Python kubernetes.io() Examples
The following are 11
code examples of kubernetes.io().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
kubernetes
, or try the search function
.
.
Example #1
| Source File: controller.py From pypi-infra with Apache License 2.0 | 5 votes |
|
def create_pki_role(vault_api, namespace, name):
vault_api.write(f"cabotage-ca/roles/{namespace}-{name}",
ttl="168h", max_ttl="168h", key_type="ec", key_bits=256,
generate_lease=True,
organization="Cabotage Automated CA", ou=f'{namespace}-{name}',
allow_localhost=False, allow_ip_sans=True,
enforce_hostnames=True,
allow_any_name=True) # TODO: Tighten this up! Research below options!
"""
allowed_domains (list: []) – https://www.vaultproject.io/api/secret/pki/index.html#allowed_domains
allow_bare_domains (bool: false) – https://www.vaultproject.io/api/secret/pki/index.html#allow_bare_domains
allow_subdomains (bool: false) – https://www.vaultproject.io/api/secret/pki/index.html#allow_subdomains
allow_glob_domains (bool: false) - https://www.vaultproject.io/api/secret/pki/index.html#allow_glob_domains
"""
Example #2
| Source File: node_health.py From KubeOperator with Apache License 2.0 | 5 votes |
|
def check(self):
api = KubernetesApi(self.cluster)
client = api.get_api_client()
core = kubernetes.client.CoreV1Api(client)
items = core.list_node().items
self.cluster.change_to()
nodes = Node.objects.all()
for item in items:
for node in nodes:
conditions = []
if node.name == item.metadata.labels['kubernetes.io/hostname']:
for condition in item.status.conditions:
cond = Condition(
message=condition.message,
reason=condition.reason,
status=condition.status,
type=type
)
cond.save()
conditions.append(cond)
info = item.status.node_info
node.info = {
"container_runtime_version": info.container_runtime_version,
"kernel_version": info.kernel_version,
"kube_proxy_version": info.kube_proxy_version,
"kubelet_version": info.kubelet_version,
"os_image": info.os_image
}
node.save()
node.conditions.set(conditions)
Example #3
| Source File: kubernetes_executor.py From airflow with Apache License 2.0 | 5 votes |
|
def _strip_unsafe_kubernetes_special_chars(string: str) -> str:
"""
Kubernetes only supports lowercase alphanumeric characters and "-" and "." in
the pod name
However, there are special rules about how "-" and "." can be used so let's
only keep
alphanumeric chars see here for detail:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
:param string: The requested Pod name
:return: ``str`` Pod name stripped of any unsafe characters
"""
return ''.join(ch.lower() for ind, ch in enumerate(string) if ch.isalnum())
Example #4
| Source File: anarchyruntime.py From anarchy with GNU General Public License v3.0 | 5 votes |
|
def __init_kube_apis(self):
if os.path.exists('/run/secrets/kubernetes.io/serviceaccount/token'):
f = open('/run/secrets/kubernetes.io/serviceaccount/token')
kube_auth_token = f.read()
kube_config = kubernetes.client.Configuration()
kube_config.api_key['authorization'] = 'Bearer ' + kube_auth_token
kube_config.host = os.environ['KUBERNETES_PORT'].replace('tcp://', 'https://', 1)
kube_config.ssl_ca_cert = '/run/secrets/kubernetes.io/serviceaccount/ca.crt'
else:
kubernetes.config.load_kube_config()
kube_config = None
self.api_client = kubernetes.client.ApiClient(kube_config)
self.core_v1_api = kubernetes.client.CoreV1Api(self.api_client)
self.custom_objects_api = kubernetes.client.CustomObjectsApi(self.api_client)
Example #5
| Source File: anarchyruntime.py From anarchy with GNU General Public License v3.0 | 5 votes |
|
def __init_namespace(self, operator_namespace):
if operator_namespace:
self.operator_namespace = operator_namespace
elif 'OPERATOR_NAMESPACE' in os.environ:
self.operator_namespace = os.environ['OPERATOR_NAMESPACE']
elif os.path.exists('/run/secrets/kubernetes.io/serviceaccount/namespace'):
f = open('/run/secrets/kubernetes.io/serviceaccount/namespace')
self.operator_namespace = f.read()
else:
raise Exception('Unable to determine operator namespace. Please set OPERATOR_NAMESPACE environment variable.')
Example #6
| Source File: executor.py From dagster with Apache License 2.0 | 5 votes |
|
def _get_k8s_name_key(run_id, step_keys):
'''Creates a unique (short!) identifier to name k8s objects based on run ID and step key(s).
K8s Job names are limited to 63 characters, because they are used as labels. For more info, see:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
'''
check.str_param(run_id, 'run_id')
check.list_param(step_keys, 'step_keys', of_type=str)
# Creates 32-bit signed int, so could be negative
name_hash = hashlib.md5(six.ensure_binary(run_id + '-'.join(step_keys)))
return name_hash.hexdigest()
Example #7
| Source File: helper.py From cc-utils with Apache License 2.0 | 5 votes |
|
def create_gcr_secret(
self,
namespace: str,
name: str,
password: str,
email: str,
user_name: str='_json_key',
server_url: str='https://eu.gcr.io'
):
metadata = V1ObjectMeta(name=name, namespace=namespace)
secret = V1Secret(metadata=metadata)
auth = '{user}:{gcr_secret}'.format(
user=user_name,
gcr_secret=password
)
docker_config = {
server_url: {
'username': user_name,
'email': email,
'password': password,
'auth': base64.b64encode(auth.encode('utf-8')).decode('utf-8')
}
}
encoded_docker_config = base64.b64encode(
json.dumps(docker_config).encode('utf-8')
).decode('utf-8')
secret.data = {
'.dockercfg': encoded_docker_config
}
secret.type = 'kubernetes.io/dockercfg'
self.core_api.create_namespaced_secret(namespace=namespace, body=secret)
Example #8
| Source File: core.py From dask-kubernetes with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def _namespace_default():
"""
Get current namespace if running in a k8s cluster
If not in a k8s cluster with service accounts enabled, default to
'default'
Taken from https://github.com/jupyterhub/kubespawner/blob/master/kubespawner/spawner.py#L125
"""
ns_path = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
if os.path.exists(ns_path):
with open(ns_path) as f:
return f.read().strip()
return "default"
Example #9
| Source File: anarchyruntime.py From anarchy with GNU General Public License v3.0 | 4 votes |
|
def __init_callback_base_url(self):
url = os.environ.get('CALLBACK_BASE_URL', '')
if url and len(url) > 8:
self.callback_base_url = url
return
if self.running_all_in_one:
self.callback_base_url = 'http://{}:5000'.format(self.anarchy_service_name)
return
try:
route = self.custom_objects_api.get_namespaced_custom_object(
'route.openshift.io', 'v1', self.operator_namespace, 'routes', self.anarchy_service_name
)
spec = route.get('spec', {})
if spec.get('tls', None):
self.callback_base_url = 'https://' + spec['host']
else:
self.callback_base_url = 'http://' + spec['host']
operator_logger.info('Set callback base url from OpenShift route: %s', self.callback_base_url)
except kubernetes.client.rest.ApiException as e:
if e.status == 404:
route = self.custom_objects_api.create_namespaced_custom_object(
'route.openshift.io', 'v1', self.operator_namespace, 'routes',
{
'apiVersion': 'route.openshift.io/v1',
'kind': 'Route',
'metadata': {
'name': self.anarchy_service_name,
'namespace': self.operator_namespace,
'ownerReferences': [{
'apiVersion': self.anarchy_service.api_version,
'controller': True,
'kind': self.anarchy_service.kind,
'name': self.anarchy_service.metadata.name,
'uid': self.anarchy_service.metadata.uid
}]
},
'spec': {
'port': { 'targetPort': 'api' },
'tls': { 'termination': 'edge' },
'to': {
'kind': 'Service',
'name': self.anarchy_service_name
}
}
}
)
self.callback_base_url = 'https://' + route['spec']['host']
operator_logger.info('Created OpenShift route %s and set callback base url: %s', route['metadata']['name'], self.callback_base_url)
else:
operator_logger.warning('Unable to determine a callback url. Callbacks will not function.')
self.callback_base_url = None
Example #10
| Source File: job.py From dagster with Apache License 2.0 | 4 votes |
|
def config_type_pipeline_run(cls):
'''Configuration intended to be set at pipeline execution time.
'''
return {
'job_image': Field(
StringSource,
is_required=True,
description='Docker image to use for launched task Jobs '
'(e.g. "mycompany.com/dagster-k8s-image:latest").',
),
'image_pull_policy': Field(
StringSource,
is_required=False,
default_value='IfNotPresent',
description='Image pull policy to set on the launched task Job Pods. Defaults to '
'"IfNotPresent".',
),
'image_pull_secrets': Field(
Array(Shape({'name': StringSource})),
is_required=False,
description='(Advanced) Specifies that Kubernetes should get the credentials from '
'the Secrets named in this list.',
),
'service_account_name': Field(
Noneable(StringSource),
is_required=False,
description='(Advanced) Override the name of the Kubernetes service account under '
'which to run the Job.',
),
'env_config_maps': Field(
Noneable(Array(StringSource)),
is_required=False,
description='A list of custom ConfigMapEnvSource names from which to draw '
'environment variables (using ``envFrom``) for the Job. Default: ``[]``. See:'
'https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#define-an-environment-variable-for-a-container',
),
'env_secrets': Field(
Noneable(Array(StringSource)),
is_required=False,
description='A list of custom Secret names from which to draw environment '
'variables (using ``envFrom``) for the Job. Default: ``[]``. See:'
'https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables',
),
}
Example #11
| Source File: client.py From dagster with Apache License 2.0 | 4 votes |
|
def wait_for_job_success(
self,
job_name,
namespace,
wait_timeout=DEFAULT_WAIT_TIMEOUT,
wait_time_between_attempts=DEFAULT_WAIT_BETWEEN_ATTEMPTS,
num_pods_to_wait_for=DEFAULT_JOB_POD_COUNT,
):
'''Poll a job for successful completion.
Args:
job_name (str): Name of the job to wait for.
namespace (str): Namespace in which the job is located.
wait_timeout (numeric, optional): Timeout after which to give up and raise exception.
Defaults to DEFAULT_WAIT_TIMEOUT.
wait_time_between_attempts (numeric, optional): Wait time between polling attempts. Defaults
to DEFAULT_WAIT_BETWEEN_ATTEMPTS.
Raises:
DagsterK8sError: Raised when wait_timeout is exceeded or an error is encountered.
'''
check.str_param(job_name, 'job_name')
check.str_param(namespace, 'namespace')
check.numeric_param(wait_timeout, 'wait_timeout')
check.numeric_param(wait_time_between_attempts, 'wait_time_between_attempts')
check.int_param(num_pods_to_wait_for, 'num_pods_to_wait_for')
job = None
start = self.timer()
# Ensure we found the job that we launched
while not job:
if self.timer() - start > wait_timeout:
raise DagsterK8sError('Timed out while waiting for job to launch')
jobs = self.batch_api.list_namespaced_job(namespace=namespace)
job = next((j for j in jobs.items if j.metadata.name == job_name), None)
if not job:
self.logger('Job "{job_name}" not yet launched, waiting'.format(job_name=job_name))
self.sleeper(wait_time_between_attempts)
# Wait for job completed status
while True:
if self.timer() - start > wait_timeout:
raise DagsterK8sError('Timed out while waiting for job to complete')
# See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#jobstatus-v1-batch
status = self.batch_api.read_namespaced_job_status(job_name, namespace=namespace).status
if status.failed and status.failed > 0:
raise DagsterK8sError('Encountered failed job pods with status: %s' % str(status))
# done waiting for pod completion
if status.succeeded == num_pods_to_wait_for:
break
self.sleeper(wait_time_between_attempts)
