   created_at
        }
      end
    end

    def add_terminal_auth(terminal, token:, max_session_time:, ca_pem: nil)
      terminal[:headers]['Authorization'] << "Bearer #{token}"
      terminal[:max_session_time] = max_session_time
      terminal[:ca_pem] = ca_pem if ca_pem.present?
    end

    def container_exec_url(api_url, namespace, pod_name, container_name)
      url = URI.parse(api_url)
      url.path = [
        url.path.sub(%r{/+\z}, ''),
        'api', 'v1',
        'namespaces', ERB::Util.url_encode(namespace),
        'pods', ERB::Util.url_encode(pod_name),
        'exec'
      ].join('/')

      url.query = {
        container: container_name,
        tty: true,
        stdin: true,
        stdout: true,
        stderr: true
      }.to_query + '&' + EXEC_COMMAND

      case url.scheme
      when 'http'
        url.scheme = 'ws'
      when 'https'
        url.scheme = 'wss'
      end

      url.to_s
    end

    def to_kubeconfig(url:, namespace:, token:, ca_pem: nil)
      config = {
        apiVersion: 'v1',
        clusters: [
          name: 'gitlab-deploy',
          cluster: {
            server: url
          }
        ],
        contexts: [
          name: 'gitlab-deploy',
          context: {
            cluster: 'gitlab-deploy',
            namespace: namespace,
            user: 'gitlab-deploy'
          }
        ],
        'current-context': 'gitlab-deploy',
        kind: 'Config',
        users: [
          {
            name: 'gitlab-deploy',
            user: { token: token }
          }
        ]
      }

      kubeconfig_embed_ca_pem(config, ca_pem) if ca_pem

      config.deep_stringify_keys
    end

    private

    def kubeconfig_embed_ca_pem(config, ca_pem)
      cluster = config.dig(:clusters, 0, :cluster)
      cluster[:'certificate-authority-data'] = Base64.encode64(ca_pem)
    end
  end
end
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`module Gitlab`
			`# Helper methods to do with Kubernetes network services & resources`
			`module Kubernetes`
			`# This is the comand that is run to start a terminal session. Kubernetes`
			# expects `command=foo&command=bar, not `command[]=foo&command[]=bar`
			`EXEC_COMMAND = URI.encode_www_form(`
			`['sh', '-c', 'bash \|\| sh'].map { \|value\| ['command', value] }`
			`)`

			`# Filters an array of pods (as returned by the kubernetes API) by their labels`
Backport EE changes to the Kubernetes service 2017-06-13 11:31:23 -04:00			`def filter_by_label(items, labels = {})`
			`items.select do \|item\|`
			`metadata = item.fetch("metadata", {})`
			`item_labels = metadata.fetch("labels", nil)`
			`next unless item_labels`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00
Backport EE changes to the Kubernetes service 2017-06-13 11:31:23 -04:00			`labels.all? { \|k, v\| item_labels[k.to_s] == v }`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`end`
			`end`

			`# Converts a pod (as returned by the kubernetes API) into a terminal`
			`def terminals_for_pod(api_url, namespace, pod)`
			`metadata = pod.fetch("metadata", {})`
			`status = pod.fetch("status", {})`
			`spec = pod.fetch("spec", {})`

			`containers = spec["containers"]`
			`pod_name = metadata["name"]`
			`phase = status["phase"]`

			`return unless containers.present? && pod_name.present? && phase == "Running"`

			`created_at = DateTime.parse(metadata["creationTimestamp"]) rescue nil`

			`containers.map do \|container\|`
			`{`
			`selectors: { pod: pod_name, container: container["name"] },`
			`url: container_exec_url(api_url, namespace, pod_name, container["name"]),`
			`subprotocols: ['channel.k8s.io'],`
			`headers: Hash.new { \|h, k\| h[k] = [] },`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`created_at: created_at`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`}`
			`end`
			`end`

Introduce maximum session time for terminal websocket connection Store the value in application settings. Expose the value to Workhorse. 2017-01-26 13:16:50 -05:00			`def add_terminal_auth(terminal, token:, max_session_time:, ca_pem: nil)`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`terminal[:headers]['Authorization'] << "Bearer #{token}"`
Introduce maximum session time for terminal websocket connection Store the value in application settings. Expose the value to Workhorse. 2017-01-26 13:16:50 -05:00			`terminal[:max_session_time] = max_session_time`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`terminal[:ca_pem] = ca_pem if ca_pem.present?`
			`end`

			`def container_exec_url(api_url, namespace, pod_name, container_name)`
			`url = URI.parse(api_url)`
			`url.path = [`
			`url.path.sub(%r{/+\z}, ''),`
			`'api', 'v1',`
			`'namespaces', ERB::Util.url_encode(namespace),`
			`'pods', ERB::Util.url_encode(pod_name),`
			`'exec'`
			`].join('/')`

			`url.query = {`
			`container: container_name,`
			`tty: true,`
			`stdin: true,`
			`stdout: true,`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`stderr: true`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`}.to_query + '&' + EXEC_COMMAND`

			`case url.scheme`
			`when 'http'`
			`url.scheme = 'ws'`
			`when 'https'`
			`url.scheme = 'wss'`
			`end`

			`url.to_s`
			`end`
Generate KUBECONFIG in KubernetesService#predefined_variables 2017-06-16 10:15:40 -04:00
			`def to_kubeconfig(url:, namespace:, token:, ca_pem: nil)`
			`config = {`
			`apiVersion: 'v1',`
			`clusters: [`
			`name: 'gitlab-deploy',`
			`cluster: {`
			`server: url`
Fix rubocop offense 2017-06-16 11:17:06 -04:00			`}`
Generate KUBECONFIG in KubernetesService#predefined_variables 2017-06-16 10:15:40 -04:00			`],`
			`contexts: [`
			`name: 'gitlab-deploy',`
			`context: {`
			`cluster: 'gitlab-deploy',`
			`namespace: namespace,`
			`user: 'gitlab-deploy'`
Fix rubocop offense 2017-06-16 11:17:06 -04:00			`}`
Generate KUBECONFIG in KubernetesService#predefined_variables 2017-06-16 10:15:40 -04:00			`],`
Fix rubocop offense 2017-06-16 11:17:06 -04:00			`'current-context': 'gitlab-deploy',`
Generate KUBECONFIG in KubernetesService#predefined_variables 2017-06-16 10:15:40 -04:00			`kind: 'Config',`
			`users: [`
			`{`
			`name: 'gitlab-deploy',`
Fix rubocop offense 2017-06-16 11:17:06 -04:00			`user: { token: token }`
Generate KUBECONFIG in KubernetesService#predefined_variables 2017-06-16 10:15:40 -04:00			`}`
			`]`
			`}`

			`kubeconfig_embed_ca_pem(config, ca_pem) if ca_pem`

			`config.deep_stringify_keys`
			`end`

			`private`

			`def kubeconfig_embed_ca_pem(config, ca_pem)`
			`cluster = config.dig(:clusters, 0, :cluster)`
Encode certificate-authority-data in base64 2017-07-06 07:38:41 -04:00			`cluster[:'certificate-authority-data'] = Base64.encode64(ca_pem)`
Generate KUBECONFIG in KubernetesService#predefined_variables 2017-06-16 10:15:40 -04:00			`end`
Add terminals to the Kubernetes deployment service 2016-11-22 14:55:56 -05:00			`end`
			`end`