You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by nf...@apache.org on 2019/09/23 16:32:30 UTC
[camel-k] 03/07: Making client work inside container
This is an automated email from the ASF dual-hosted git repository.
nferraro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 3460363f251deb10988e367c3505dbf6275da9a8
Author: nferraro <ni...@gmail.com>
AuthorDate: Thu Sep 19 12:39:53 2019 +0200
Making client work inside container
---
examples/tekton/camel-k-pipeline-permissions.yaml | 176 +++++++++++++++++++++
examples/tekton/camel-k-pipeline-run.yaml | 54 -------
.../tekton/camel-k-pipeline-task-definition.yaml | 92 +++++++++++
examples/tekton/camel-k-pipeline-task-run.yaml | 30 ++++
pkg/client/client.go | 36 +++++
5 files changed, 334 insertions(+), 54 deletions(-)
diff --git a/examples/tekton/camel-k-pipeline-permissions.yaml b/examples/tekton/camel-k-pipeline-permissions.yaml
new file mode 100644
index 0000000..bf80376
--- /dev/null
+++ b/examples/tekton/camel-k-pipeline-permissions.yaml
@@ -0,0 +1,176 @@
+# ---------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ---------------------------------------------------------------------------
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: camel-k-pipeline
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: camel-k-pipeline
+rules:
+ - apiGroups:
+ - camel.apache.org
+ resources:
+ - "*"
+ verbs:
+ - "*"
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ - endpoints
+ - persistentvolumeclaims
+ - configmaps
+ - secrets
+ - serviceaccounts
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - roles
+ - rolebindings
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - deployments
+ - replicasets
+ - statefulsets
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - apps
+ attributeRestrictions: null
+ resources:
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ - "build.openshift.io"
+ resources:
+ - buildconfigs
+ - buildconfigs/webhooks
+ - builds
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ - "image.openshift.io"
+ resources:
+ - imagestreamimages
+ - imagestreammappings
+ - imagestreams
+ - imagestreams/secrets
+ - imagestreamtags
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ - build.openshift.io
+ attributeRestrictions: null
+ resources:
+ - buildconfigs/instantiate
+ - buildconfigs/instantiatebinary
+ - builds/clone
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ - "route.openshift.io"
+ resources:
+ - routes
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ - route.openshift.io
+ resources:
+ - routes/custom-host
+ verbs:
+ - create
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: camel-k-pipeline
+subjects:
+ - kind: ServiceAccount
+ name: camel-k-pipeline
+roleRef:
+ kind: Role
+ name: camel-k-pipeline
+ apiGroup: rbac.authorization.k8s.io
diff --git a/examples/tekton/camel-k-pipeline-run.yaml b/examples/tekton/camel-k-pipeline-run.yaml
deleted file mode 100644
index bd57dbe..0000000
--- a/examples/tekton/camel-k-pipeline-run.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-apiVersion: tekton.dev/v1alpha1
-kind: PipelineResource
-metadata:
- name: camel-k-examples-git
-spec:
- type: git
- params:
- - name: revision
- value: tekton
- - name: url
- value: https://github.com/nicolaferraro/camel-k
----
-apiVersion: tekton.dev/v1alpha1
-kind: Task
-metadata:
- name: camel-k-install-operator
-spec:
- steps:
- - name: install
- image: nferraro/camel-k:1.0.0-M2-SNAPSHOT
- command:
- - kamel
- args:
- - "install"
- - "--skip-cluster-setup"
- - "--operator-image"
- - "nferraro/camel-k:1.0.0-M2-SNAPSHOT"
----
-apiVersion: tekton.dev/v1alpha1
-kind: Pipeline
-metadata:
- name: camel-k-pipeline
-spec:
- resources:
- - name: source-repo
- type: git
- tasks:
- - name: install-operator
- taskRef:
- name: camel-k-install-operator
----
-apiVersion: tekton.dev/v1alpha1
-kind: PipelineRun
-metadata:
- name: camel-k-pipeline-run-1
-spec:
- pipelineRef:
- name: camel-k-pipeline
- serviceAccount: 'default'
- resources:
- - name: source-repo
- resourceRef:
- name: camel-k-examples-git
diff --git a/examples/tekton/camel-k-pipeline-task-definition.yaml b/examples/tekton/camel-k-pipeline-task-definition.yaml
new file mode 100644
index 0000000..0c0ceb2
--- /dev/null
+++ b/examples/tekton/camel-k-pipeline-task-definition.yaml
@@ -0,0 +1,92 @@
+# ---------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ---------------------------------------------------------------------------
+
+---
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+ name: camel-k-examples-git
+spec:
+ type: git
+ params:
+ - name: revision
+ value: tekton
+ - name: url
+ value: https://github.com/nicolaferraro/camel-k
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+ name: camel-k-install-operator
+spec:
+ steps:
+ - name: install
+ image: nferraro/camel-k:1.0.0-M2-SNAPSHOT-v1
+ command:
+ - kamel
+ args:
+ - "install"
+ - "--skip-cluster-setup"
+ - "--operator-image"
+ - "nferraro/camel-k:1.0.0-M2-SNAPSHOT-v1"
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+ name: camel-k-run-integration
+spec:
+ inputs:
+ resources:
+ - name: repository
+ type: git
+ params:
+ - name: file
+ description: The integration file to run
+ steps:
+ - name: run-integration
+ image: nferraro/camel-k:1.0.0-M2-SNAPSHOT-v1
+ workingDir: /workspace/repository
+ command:
+ - kamel
+ args:
+ - "run"
+ - "--wait"
+ - "${inputs.params.file}"
+---
+apiVersion: tekton.dev/v1alpha1
+kind: Pipeline
+metadata:
+ name: camel-k-pipeline
+spec:
+ resources:
+ - name: source-repo
+ type: git
+ tasks:
+ - name: install-operator
+ taskRef:
+ name: camel-k-install-operator
+ - name: run-integration
+ runAfter: [install-operator]
+ taskRef:
+ name: camel-k-run-integration
+ resources:
+ inputs:
+ - name: repository
+ resource: source-repo
+ params:
+ - name: file
+ value: "examples/tekton/hello.groovy"
diff --git a/examples/tekton/camel-k-pipeline-task-run.yaml b/examples/tekton/camel-k-pipeline-task-run.yaml
new file mode 100644
index 0000000..263a99a
--- /dev/null
+++ b/examples/tekton/camel-k-pipeline-task-run.yaml
@@ -0,0 +1,30 @@
+# ---------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ---------------------------------------------------------------------------
+
+---
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineRun
+metadata:
+ name: camel-k-pipeline-run-13
+spec:
+ pipelineRef:
+ name: camel-k-pipeline
+ serviceAccount: 'camel-k-pipeline'
+ resources:
+ - name: source-repo
+ resourceRef:
+ name: camel-k-examples-git
diff --git a/pkg/client/client.go b/pkg/client/client.go
index eebbd28..dd0f06d 100644
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -26,6 +26,7 @@ import (
"github.com/apache/camel-k/pkg/apis"
"github.com/operator-framework/operator-sdk/pkg/k8sutil"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
@@ -39,6 +40,8 @@ import (
"sigs.k8s.io/controller-runtime/pkg/manager"
)
+const inContainerNamespaceFile = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
+
// Client is an abstraction for a k8s client
type Client interface {
controller.Client
@@ -132,6 +135,13 @@ func FromManager(manager manager.Manager) (Client, error) {
// init initialize the k8s client for usage outside the cluster
func initialize(kubeconfig string) {
if kubeconfig == "" {
+ // skip out-of-cluster initialization if inside the container
+ if kc, err := runningInKubernetesContainer(); kc && err == nil {
+ return
+ } else if err != nil {
+ logrus.Errorf("could not determine if running in a container: %v", err)
+ }
+
kubeconfig = getDefaultKubeConfigFile()
}
os.Setenv(k8sutil.KubeConfigEnvVar, kubeconfig)
@@ -148,6 +158,15 @@ func getDefaultKubeConfigFile() string {
// GetCurrentNamespace --
func GetCurrentNamespace(kubeconfig string) (string, error) {
if kubeconfig == "" {
+ kubeContainer, err := runningInKubernetesContainer()
+ if err != nil {
+ return "", err
+ }
+ if kubeContainer {
+ return getNamespaceFromKubernetesContainer()
+ }
+ }
+ if kubeconfig == "" {
kubeconfig = getDefaultKubeConfigFile()
}
if kubeconfig == "" {
@@ -174,3 +193,20 @@ func GetCurrentNamespace(kubeconfig string) (string, error) {
ns, _, err := cc.Namespace()
return ns, err
}
+
+func runningInKubernetesContainer() (bool, error) {
+ _, err := os.Stat(inContainerNamespaceFile)
+ if os.IsNotExist(err) {
+ return false, nil
+ }
+ return true, err
+}
+
+func getNamespaceFromKubernetesContainer() (string, error) {
+ var nsba []byte
+ var err error
+ if nsba, err = ioutil.ReadFile(inContainerNamespaceFile); err != nil {
+ return "", err
+ }
+ return string(nsba), nil
+}