kubes_google 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/hooks/kubes.rb +11 -3
- data/lib/kubes_google/gke.rb +29 -8
- data/lib/kubes_google/service_account.rb +1 -20
- data/lib/kubes_google/util/sh.rb +23 -0
- data/lib/kubes_google/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c00e66f307251f8ea29d5ba9f624197a31f7c914615925816f5086b1948d6122
|
|
4
|
+
data.tar.gz: 75e4cfc3a285162e64ef6e0ae68b79e55f6491774cc18e3c510f7c83feed8d1f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 95d854c940d876be88544ce89e4eb67c0a85989b279bdfa42f3b7fb504f291650283c2b18f9deec03e5f35cb9d977dcd0e19497cb9a4da805d445c2a779ea88c
|
|
7
|
+
data.tar.gz: 2a7648e2f8f2aeb14dd3e8d9beb4fd920512269a8bf6dcd03ec8dce6f118731ccfafc60437b785382001691ea5d22516562338a6cfb01092f5479feb2d8ed3be
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
|
5
5
|
|
|
6
|
+
## [0.3.1] - 2020-11-11
|
|
7
|
+
- [#4](https://github.com/boltops-tools/kubes_google/pull/4) get_credentials hook
|
|
8
|
+
|
|
6
9
|
## [0.3.0]
|
|
7
10
|
- #3 gke hook to whitelist ip
|
|
8
11
|
|
data/lib/hooks/kubes.rb
CHANGED
|
@@ -1,14 +1,22 @@
|
|
|
1
1
|
gke = KubesGoogle::Gke.new(
|
|
2
|
-
|
|
2
|
+
cluster_name: KubesGoogle.config.gke.cluster_name,
|
|
3
|
+
google_region: KubesGoogle.config.gke.google_region,
|
|
4
|
+
google_project: KubesGoogle.config.gke.google_project,
|
|
5
|
+
enable_get_credentials: KubesGoogle.config.gke.enable_get_credentials,
|
|
3
6
|
whitelist_ip: KubesGoogle.config.gke.whitelist_ip,
|
|
4
7
|
)
|
|
5
8
|
|
|
9
|
+
before("apply",
|
|
10
|
+
label: "gke get-credentials hook",
|
|
11
|
+
execute: gke.method(:get_credentials).to_proc,
|
|
12
|
+
) if gke.get_credentials_enabled?
|
|
13
|
+
|
|
6
14
|
before("apply",
|
|
7
15
|
label: "gke whitelist hook",
|
|
8
16
|
execute: gke.method(:allow).to_proc,
|
|
9
|
-
)
|
|
17
|
+
) if gke.enabled?
|
|
10
18
|
|
|
11
19
|
after("apply",
|
|
12
20
|
label: "gke whitelist hook",
|
|
13
21
|
execute: gke.method(:deny).to_proc,
|
|
14
|
-
)
|
|
22
|
+
) if gke.enabled?
|
data/lib/kubes_google/gke.rb
CHANGED
|
@@ -5,35 +5,56 @@ module KubesGoogle
|
|
|
5
5
|
extend Memoist
|
|
6
6
|
include Logging
|
|
7
7
|
include Services
|
|
8
|
+
include Util::Sh
|
|
8
9
|
|
|
9
|
-
def initialize(
|
|
10
|
-
|
|
10
|
+
def initialize(cluster_name:,
|
|
11
|
+
enable_get_credentials: false,
|
|
12
|
+
google_project: nil,
|
|
13
|
+
google_region: "us-central1",
|
|
14
|
+
whitelist_ip: nil)
|
|
15
|
+
@cluster_name = cluster_name
|
|
16
|
+
@enable_get_credentials = enable_get_credentials
|
|
17
|
+
@google_project = ENV['GOOGLE_PROJECT'] || google_project
|
|
18
|
+
@google_region = ENV['GOOGLE_REGION'] || google_region
|
|
19
|
+
@whitelist_ip = whitelist_ip
|
|
11
20
|
end
|
|
12
21
|
|
|
13
22
|
def allow
|
|
14
|
-
return unless enabled?
|
|
15
23
|
logger.debug "Updating cluster. Adding IP: #{ip}"
|
|
16
24
|
update_cluster(cidr_blocks(:with_whitelist))
|
|
17
25
|
end
|
|
18
26
|
|
|
19
27
|
def deny
|
|
20
|
-
return unless enabled?
|
|
21
28
|
logger.debug "Updating cluster. Removing IP: #{ip}"
|
|
22
29
|
update_cluster(cidr_blocks(:without_whitelist))
|
|
23
30
|
end
|
|
24
31
|
|
|
25
|
-
|
|
32
|
+
def get_credentials
|
|
33
|
+
return unless get_credentials_enabled?
|
|
34
|
+
sh "gcloud container clusters get-credentials --project=#{@google_project} --region=#{@google_region} #{@cluster_name}"
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def full_name
|
|
38
|
+
"projects/#{@google_project}/locations/#{@google_region}/clusters/#{@cluster_name}"
|
|
39
|
+
end
|
|
40
|
+
|
|
26
41
|
def enabled?
|
|
27
42
|
enable = KubesGoogle.config.gke.enable_hooks
|
|
28
43
|
enable = enable.nil? ? true : enable
|
|
29
44
|
# gke = KubesGoogle::Gke.new(name: KubesGoogle.config.gke.cluster_name)
|
|
30
45
|
# so @name = KubesGoogle.config.gke.cluster_name
|
|
31
|
-
!!(enable && @
|
|
46
|
+
!!(enable && @cluster_name)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def get_credentials_enabled?
|
|
50
|
+
enable = KubesGoogle.config.gke.enable_get_credentials
|
|
51
|
+
enable = enable.nil? ? false : enable
|
|
52
|
+
!!(enable && full_name)
|
|
32
53
|
end
|
|
33
54
|
|
|
34
55
|
def update_cluster(cidr_blocks)
|
|
35
56
|
resp = cluster_manager.update_cluster(
|
|
36
|
-
name:
|
|
57
|
+
name: full_name,
|
|
37
58
|
update: {
|
|
38
59
|
desired_master_authorized_networks_config: {
|
|
39
60
|
cidr_blocks: cidr_blocks,
|
|
@@ -67,7 +88,7 @@ module KubesGoogle
|
|
|
67
88
|
end
|
|
68
89
|
|
|
69
90
|
def old_cidrs
|
|
70
|
-
resp = cluster_manager.get_cluster(name:
|
|
91
|
+
resp = cluster_manager.get_cluster(name: full_name)
|
|
71
92
|
config = resp.master_authorized_networks_config.to_h
|
|
72
93
|
config[:cidr_blocks]
|
|
73
94
|
end
|
|
@@ -4,6 +4,7 @@ require "json"
|
|
|
4
4
|
module KubesGoogle
|
|
5
5
|
class ServiceAccount
|
|
6
6
|
include Logging
|
|
7
|
+
include Util::Sh
|
|
7
8
|
|
|
8
9
|
def initialize(app:, namespace:nil, roles: [], gsa: nil, ksa: nil)
|
|
9
10
|
@app, @roles = app, roles
|
|
@@ -71,25 +72,5 @@ module KubesGoogle
|
|
|
71
72
|
--member=serviceAccount:#{@service_account} \
|
|
72
73
|
--role=#{role} > /dev/null".squish
|
|
73
74
|
end
|
|
74
|
-
|
|
75
|
-
private
|
|
76
|
-
def sh(command)
|
|
77
|
-
logger.debug "=> #{command}"
|
|
78
|
-
success = system(command)
|
|
79
|
-
unless success
|
|
80
|
-
logger.info "WARN: Running #{command}"
|
|
81
|
-
end
|
|
82
|
-
success
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
def capture(command)
|
|
86
|
-
out = `#{command}`
|
|
87
|
-
unless $?.exitstatus == 0
|
|
88
|
-
logger.info "ERROR: Running #{command}"
|
|
89
|
-
logger.info out
|
|
90
|
-
exit 1
|
|
91
|
-
end
|
|
92
|
-
out
|
|
93
|
-
end
|
|
94
75
|
end
|
|
95
76
|
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
module KubesGoogle::Util
|
|
2
|
+
module Sh
|
|
3
|
+
private
|
|
4
|
+
def sh(command)
|
|
5
|
+
logger.debug "=> #{command}"
|
|
6
|
+
success = system(command)
|
|
7
|
+
unless success
|
|
8
|
+
logger.info "WARN: Running #{command}"
|
|
9
|
+
end
|
|
10
|
+
success
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def capture(command)
|
|
14
|
+
out = `#{command}`
|
|
15
|
+
unless $?.exitstatus == 0
|
|
16
|
+
logger.info "ERROR: Running #{command}"
|
|
17
|
+
logger.info out
|
|
18
|
+
exit 1
|
|
19
|
+
end
|
|
20
|
+
out
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
data/lib/kubes_google/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kubes_google
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-11-
|
|
11
|
+
date: 2020-11-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -121,6 +121,7 @@ files:
|
|
|
121
121
|
- lib/kubes_google/secrets/fetcher.rb
|
|
122
122
|
- lib/kubes_google/service_account.rb
|
|
123
123
|
- lib/kubes_google/services.rb
|
|
124
|
+
- lib/kubes_google/util/sh.rb
|
|
124
125
|
- lib/kubes_google/version.rb
|
|
125
126
|
homepage: https://github.com/boltops-tools/kubes_google
|
|
126
127
|
licenses:
|