Skip to content

guillotinaweb/aioclustermanager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

265 Commits

aioclustermanager

aioclustermanager

 
 

dist

dist

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CHANGES.rst

CHANGES.rst

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.rst

README.rst

 
 

VERSION

VERSION

 
 

k8s.md

k8s.md

 
 

requirements.txt

requirements.txt

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

test-requirements.txt

test-requirements.txt

 
 

testing.csv

testing.csv

 
 

Repository files navigation

Introduction

An asyncio library to manage orchestrators with support for Kubernetes and Nomad.

Quickstart

We use context managers with a configuration object:

config_k8s = {
    'certificate': '<client certificate data>',
    'key': '<client key data>',
    'endpoint': 'localhost:6443',
    'skip_ssl': True
}
async with K8SContextManager(k8s_config) as context:
      cm = ClusterManager(context)
      await cm.delete_namespace('aiocluster-test')
      await cm.create_namespace('aiocluster-test')

Auth

Inside cluster Auth (Pod token)

Configuration:

config_k8s = {
  'auth': 'in_cluster'
}

Token is gotten from env var KUBERNETES_SERVICE_TOKEN or /var/run/secrets/kubernetes.io/serviceaccount/token

Ca is gotten from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

Certificate BASE64

Configuration:

config_k8s = {
  'auth': 'certificate',
  'certificate': 'BASE64_CERT',
  'key': 'BASE64_KEY'
}

Certificate Files

Configuration:

config_k8s = {
  'auth': 'certificate_file',
  'certificate': 'CERT_PEM_FILE',
  'key': 'KEY_PEM_FILE'
}

Key is optional if certificate has a chain with the key

Basic Auth

Configuration:

config_k8s = {
  'auth': 'basic_auth',
  'user': 'USERNAME',
  'credentials': 'PASSWORD'
}

Token Auth

Configuration:

config_k8s = {
  'auth': 'token',
  'token': 'JWT_TOKEN_BASE_64',
}

Connection

Scheme, host and port

Configuration:

config_k8s = {
  'http_scheme': 'SCHEME',  # http/https Default: 'http'
  'endpoint': 'HOST:PORT',
}

HTTPS certificate validation

You can skip validation:

config_k8s = {
  'skip_ssl': 'false',  # 'false'/'true' Default: 'false'
}

You can define BASE64 CA certificate:

config_k8s = {
  'ca': 'BASE64_CA_CERT'
}

You can define CA certificate file:

config_k8s = {
  'ca_file': 'CERT_PEM_FILE'
}

In case its in_cluster auth the certificate is gotten from by default from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt. Can be overwritten defining your own.

Configure Cluster auth

In order to use token based auth you can define a service account on the cluster that has role based permissions to do the operations that you need.

Create serviceaccount:

$ kubectl create serviceaccount myuser -n namespace

Get token:

$ kubectl get serviceaccounts myuser -o yaml -n namespace
apiVersion: v1
kind: ServiceAccount
metadata:
  # ...
secrets:
- name: myuser-token-1yvwg
$ kubectl get secret myuser-token-1yvwg -o yaml -n namespace
apiVersion: v1
data:
  ca.crt: (APISERVER'S CA BASE64 ENCODED)
  namespace: ZGVmYXVsdA==
  token: (BEARER TOKEN BASE64 ENCODED)
kind: Secret
metadata:
  # ...
type: kubernetes.io/service-account-token

Add roles to the service account:

kubectl create clusterrolebinding myuser-job-controller --clusterrole=system:controller:job-controller --user=myuser

To Run Tests

Nomad:

You can download the nomad agent and run it with:

nomad agent -dev

Tests will connect to the local nomad to schedule the jobs

K8S:

Tests will check if there is a k8s context names docker-desktop or minikube

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

8 watching

Forks

2 forks
Report repository

Releases

45 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages