kubes_google 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d795d19cc6f90fc23eb69f9e93a2e04993ce14d8681634961fb8ef349c95fd7c
4
- data.tar.gz: 3acb4ab90062ac61f1e1a82cbe70319ea0086d7fcd9490bd290cc92fc0141683
3
+ metadata.gz: c2b41e672639ece65b0c749581b7321b30a48213744e28aa63e3e71bf6cf3fd3
4
+ data.tar.gz: 0b4006a22492fb1424c3d45b880f9a784deee99d824e986fb7a52e835196f955
5
5
  SHA512:
6
- metadata.gz: 8048442e2abd946050b7740f1c7f60b7d528a18464e779f9a677cc41ed67182b218f44852096ab65558616c5b1bd3b293b2ca6b164dee12808d575ca1227c607
7
- data.tar.gz: ae2add8d4baf621d40174eca105add4df3a752d0a27873f50ae1b97e830d601ad95c65b12e976f0320e2bbf60cd4866249dda677078bd17134ad639354856e49
6
+ metadata.gz: 139e70fe3e151df3fcefa12a4a8d7a7a45b08bc62909815b4be865906e7400f1c5141a42e41331b13aa774b6f04caca3d06a7a882c6a486646047d11a0d09a3f
7
+ data.tar.gz: 9c6058c9157f05a8be7aa662fedc71ada94171e7c4fe5086552c68743a683467a2247fa549d2217f6017ea3ed84fdc80cf18f85a2a2f934753546d95d93af943
@@ -3,6 +3,9 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.3.0]
7
+ - #3 gke hook to whitelist ip
8
+
6
9
  ## [0.2.0]
7
10
  - #2 add google_secret helper and register plugin
8
11
  - fix GOOGLE_PROJECT check
@@ -23,7 +23,10 @@ Gem::Specification.new do |spec|
23
23
  spec.require_paths = ["lib"]
24
24
 
25
25
  spec.add_dependency "activesupport"
26
+ spec.add_dependency "google-cloud-container"
26
27
  spec.add_dependency "google-cloud-secret_manager"
27
28
  spec.add_dependency "memoist"
28
29
  spec.add_dependency "zeitwerk"
30
+
31
+ spec.add_development_dependency "kubes"
29
32
  end
@@ -0,0 +1,14 @@
1
+ gke = KubesGoogle::Gke.new(
2
+ name: KubesGoogle.config.gke.cluster_name,
3
+ whitelist_ip: KubesGoogle.config.gke.whitelist_ip,
4
+ )
5
+
6
+ before("apply",
7
+ label: "gke whitelist hook",
8
+ execute: gke.method(:allow).to_proc,
9
+ )
10
+
11
+ after("apply",
12
+ label: "gke whitelist hook",
13
+ execute: gke.method(:deny).to_proc,
14
+ )
@@ -16,6 +16,25 @@ module KubesGoogle
16
16
  @@logger = v
17
17
  end
18
18
 
19
+ # Friendlier method configure.
20
+ #
21
+ # .kubes/config/env/dev.rb
22
+ # .kubes/config/plugins/google.rb # also works
23
+ #
24
+ # Example:
25
+ #
26
+ # KubesGoogle.configure do |config|
27
+ # config.hooks.gke_whitelist = true
28
+ # end
29
+ #
30
+ def configure(&block)
31
+ Config.instance.configure(&block)
32
+ end
33
+
34
+ def config
35
+ Config.instance.config
36
+ end
37
+
19
38
  extend self
20
39
  end
21
40
 
@@ -0,0 +1,23 @@
1
+ module KubesGoogle
2
+ class Config
3
+ include Singleton
4
+
5
+ def defaults
6
+ c = ActiveSupport::OrderedOptions.new
7
+ c.gke = ActiveSupport::OrderedOptions.new
8
+ c.gke.cluster_name = nil
9
+ c.gke.enable_hooks = nil # nil since need cluster_name also. setting to false will explicitly disable hooks
10
+ c.gke.whitelist_ip = nil # default will auto-detect IP
11
+ c
12
+ end
13
+
14
+ @@config = nil
15
+ def config
16
+ @@config ||= defaults
17
+ end
18
+
19
+ def configure
20
+ yield(config)
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,99 @@
1
+ require 'open-uri'
2
+
3
+ module KubesGoogle
4
+ class Gke
5
+ extend Memoist
6
+ include Logging
7
+ include Services
8
+
9
+ def initialize(name:, whitelist_ip: nil)
10
+ @name, @whitelist_ip = name, whitelist_ip
11
+ end
12
+
13
+ def allow
14
+ return unless enabled?
15
+ logger.debug "Updating cluster. Adding IP: #{ip}"
16
+ update_cluster(cidr_blocks(:with_whitelist))
17
+ end
18
+
19
+ def deny
20
+ return unless enabled?
21
+ logger.debug "Updating cluster. Removing IP: #{ip}"
22
+ update_cluster(cidr_blocks(:without_whitelist))
23
+ end
24
+
25
+ # Setting the cluster name is enough to enable the hooks
26
+ def enabled?
27
+ enable = KubesGoogle.config.gke.enable_hooks
28
+ enable = enable.nil? ? true : enable
29
+ # gke = KubesGoogle::Gke.new(name: KubesGoogle.config.gke.cluster_name)
30
+ # so @name = KubesGoogle.config.gke.cluster_name
31
+ !!(enable && @name)
32
+ end
33
+
34
+ def update_cluster(cidr_blocks)
35
+ resp = cluster_manager.update_cluster(
36
+ name: @name,
37
+ update: {
38
+ desired_master_authorized_networks_config: {
39
+ cidr_blocks: cidr_blocks,
40
+ enabled: true,
41
+ }
42
+ }
43
+ )
44
+ operation_name = resp.self_link.sub(/.*projects/,'projects')
45
+ wait_for(operation_name)
46
+ end
47
+
48
+ def wait_for(operation_name)
49
+ resp = cluster_manager.get_operation(name: operation_name)
50
+ until resp.status != :RUNNING do
51
+ sleep 5
52
+ resp = cluster_manager.get_operation(name: operation_name)
53
+ end
54
+ end
55
+
56
+ def cidr_blocks(type)
57
+ # so we dont keep adding duplicates
58
+ old = old_cidrs.reject do |x|
59
+ x[:display_name] == new_cidr[:display_name] &&
60
+ x[:cidr_block] == new_cidr[:cidr_block]
61
+ end
62
+ if type == :with_whitelist
63
+ old + [new_cidr]
64
+ else
65
+ old
66
+ end
67
+ end
68
+
69
+ def old_cidrs
70
+ resp = cluster_manager.get_cluster(name: @name)
71
+ config = resp.master_authorized_networks_config.to_h
72
+ config[:cidr_blocks]
73
+ end
74
+ memoize :old_cidrs
75
+
76
+ def new_cidr
77
+ {
78
+ display_name: "added-by-kubes-google",
79
+ cidr_block: ip,
80
+ }
81
+ end
82
+ memoize :new_cidr
83
+
84
+ def ip
85
+ @whitelist_ip || current_ip
86
+ end
87
+
88
+ def current_ip
89
+ resp = URI.open("http://ifconfig.me")
90
+ ip = resp.read
91
+ "#{ip}/32"
92
+ rescue SocketError => e
93
+ logger.info "WARN: #{e.message}"
94
+ logger.info "Unable to detect current ip. Will use 0.0.0.0/0"
95
+ "0.0.0.0/0"
96
+ end
97
+ memoize :current_ip
98
+ end
99
+ end
@@ -0,0 +1,7 @@
1
+ module KubesGoogle
2
+ class Hooks
3
+ def path
4
+ File.expand_path("../hooks", __dir__)
5
+ end
6
+ end
7
+ end
@@ -1,9 +1,15 @@
1
1
  require "google-cloud-secret_manager"
2
+ require "google/cloud/container"
2
3
 
3
4
  module KubesGoogle
4
5
  module Services
5
6
  extend Memoist
6
7
 
8
+ def cluster_manager
9
+ Google::Cloud::Container.cluster_manager
10
+ end
11
+ memoize :cluster_manager
12
+
7
13
  def secret_manager_service
8
14
  Google::Cloud::SecretManager.secret_manager_service
9
15
  end
@@ -1,3 +1,3 @@
1
1
  module KubesGoogle
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes_google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-11-09 00:00:00.000000000 Z
11
+ date: 2020-11-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -24,6 +24,20 @@ dependencies:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: google-cloud-container
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: google-cloud-secret_manager
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -66,6 +80,20 @@ dependencies:
66
80
  - - ">="
67
81
  - !ruby/object:Gem::Version
68
82
  version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: kubes
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
69
97
  description:
70
98
  email:
71
99
  - tung@boltops.com
@@ -81,9 +109,13 @@ files:
81
109
  - README.md
82
110
  - Rakefile
83
111
  - kubes_google.gemspec
112
+ - lib/hooks/kubes.rb
84
113
  - lib/kubes_google.rb
85
114
  - lib/kubes_google/autoloader.rb
115
+ - lib/kubes_google/config.rb
116
+ - lib/kubes_google/gke.rb
86
117
  - lib/kubes_google/helpers.rb
118
+ - lib/kubes_google/hooks.rb
87
119
  - lib/kubes_google/logging.rb
88
120
  - lib/kubes_google/secrets.rb
89
121
  - lib/kubes_google/secrets/fetcher.rb