Merge "Add support in Armada CLI to pass user bearer tokens to tiller"
This commit is contained in:
commit
3c60a576f9
@ -129,17 +129,18 @@ SHORT_DESC = "Command installs manifest charts."
|
|||||||
help=("The target manifest to run. Required for specifying "
|
help=("The target manifest to run. Required for specifying "
|
||||||
"which manifest to run when multiple are available."),
|
"which manifest to run when multiple are available."),
|
||||||
default=None)
|
default=None)
|
||||||
|
@click.option('--bearer-token', help="User Bearer token", default=None)
|
||||||
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
||||||
@click.pass_context
|
@click.pass_context
|
||||||
def apply_create(ctx, locations, api, disable_update_post, disable_update_pre,
|
def apply_create(ctx, locations, api, disable_update_post, disable_update_pre,
|
||||||
dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
|
dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
|
||||||
tiller_port, tiller_namespace, timeout, values, wait,
|
tiller_port, tiller_namespace, timeout, values, wait,
|
||||||
target_manifest, debug):
|
target_manifest, bearer_token, debug):
|
||||||
CONF.debug = debug
|
CONF.debug = debug
|
||||||
ApplyManifest(ctx, locations, api, disable_update_post, disable_update_pre,
|
ApplyManifest(ctx, locations, api, disable_update_post, disable_update_pre,
|
||||||
dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
|
dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
|
||||||
tiller_port, tiller_namespace, timeout, values, wait,
|
tiller_port, tiller_namespace, timeout, values, wait,
|
||||||
target_manifest).safe_invoke()
|
target_manifest, bearer_token).safe_invoke()
|
||||||
|
|
||||||
|
|
||||||
class ApplyManifest(CliAction):
|
class ApplyManifest(CliAction):
|
||||||
@ -147,7 +148,7 @@ class ApplyManifest(CliAction):
|
|||||||
def __init__(self, ctx, locations, api, disable_update_post,
|
def __init__(self, ctx, locations, api, disable_update_post,
|
||||||
disable_update_pre, dry_run, enable_chart_cleanup,
|
disable_update_pre, dry_run, enable_chart_cleanup,
|
||||||
use_doc_ref, set, tiller_host, tiller_port, tiller_namespace,
|
use_doc_ref, set, tiller_host, tiller_port, tiller_namespace,
|
||||||
timeout, values, wait, target_manifest):
|
timeout, values, wait, target_manifest, bearer_token):
|
||||||
super(ApplyManifest, self).__init__()
|
super(ApplyManifest, self).__init__()
|
||||||
self.ctx = ctx
|
self.ctx = ctx
|
||||||
# Filename can also be a URL reference
|
# Filename can also be a URL reference
|
||||||
@ -166,6 +167,7 @@ class ApplyManifest(CliAction):
|
|||||||
self.values = values
|
self.values = values
|
||||||
self.wait = wait
|
self.wait = wait
|
||||||
self.target_manifest = target_manifest
|
self.target_manifest = target_manifest
|
||||||
|
self.bearer_token = bearer_token
|
||||||
|
|
||||||
def output(self, resp):
|
def output(self, resp):
|
||||||
for result in resp:
|
for result in resp:
|
||||||
@ -203,6 +205,7 @@ class ApplyManifest(CliAction):
|
|||||||
tiller_host=self.tiller_host,
|
tiller_host=self.tiller_host,
|
||||||
tiller_port=self.tiller_port,
|
tiller_port=self.tiller_port,
|
||||||
tiller_namespace=self.tiller_namespace,
|
tiller_namespace=self.tiller_namespace,
|
||||||
|
bearer_token=self.bearer_token,
|
||||||
dry_run=self.dry_run) as tiller:
|
dry_run=self.dry_run) as tiller:
|
||||||
armada = Armada(
|
armada = Armada(
|
||||||
documents,
|
documents,
|
||||||
|
@ -66,19 +66,20 @@ SHORT_DESC = "Command deletes releases."
|
|||||||
@click.option('--tiller-host', help="Tiller host IP.")
|
@click.option('--tiller-host', help="Tiller host IP.")
|
||||||
@click.option(
|
@click.option(
|
||||||
'--tiller-port', help="Tiller host port.", type=int, default=44134)
|
'--tiller-port', help="Tiller host port.", type=int, default=44134)
|
||||||
|
@click.option('--bearer-token', help="User Bearer token.", default=None)
|
||||||
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
||||||
@click.pass_context
|
@click.pass_context
|
||||||
def delete_charts(ctx, manifest, releases, no_purge, tiller_host, tiller_port,
|
def delete_charts(ctx, manifest, releases, no_purge, tiller_host, tiller_port,
|
||||||
debug):
|
bearer_token, debug):
|
||||||
CONF.debug = debug
|
CONF.debug = debug
|
||||||
DeleteChartManifest(ctx, manifest, releases, no_purge, tiller_host,
|
DeleteChartManifest(ctx, manifest, releases, no_purge, tiller_host,
|
||||||
tiller_port).safe_invoke()
|
tiller_port, bearer_token).safe_invoke()
|
||||||
|
|
||||||
|
|
||||||
class DeleteChartManifest(CliAction):
|
class DeleteChartManifest(CliAction):
|
||||||
|
|
||||||
def __init__(self, ctx, manifest, releases, no_purge, tiller_host,
|
def __init__(self, ctx, manifest, releases, no_purge, tiller_host,
|
||||||
tiller_port):
|
tiller_port, bearer_token):
|
||||||
|
|
||||||
super(DeleteChartManifest, self).__init__()
|
super(DeleteChartManifest, self).__init__()
|
||||||
self.ctx = ctx
|
self.ctx = ctx
|
||||||
@ -87,11 +88,13 @@ class DeleteChartManifest(CliAction):
|
|||||||
self.purge = not no_purge
|
self.purge = not no_purge
|
||||||
self.tiller_host = tiller_host
|
self.tiller_host = tiller_host
|
||||||
self.tiller_port = tiller_port
|
self.tiller_port = tiller_port
|
||||||
|
self.bearer_token = bearer_token
|
||||||
|
|
||||||
def invoke(self):
|
def invoke(self):
|
||||||
with Tiller(
|
with Tiller(
|
||||||
tiller_host=self.tiller_host,
|
tiller_host=self.tiller_host,
|
||||||
tiller_port=self.tiller_port) as tiller:
|
tiller_port=self.tiller_port,
|
||||||
|
bearer_token=self.bearer_token) as tiller:
|
||||||
self.handle(tiller)
|
self.handle(tiller)
|
||||||
|
|
||||||
def handle(self, tiller):
|
def handle(self, tiller):
|
||||||
|
@ -80,22 +80,23 @@ SHORT_DESC = "Command performs a release rollback."
|
|||||||
'--recreate-pods',
|
'--recreate-pods',
|
||||||
help=("Restarts pods for the resource if applicable."),
|
help=("Restarts pods for the resource if applicable."),
|
||||||
is_flag=True)
|
is_flag=True)
|
||||||
|
@click.option('--bearer-token', help=("User bearer token."), default=None)
|
||||||
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
||||||
@click.pass_context
|
@click.pass_context
|
||||||
def rollback_charts(ctx, release, version, dry_run, tiller_host, tiller_port,
|
def rollback_charts(ctx, release, version, dry_run, tiller_host, tiller_port,
|
||||||
tiller_namespace, timeout, wait, force, recreate_pods,
|
tiller_namespace, timeout, wait, force, recreate_pods,
|
||||||
debug):
|
bearer_token, debug):
|
||||||
CONF.debug = debug
|
CONF.debug = debug
|
||||||
Rollback(ctx, release, version, dry_run, tiller_host, tiller_port,
|
Rollback(ctx, release, version, dry_run, tiller_host, tiller_port,
|
||||||
tiller_namespace, timeout, wait, force,
|
tiller_namespace, timeout, wait, force, recreate_pods,
|
||||||
recreate_pods).safe_invoke()
|
bearer_token).safe_invoke()
|
||||||
|
|
||||||
|
|
||||||
class Rollback(CliAction):
|
class Rollback(CliAction):
|
||||||
|
|
||||||
def __init__(self, ctx, release, version, dry_run, tiller_host,
|
def __init__(self, ctx, release, version, dry_run, tiller_host,
|
||||||
tiller_port, tiller_namespace, timeout, wait, force,
|
tiller_port, tiller_namespace, timeout, wait, force,
|
||||||
recreate_pods):
|
recreate_pods, bearer_token):
|
||||||
super(Rollback, self).__init__()
|
super(Rollback, self).__init__()
|
||||||
self.ctx = ctx
|
self.ctx = ctx
|
||||||
self.release = release
|
self.release = release
|
||||||
@ -108,12 +109,14 @@ class Rollback(CliAction):
|
|||||||
self.wait = wait
|
self.wait = wait
|
||||||
self.force = force
|
self.force = force
|
||||||
self.recreate_pods = recreate_pods
|
self.recreate_pods = recreate_pods
|
||||||
|
self.bearer_token = bearer_token
|
||||||
|
|
||||||
def invoke(self):
|
def invoke(self):
|
||||||
with Tiller(
|
with Tiller(
|
||||||
tiller_host=self.tiller_host,
|
tiller_host=self.tiller_host,
|
||||||
tiller_port=self.tiller_port,
|
tiller_port=self.tiller_port,
|
||||||
tiller_namespace=self.tiller_namespace,
|
tiller_namespace=self.tiller_namespace,
|
||||||
|
bearer_token=self.bearer_token,
|
||||||
dry_run=self.dry_run) as tiller:
|
dry_run=self.dry_run) as tiller:
|
||||||
|
|
||||||
response = tiller.rollback_release(
|
response = tiller.rollback_release(
|
||||||
|
@ -61,19 +61,20 @@ SHORT_DESC = "Command gets Tiller information."
|
|||||||
default=CONF.tiller_namespace)
|
default=CONF.tiller_namespace)
|
||||||
@click.option('--releases', help="List of deployed releases.", is_flag=True)
|
@click.option('--releases', help="List of deployed releases.", is_flag=True)
|
||||||
@click.option('--status', help="Status of Tiller services.", is_flag=True)
|
@click.option('--status', help="Status of Tiller services.", is_flag=True)
|
||||||
|
@click.option('--bearer-token', help="User bearer token.", default=None)
|
||||||
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
@click.option('--debug', help="Enable debug logging.", is_flag=True)
|
||||||
@click.pass_context
|
@click.pass_context
|
||||||
def tiller_service(ctx, tiller_host, tiller_port, tiller_namespace, releases,
|
def tiller_service(ctx, tiller_host, tiller_port, tiller_namespace, releases,
|
||||||
status, debug):
|
status, bearer_token, debug):
|
||||||
CONF.debug = debug
|
CONF.debug = debug
|
||||||
TillerServices(ctx, tiller_host, tiller_port, tiller_namespace, releases,
|
TillerServices(ctx, tiller_host, tiller_port, tiller_namespace, releases,
|
||||||
status).safe_invoke()
|
status, bearer_token).safe_invoke()
|
||||||
|
|
||||||
|
|
||||||
class TillerServices(CliAction):
|
class TillerServices(CliAction):
|
||||||
|
|
||||||
def __init__(self, ctx, tiller_host, tiller_port, tiller_namespace,
|
def __init__(self, ctx, tiller_host, tiller_port, tiller_namespace,
|
||||||
releases, status):
|
releases, status, bearer_token):
|
||||||
super(TillerServices, self).__init__()
|
super(TillerServices, self).__init__()
|
||||||
self.ctx = ctx
|
self.ctx = ctx
|
||||||
self.tiller_host = tiller_host
|
self.tiller_host = tiller_host
|
||||||
@ -81,13 +82,15 @@ class TillerServices(CliAction):
|
|||||||
self.tiller_namespace = tiller_namespace
|
self.tiller_namespace = tiller_namespace
|
||||||
self.releases = releases
|
self.releases = releases
|
||||||
self.status = status
|
self.status = status
|
||||||
|
self.bearer_token = bearer_token
|
||||||
|
|
||||||
def invoke(self):
|
def invoke(self):
|
||||||
|
|
||||||
with Tiller(
|
with Tiller(
|
||||||
tiller_host=self.tiller_host,
|
tiller_host=self.tiller_host,
|
||||||
tiller_port=self.tiller_port,
|
tiller_port=self.tiller_port,
|
||||||
tiller_namespace=self.tiller_namespace) as tiller:
|
tiller_namespace=self.tiller_namespace,
|
||||||
|
bearer_token=self.bearer_token) as tiller:
|
||||||
|
|
||||||
self.handle(tiller)
|
self.handle(tiller)
|
||||||
|
|
||||||
|
@ -41,20 +41,30 @@ class K8s(object):
|
|||||||
Object to obtain the local kube config file
|
Object to obtain the local kube config file
|
||||||
'''
|
'''
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self, bearer_token=None):
|
||||||
'''
|
'''
|
||||||
Initialize connection to Kubernetes
|
Initialize connection to Kubernetes
|
||||||
'''
|
'''
|
||||||
|
self.bearer_token = bearer_token
|
||||||
|
api_client = None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
config.load_incluster_config()
|
config.load_incluster_config()
|
||||||
except config.config_exception.ConfigException:
|
except config.config_exception.ConfigException:
|
||||||
config.load_kube_config()
|
config.load_kube_config()
|
||||||
|
|
||||||
self.client = client.CoreV1Api()
|
if self.bearer_token:
|
||||||
self.batch_api = client.BatchV1Api()
|
# Configure API key authorization: Bearer Token
|
||||||
self.batch_v1beta1_api = client.BatchV1beta1Api()
|
configuration = client.Configuration()
|
||||||
self.extension_api = client.ExtensionsV1beta1Api()
|
configuration.api_key_prefix['authorization'] = 'Bearer'
|
||||||
self.apps_v1_api = client.AppsV1Api()
|
configuration.api_key['authorization'] = self.bearer_token
|
||||||
|
api_client = client.ApiClient(configuration)
|
||||||
|
|
||||||
|
self.client = client.CoreV1Api(api_client)
|
||||||
|
self.batch_api = client.BatchV1Api(api_client)
|
||||||
|
self.batch_v1beta1_api = client.BatchV1beta1Api(api_client)
|
||||||
|
self.extension_api = client.ExtensionsV1beta1Api(api_client)
|
||||||
|
self.apps_v1_api = client.AppsV1Api(api_client)
|
||||||
|
|
||||||
def delete_job_action(self,
|
def delete_job_action(self,
|
||||||
name,
|
name,
|
||||||
|
@ -80,14 +80,16 @@ class Tiller(object):
|
|||||||
tiller_host=None,
|
tiller_host=None,
|
||||||
tiller_port=None,
|
tiller_port=None,
|
||||||
tiller_namespace=None,
|
tiller_namespace=None,
|
||||||
|
bearer_token=None,
|
||||||
dry_run=None):
|
dry_run=None):
|
||||||
self.tiller_host = tiller_host
|
self.tiller_host = tiller_host
|
||||||
self.tiller_port = tiller_port or CONF.tiller_port
|
self.tiller_port = tiller_port or CONF.tiller_port
|
||||||
self.tiller_namespace = tiller_namespace or CONF.tiller_namespace
|
self.tiller_namespace = tiller_namespace or CONF.tiller_namespace
|
||||||
|
self.bearer_token = bearer_token
|
||||||
self.dry_run = dry_run or False
|
self.dry_run = dry_run or False
|
||||||
|
|
||||||
# init k8s connectivity
|
# init k8s connectivity
|
||||||
self.k8s = K8s()
|
self.k8s = K8s(bearer_token=self.bearer_token)
|
||||||
|
|
||||||
# init Tiller channel
|
# init Tiller channel
|
||||||
self.channel = self.get_channel()
|
self.channel = self.get_channel()
|
||||||
|
@ -54,6 +54,7 @@ Commands
|
|||||||
--target-manifest TEXT The target manifest to run. Required for
|
--target-manifest TEXT The target manifest to run. Required for
|
||||||
specifying which manifest to run when multiple
|
specifying which manifest to run when multiple
|
||||||
are available.
|
are available.
|
||||||
|
--bearer-token User bearer token.
|
||||||
--debug Enable debug logging.
|
--debug Enable debug logging.
|
||||||
--help Show this message and exit.
|
--help Show this message and exit.
|
||||||
|
|
||||||
|
@ -24,6 +24,7 @@ Commands
|
|||||||
--timeout INTEGER Tiller Host IP
|
--timeout INTEGER Tiller Host IP
|
||||||
--version INTEGER Version of release to rollback to. 0 represents the previous release
|
--version INTEGER Version of release to rollback to. 0 represents the previous release
|
||||||
--wait Version of release to rollback to. 0 represents the previous release
|
--wait Version of release to rollback to. 0 represents the previous release
|
||||||
|
--bearer-token User bearer token
|
||||||
--help Show this message and exit.
|
--help Show this message and exit.
|
||||||
|
|
||||||
Synopsis
|
Synopsis
|
||||||
|
@ -27,6 +27,7 @@ Commands
|
|||||||
-tn, --tiller-namespace TEXT Tiller namespace
|
-tn, --tiller-namespace TEXT Tiller namespace
|
||||||
--releases list of deployed releses
|
--releases list of deployed releses
|
||||||
--status Status of Armada services
|
--status Status of Armada services
|
||||||
|
--bearer-token User bearer token
|
||||||
--help Show this message and exit.
|
--help Show this message and exit.
|
||||||
|
|
||||||
Synopsis
|
Synopsis
|
||||||
|
@ -224,3 +224,25 @@ for example:
|
|||||||
description: Change value deploy
|
description: Change value deploy
|
||||||
chart_group:
|
chart_group:
|
||||||
- blog-1
|
- blog-1
|
||||||
|
|
||||||
|
User bearer token
|
||||||
|
-----------------
|
||||||
|
It is possible to pass the user bearer token from the armada CLI to interact
|
||||||
|
with a kubernetes cluster that has been configured with an external Auth-backend
|
||||||
|
like openstack-keystone.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
armada apply --bearer-token [ TOKEN ] --values [ path_to_yaml ] [ FILE ]
|
||||||
|
|
||||||
|
armada tiller --bearer-token [ TOKEN ] --status
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
The bearer token option is available for the following commands
|
||||||
|
|
||||||
|
armada apply
|
||||||
|
armada delete
|
||||||
|
armada tiller
|
||||||
|
armada rollback
|
||||||
|
Loading…
x
Reference in New Issue
Block a user