feat(docker/kubernetes): backend docker and kubernetes dependency updates (#5861)
* client-go library update + go mod tidy * update all k8s methods to include context * docker/cli updated to v20.10.9 (latest) * - removed docker/docker to docker/engine replace directive - go mod tidy * docker/docker updated to v20.10.9 (latest)pull/5877/head
zees-dev
GitHub
parent
e6d690e31e
commit
54d47ebc76
40
api/go.mod
40
api/go.mod
|
|
@ -3,37 +3,31 @@ module github.com/portainer/portainer/api
|
||||||
go 1.16
|
go 1.16
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
|
github.com/Microsoft/go-winio v0.4.17
|
||||||
github.com/Microsoft/go-winio v0.4.16
|
|
||||||
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
|
|
||||||
github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect
|
github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect
|
||||||
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
|
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
|
||||||
github.com/boltdb/bolt v1.3.1
|
github.com/boltdb/bolt v1.3.1
|
||||||
github.com/containerd/containerd v1.3.1 // indirect
|
github.com/containerd/containerd v1.5.7 // indirect
|
||||||
github.com/coreos/go-semver v0.3.0
|
github.com/coreos/go-semver v0.3.0
|
||||||
github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
|
github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
|
||||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible
|
github.com/dgrijalva/jwt-go v3.2.0+incompatible
|
||||||
github.com/docker/cli v0.0.0-20191126203649-54d085b857e9
|
github.com/docker/cli v20.10.9+incompatible
|
||||||
github.com/docker/distribution v2.7.1+incompatible // indirect
|
github.com/docker/docker v20.10.9+incompatible
|
||||||
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0
|
|
||||||
github.com/docker/go-connections v0.4.0 // indirect
|
github.com/docker/go-connections v0.4.0 // indirect
|
||||||
github.com/docker/go-units v0.4.0 // indirect
|
|
||||||
github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814
|
github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814
|
||||||
github.com/go-git/go-git/v5 v5.3.0
|
github.com/go-git/go-git/v5 v5.3.0
|
||||||
github.com/go-ldap/ldap/v3 v3.1.8
|
github.com/go-ldap/ldap/v3 v3.1.8
|
||||||
github.com/gofrs/uuid v3.2.0+incompatible
|
github.com/gofrs/uuid v4.0.0+incompatible
|
||||||
|
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
|
||||||
github.com/gorilla/mux v1.7.3
|
github.com/gorilla/mux v1.7.3
|
||||||
github.com/gorilla/securecookie v1.1.1
|
github.com/gorilla/securecookie v1.1.1
|
||||||
github.com/gorilla/websocket v1.4.1
|
github.com/gorilla/websocket v1.4.2
|
||||||
github.com/joho/godotenv v1.3.0
|
github.com/joho/godotenv v1.3.0
|
||||||
github.com/jpillora/chisel v0.0.0-20190724232113-f3a8df20e389
|
github.com/jpillora/chisel v0.0.0-20190724232113-f3a8df20e389
|
||||||
github.com/json-iterator/go v1.1.10
|
github.com/json-iterator/go v1.1.11
|
||||||
github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c
|
github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c
|
||||||
github.com/mattn/go-shellwords v1.0.6 // indirect
|
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
|
||||||
github.com/mitchellh/mapstructure v1.1.2 // indirect
|
|
||||||
github.com/morikuni/aec v1.0.0 // indirect
|
github.com/morikuni/aec v1.0.0 // indirect
|
||||||
github.com/opencontainers/go-digest v1.0.0 // indirect
|
|
||||||
github.com/opencontainers/image-spec v1.0.1 // indirect
|
|
||||||
github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
|
github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
|
||||||
github.com/pkg/errors v0.9.1
|
github.com/pkg/errors v0.9.1
|
||||||
github.com/portainer/docker-compose-wrapper v0.0.0-20210909083948-8be0d98451a1
|
github.com/portainer/docker-compose-wrapper v0.0.0-20210909083948-8be0d98451a1
|
||||||
|
|
@ -43,18 +37,14 @@ require (
|
||||||
github.com/robfig/cron/v3 v3.0.1
|
github.com/robfig/cron/v3 v3.0.1
|
||||||
github.com/sirupsen/logrus v1.8.1
|
github.com/sirupsen/logrus v1.8.1
|
||||||
github.com/stretchr/testify v1.7.0
|
github.com/stretchr/testify v1.7.0
|
||||||
|
github.com/swaggo/swag v1.7.3
|
||||||
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
|
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
|
||||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
|
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
|
||||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
|
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
|
||||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
|
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
||||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6
|
gopkg.in/alecthomas/kingpin.v2 v2.2.6
|
||||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
|
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
|
||||||
gotest.tools v2.2.0+incompatible // indirect
|
k8s.io/api v0.22.2
|
||||||
k8s.io/api v0.17.2
|
k8s.io/apimachinery v0.22.2
|
||||||
k8s.io/apimachinery v0.17.2
|
k8s.io/client-go v0.22.2
|
||||||
k8s.io/client-go v0.17.2
|
|
||||||
)
|
)
|
||||||
|
|
||||||
replace github.com/docker/docker => github.com/docker/engine v1.4.2-0.20200204220554-5f6d6f3f2203
|
|
||||||
|
|
||||||
replace golang.org/x/sys => golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456
|
|
||||||
|
|
|
||||||
965
api/go.sum
965
api/go.sum
File diff suppressed because it is too large
Load Diff
|
|
@ -1,6 +1,7 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
|
@ -27,7 +28,7 @@ func (kcl *KubeClient) NamespaceAccessPoliciesDeleteNamespace(ns string) error {
|
||||||
// GetNamespaceAccessPolicies gets the namespace access policies
|
// GetNamespaceAccessPolicies gets the namespace access policies
|
||||||
// from config maps in the portainer namespace
|
// from config maps in the portainer namespace
|
||||||
func (kcl *KubeClient) GetNamespaceAccessPolicies() (map[string]portainer.K8sNamespaceAccessPolicy, error) {
|
func (kcl *KubeClient) GetNamespaceAccessPolicies() (map[string]portainer.K8sNamespaceAccessPolicy, error) {
|
||||||
configMap, err := kcl.cli.CoreV1().ConfigMaps(portainerNamespace).Get(portainerConfigMapName, metav1.GetOptions{})
|
configMap, err := kcl.cli.CoreV1().ConfigMaps(portainerNamespace).Get(context.TODO(), portainerConfigMapName, metav1.GetOptions{})
|
||||||
if k8serrors.IsNotFound(err) {
|
if k8serrors.IsNotFound(err) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
|
|
@ -50,7 +51,7 @@ func (kcl *KubeClient) setupNamespaceAccesses(userID int, teamIDs []int, service
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
namespaces, err := kcl.cli.CoreV1().Namespaces().List(metav1.ListOptions{})
|
namespaces, err := kcl.cli.CoreV1().Namespaces().List(context.TODO(), metav1.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
@ -105,7 +106,7 @@ func (kcl *KubeClient) UpdateNamespaceAccessPolicies(accessPolicies map[string]p
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
configMap, err := kcl.cli.CoreV1().ConfigMaps(portainerNamespace).Get(portainerConfigMapName, metav1.GetOptions{})
|
configMap, err := kcl.cli.CoreV1().ConfigMaps(portainerNamespace).Get(context.TODO(), portainerConfigMapName, metav1.GetOptions{})
|
||||||
if k8serrors.IsNotFound(err) {
|
if k8serrors.IsNotFound(err) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
@ -115,7 +116,7 @@ func (kcl *KubeClient) UpdateNamespaceAccessPolicies(accessPolicies map[string]p
|
||||||
}
|
}
|
||||||
|
|
||||||
configMap.Data[portainerConfigMapAccessPoliciesKey] = string(data)
|
configMap.Data[portainerConfigMapAccessPoliciesKey] = string(data)
|
||||||
_, err = kcl.cli.CoreV1().ConfigMaps(portainerNamespace).Update(configMap)
|
_, err = kcl.cli.CoreV1().ConfigMaps(portainerNamespace).Update(context.TODO(), configMap, metav1.UpdateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
|
@ -51,10 +52,10 @@ func Test_NamespaceAccessPoliciesDeleteNamespace_updatesPortainerConfig_whenConf
|
||||||
"NamespaceAccessPolicies": `{"ns1":{"UserAccessPolicies":{"2":{"RoleId":0}}}, "ns2":{"UserAccessPolicies":{"2":{"RoleId":0}}}}`,
|
"NamespaceAccessPolicies": `{"ns1":{"UserAccessPolicies":{"2":{"RoleId":0}}}, "ns2":{"UserAccessPolicies":{"2":{"RoleId":0}}}}`,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
_, err := k.cli.CoreV1().ConfigMaps(portainerNamespace).Create(config)
|
_, err := k.cli.CoreV1().ConfigMaps(portainerNamespace).Create(context.Background(), config, metav1.CreateOptions{})
|
||||||
assert.NoError(t, err, "failed to create a portainer config")
|
assert.NoError(t, err, "failed to create a portainer config")
|
||||||
defer func() {
|
defer func() {
|
||||||
k.cli.CoreV1().ConfigMaps(portainerNamespace).Delete(portainerConfigMapName, nil)
|
k.cli.CoreV1().ConfigMaps(portainerNamespace).Delete(context.Background(), portainerConfigMapName, metav1.DeleteOptions{})
|
||||||
}()
|
}()
|
||||||
|
|
||||||
err = k.NamespaceAccessPoliciesDeleteNamespace(test.namespaceToDelete)
|
err = k.NamespaceAccessPoliciesDeleteNamespace(test.namespaceToDelete)
|
||||||
|
|
|
||||||
|
|
@ -50,8 +50,8 @@ func Test_GetKubeConfig(t *testing.T) {
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: tokenData.Username},
|
ObjectMeta: metav1.ObjectMeta{Name: tokenData.Username},
|
||||||
}
|
}
|
||||||
|
|
||||||
k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(serviceAccount)
|
k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{})
|
||||||
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(serviceAccount.Name, nil)
|
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(context.Background(), serviceAccount.Name, metav1.DeleteOptions{})
|
||||||
|
|
||||||
_, err := k.GetKubeConfig(context.Background(), "localhost", "abc", tokenData)
|
_, err := k.GetKubeConfig(context.Background(), "localhost", "abc", tokenData)
|
||||||
|
|
||||||
|
|
@ -75,8 +75,8 @@ func Test_GetKubeConfig(t *testing.T) {
|
||||||
ObjectMeta: metav1.ObjectMeta{Name: nonAdminUserName},
|
ObjectMeta: metav1.ObjectMeta{Name: nonAdminUserName},
|
||||||
}
|
}
|
||||||
|
|
||||||
k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(serviceAccount)
|
k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{})
|
||||||
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(serviceAccount.Name, nil)
|
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(context.Background(), serviceAccount.Name, metav1.DeleteOptions{})
|
||||||
|
|
||||||
_, err := k.GetKubeConfig(context.Background(), "localhost", "abc", tokenData)
|
_, err := k.GetKubeConfig(context.Background(), "localhost", "abc", tokenData)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
|
@ -44,7 +45,7 @@ func (kcl *KubeClient) ToggleSystemState(namespaceName string, isSystem bool) er
|
||||||
|
|
||||||
nsService := kcl.cli.CoreV1().Namespaces()
|
nsService := kcl.cli.CoreV1().Namespaces()
|
||||||
|
|
||||||
namespace, err := nsService.Get(namespaceName, metav1.GetOptions{})
|
namespace, err := nsService.Get(context.TODO(), namespaceName, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "failed fetching namespace object")
|
return errors.Wrap(err, "failed fetching namespace object")
|
||||||
}
|
}
|
||||||
|
|
@ -59,7 +60,7 @@ func (kcl *KubeClient) ToggleSystemState(namespaceName string, isSystem bool) er
|
||||||
|
|
||||||
namespace.Labels[systemNamespaceLabel] = strconv.FormatBool(isSystem)
|
namespace.Labels[systemNamespaceLabel] = strconv.FormatBool(isSystem)
|
||||||
|
|
||||||
_, err = nsService.Update(namespace)
|
_, err = nsService.Update(context.TODO(), namespace, metav1.UpdateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "failed updating namespace object")
|
return errors.Wrap(err, "failed updating namespace object")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,14 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"strconv"
|
"strconv"
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
portainer "github.com/portainer/portainer/api"
|
portainer "github.com/portainer/portainer/api"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
||||||
core "k8s.io/api/core/v1"
|
core "k8s.io/api/core/v1"
|
||||||
ktypes "k8s.io/api/core/v1"
|
|
||||||
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
kfake "k8s.io/client-go/kubernetes/fake"
|
kfake "k8s.io/client-go/kubernetes/fake"
|
||||||
)
|
)
|
||||||
|
|
@ -19,7 +17,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
t.Run("should skip is default (exit without error)", func(t *testing.T) {
|
t.Run("should skip is default (exit without error)", func(t *testing.T) {
|
||||||
nsName := "default"
|
nsName := "default"
|
||||||
kcl := &KubeClient{
|
kcl := &KubeClient{
|
||||||
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: meta.ObjectMeta{Name: nsName}}),
|
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}),
|
||||||
instanceID: "instance",
|
instanceID: "instance",
|
||||||
lock: &sync.Mutex{},
|
lock: &sync.Mutex{},
|
||||||
}
|
}
|
||||||
|
|
@ -27,7 +25,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
err := kcl.ToggleSystemState(nsName, true)
|
err := kcl.ToggleSystemState(nsName, true)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
ns, err := kcl.cli.CoreV1().Namespaces().Get(nsName, meta.GetOptions{})
|
ns, err := kcl.cli.CoreV1().Namespaces().Get(context.Background(), nsName, metav1.GetOptions{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
_, exists := ns.Labels[systemNamespaceLabel]
|
_, exists := ns.Labels[systemNamespaceLabel]
|
||||||
|
|
@ -59,7 +57,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
t.Run(strconv.FormatBool(test.isSystem), func(t *testing.T) {
|
t.Run(strconv.FormatBool(test.isSystem), func(t *testing.T) {
|
||||||
kcl := &KubeClient{
|
kcl := &KubeClient{
|
||||||
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: meta.ObjectMeta{Name: nsName, Labels: map[string]string{
|
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName, Labels: map[string]string{
|
||||||
systemNamespaceLabel: strconv.FormatBool(test.isSystem),
|
systemNamespaceLabel: strconv.FormatBool(test.isSystem),
|
||||||
}}}),
|
}}}),
|
||||||
instanceID: "instance",
|
instanceID: "instance",
|
||||||
|
|
@ -69,7 +67,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
err := kcl.ToggleSystemState(nsName, test.isSystem)
|
err := kcl.ToggleSystemState(nsName, test.isSystem)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
ns, err := kcl.cli.CoreV1().Namespaces().Get(nsName, meta.GetOptions{})
|
ns, err := kcl.cli.CoreV1().Namespaces().Get(context.Background(), nsName, metav1.GetOptions{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, test.isSystem, isSystemNamespace(*ns))
|
assert.Equal(t, test.isSystem, isSystemNamespace(*ns))
|
||||||
|
|
@ -81,7 +79,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
nsName := "namespace"
|
nsName := "namespace"
|
||||||
|
|
||||||
kcl := &KubeClient{
|
kcl := &KubeClient{
|
||||||
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: meta.ObjectMeta{Name: nsName}}),
|
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}),
|
||||||
instanceID: "instance",
|
instanceID: "instance",
|
||||||
lock: &sync.Mutex{},
|
lock: &sync.Mutex{},
|
||||||
}
|
}
|
||||||
|
|
@ -89,7 +87,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
err := kcl.ToggleSystemState(nsName, true)
|
err := kcl.ToggleSystemState(nsName, true)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
ns, err := kcl.cli.CoreV1().Namespaces().Get(nsName, meta.GetOptions{})
|
ns, err := kcl.cli.CoreV1().Namespaces().Get(context.Background(), nsName, metav1.GetOptions{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
||||||
|
|
@ -102,7 +100,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
nsName := "portainer"
|
nsName := "portainer"
|
||||||
|
|
||||||
kcl := &KubeClient{
|
kcl := &KubeClient{
|
||||||
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: meta.ObjectMeta{Name: nsName}}),
|
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}),
|
||||||
instanceID: "instance",
|
instanceID: "instance",
|
||||||
lock: &sync.Mutex{},
|
lock: &sync.Mutex{},
|
||||||
}
|
}
|
||||||
|
|
@ -110,7 +108,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
err := kcl.ToggleSystemState(nsName, false)
|
err := kcl.ToggleSystemState(nsName, false)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
ns, err := kcl.cli.CoreV1().Namespaces().Get(nsName, meta.GetOptions{})
|
ns, err := kcl.cli.CoreV1().Namespaces().Get(context.Background(), nsName, metav1.GetOptions{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
||||||
|
|
@ -123,7 +121,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
nsName := "namespace"
|
nsName := "namespace"
|
||||||
|
|
||||||
kcl := &KubeClient{
|
kcl := &KubeClient{
|
||||||
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: meta.ObjectMeta{Name: nsName, Labels: map[string]string{
|
cli: kfake.NewSimpleClientset(&core.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName, Labels: map[string]string{
|
||||||
systemNamespaceLabel: "true",
|
systemNamespaceLabel: "true",
|
||||||
}}}),
|
}}}),
|
||||||
instanceID: "instance",
|
instanceID: "instance",
|
||||||
|
|
@ -133,7 +131,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
err := kcl.ToggleSystemState(nsName, false)
|
err := kcl.ToggleSystemState(nsName, false)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
ns, err := kcl.cli.CoreV1().Namespaces().Get(nsName, meta.GetOptions{})
|
ns, err := kcl.cli.CoreV1().Namespaces().Get(context.Background(), nsName, metav1.GetOptions{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
||||||
|
|
@ -144,11 +142,11 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
t.Run("for non system namespace (with label), if called with true, should set the label, and remove accesses", func(t *testing.T) {
|
t.Run("for non system namespace (with label), if called with true, should set the label, and remove accesses", func(t *testing.T) {
|
||||||
nsName := "ns1"
|
nsName := "ns1"
|
||||||
|
|
||||||
namespace := &core.Namespace{ObjectMeta: meta.ObjectMeta{Name: nsName, Labels: map[string]string{
|
namespace := &core.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName, Labels: map[string]string{
|
||||||
systemNamespaceLabel: "false",
|
systemNamespaceLabel: "false",
|
||||||
}}}
|
}}}
|
||||||
|
|
||||||
config := &ktypes.ConfigMap{
|
config := &core.ConfigMap{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: portainerConfigMapName,
|
Name: portainerConfigMapName,
|
||||||
Namespace: portainerNamespace,
|
Namespace: portainerNamespace,
|
||||||
|
|
@ -167,7 +165,7 @@ func Test_ToggleSystemState(t *testing.T) {
|
||||||
err := kcl.ToggleSystemState(nsName, true)
|
err := kcl.ToggleSystemState(nsName, true)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
ns, err := kcl.cli.CoreV1().Namespaces().Get(nsName, meta.GetOptions{})
|
ns, err := kcl.cli.CoreV1().Namespaces().Get(context.Background(), nsName, metav1.GetOptions{})
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
labelValue, exists := ns.Labels[systemNamespaceLabel]
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
|
||||||
portainer "github.com/portainer/portainer/api"
|
portainer "github.com/portainer/portainer/api"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
@ -9,12 +11,12 @@ import (
|
||||||
func (kcl *KubeClient) GetNodesLimits() (portainer.K8sNodesLimits, error) {
|
func (kcl *KubeClient) GetNodesLimits() (portainer.K8sNodesLimits, error) {
|
||||||
nodesLimits := make(portainer.K8sNodesLimits)
|
nodesLimits := make(portainer.K8sNodesLimits)
|
||||||
|
|
||||||
nodes, err := kcl.cli.CoreV1().Nodes().List(metav1.ListOptions{})
|
nodes, err := kcl.cli.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
pods, err := kcl.cli.CoreV1().Pods("").List(metav1.ListOptions{})
|
pods, err := kcl.cli.CoreV1().Pods("").List(context.TODO(), metav1.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,7 @@ func (kcl *KubeClient) CreateUserShellPod(ctx context.Context, serviceAccountNam
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
shellPod, err := kcl.cli.CoreV1().Pods(portainerNamespace).Create(podSpec)
|
shellPod, err := kcl.cli.CoreV1().Pods(portainerNamespace).Create(ctx, podSpec, metav1.CreateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "error creating shell pod")
|
return nil, errors.Wrap(err, "error creating shell pod")
|
||||||
}
|
}
|
||||||
|
|
@ -58,12 +58,12 @@ func (kcl *KubeClient) CreateUserShellPod(ctx context.Context, serviceAccountNam
|
||||||
defer cancelFunc()
|
defer cancelFunc()
|
||||||
err = kcl.waitForPodStatus(timeoutCtx, v1.PodRunning, shellPod)
|
err = kcl.waitForPodStatus(timeoutCtx, v1.PodRunning, shellPod)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(shellPod.Name, nil)
|
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(context.TODO(), shellPod.Name, metav1.DeleteOptions{})
|
||||||
return nil, errors.Wrap(err, "aborting pod creation; error waiting for shell pod ready status")
|
return nil, errors.Wrap(err, "aborting pod creation; error waiting for shell pod ready status")
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(shellPod.Spec.Containers) != 1 {
|
if len(shellPod.Spec.Containers) != 1 {
|
||||||
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(shellPod.Name, nil)
|
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(context.TODO(), shellPod.Name, metav1.DeleteOptions{})
|
||||||
return nil, fmt.Errorf("incorrect shell pod state, expecting single container to be present")
|
return nil, fmt.Errorf("incorrect shell pod state, expecting single container to be present")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -79,11 +79,11 @@ func (kcl *KubeClient) CreateUserShellPod(ctx context.Context, serviceAccountNam
|
||||||
select {
|
select {
|
||||||
case <-time.After(portainer.WebSocketKeepAlive):
|
case <-time.After(portainer.WebSocketKeepAlive):
|
||||||
log.Println("[DEBUG] [internal,kubernetes/pod] [message: pod removal schedule duration exceeded]")
|
log.Println("[DEBUG] [internal,kubernetes/pod] [message: pod removal schedule duration exceeded]")
|
||||||
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(shellPod.Name, nil)
|
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(context.TODO(), shellPod.Name, metav1.DeleteOptions{})
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
err := ctx.Err()
|
err := ctx.Err()
|
||||||
log.Printf("[DEBUG] [internal,kubernetes/pod] [message: context error: err=%s ]\n", err)
|
log.Printf("[DEBUG] [internal,kubernetes/pod] [message: context error: err=%s ]\n", err)
|
||||||
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(shellPod.Name, nil)
|
kcl.cli.CoreV1().Pods(portainerNamespace).Delete(context.TODO(), shellPod.Name, metav1.DeleteOptions{})
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
|
@ -101,7 +101,7 @@ func (kcl *KubeClient) waitForPodStatus(ctx context.Context, phase v1.PodPhase,
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
return ctx.Err()
|
return ctx.Err()
|
||||||
default:
|
default:
|
||||||
pod, err := kcl.cli.CoreV1().Pods(pod.Namespace).Get(pod.Name, metav1.GetOptions{})
|
pod, err := kcl.cli.CoreV1().Pods(pod.Namespace).Get(ctx, pod.Name, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -50,11 +50,11 @@ func Test_waitForPodStatus(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
pod, err := k.cli.CoreV1().Pods(defaultNamespace).Create(podSpec)
|
pod, err := k.cli.CoreV1().Pods(defaultNamespace).Create(context.Background(), podSpec, metav1.CreateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("failed to create pod; err=%s", err)
|
t.Errorf("failed to create pod; err=%s", err)
|
||||||
}
|
}
|
||||||
defer k.cli.CoreV1().Pods(defaultNamespace).Delete(pod.Name, nil)
|
defer k.cli.CoreV1().Pods(defaultNamespace).Delete(context.Background(), pod.Name, metav1.DeleteOptions{})
|
||||||
|
|
||||||
ctx, cancelFunc := context.WithTimeout(context.TODO(), 0*time.Second)
|
ctx, cancelFunc := context.WithTimeout(context.TODO(), 0*time.Second)
|
||||||
defer cancelFunc()
|
defer cancelFunc()
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
@ -29,7 +30,7 @@ type (
|
||||||
)
|
)
|
||||||
|
|
||||||
func (kcl *KubeClient) DeleteRegistrySecret(registry *portainer.Registry, namespace string) error {
|
func (kcl *KubeClient) DeleteRegistrySecret(registry *portainer.Registry, namespace string) error {
|
||||||
err := kcl.cli.CoreV1().Secrets(namespace).Delete(registrySecretName(registry), &metav1.DeleteOptions{})
|
err := kcl.cli.CoreV1().Secrets(namespace).Delete(context.TODO(), registrySecretName(registry), metav1.DeleteOptions{})
|
||||||
if err != nil && !k8serrors.IsNotFound(err) {
|
if err != nil && !k8serrors.IsNotFound(err) {
|
||||||
return errors.Wrap(err, "failed removing secret")
|
return errors.Wrap(err, "failed removing secret")
|
||||||
}
|
}
|
||||||
|
|
@ -66,7 +67,7 @@ func (kcl *KubeClient) CreateRegistrySecret(registry *portainer.Registry, namesp
|
||||||
Type: v1.SecretTypeDockerConfigJson,
|
Type: v1.SecretTypeDockerConfigJson,
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = kcl.cli.CoreV1().Secrets(namespace).Create(secret)
|
_, err = kcl.cli.CoreV1().Secrets(namespace).Create(context.TODO(), secret, metav1.CreateOptions{})
|
||||||
if err != nil && !k8serrors.IsAlreadyExists(err) {
|
if err != nil && !k8serrors.IsAlreadyExists(err) {
|
||||||
return errors.Wrap(err, "failed saving secret")
|
return errors.Wrap(err, "failed saving secret")
|
||||||
}
|
}
|
||||||
|
|
@ -76,7 +77,7 @@ func (kcl *KubeClient) CreateRegistrySecret(registry *portainer.Registry, namesp
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cli *KubeClient) IsRegistrySecret(namespace, secretName string) (bool, error) {
|
func (cli *KubeClient) IsRegistrySecret(namespace, secretName string) (bool, error) {
|
||||||
secret, err := cli.cli.CoreV1().Secrets(namespace).Get(secretName, metav1.GetOptions{})
|
secret, err := cli.cli.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if k8serrors.IsNotFound(err) {
|
if k8serrors.IsNotFound(err) {
|
||||||
return false, nil
|
return false, nil
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
|
||||||
rbacv1 "k8s.io/api/rbac/v1"
|
rbacv1 "k8s.io/api/rbac/v1"
|
||||||
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
@ -34,10 +36,10 @@ func (kcl *KubeClient) upsertPortainerK8sClusterRoles() error {
|
||||||
Rules: getPortainerUserDefaultPolicies(),
|
Rules: getPortainerUserDefaultPolicies(),
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := kcl.cli.RbacV1().ClusterRoles().Create(clusterRole)
|
_, err := kcl.cli.RbacV1().ClusterRoles().Create(context.TODO(), clusterRole, metav1.CreateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if k8serrors.IsAlreadyExists(err) {
|
if k8serrors.IsAlreadyExists(err) {
|
||||||
_, err = kcl.cli.RbacV1().ClusterRoles().Update(clusterRole)
|
_, err = kcl.cli.RbacV1().ClusterRoles().Update(context.TODO(), clusterRole, metav1.UpdateOptions{})
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
v1 "k8s.io/api/core/v1"
|
||||||
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
|
|
||||||
"k8s.io/api/core/v1"
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -24,7 +24,7 @@ func (kcl *KubeClient) createServiceAccountToken(serviceAccountName string) erro
|
||||||
Type: "kubernetes.io/service-account-token",
|
Type: "kubernetes.io/service-account-token",
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := kcl.cli.CoreV1().Secrets(portainerNamespace).Create(serviceAccountSecret)
|
_, err := kcl.cli.CoreV1().Secrets(portainerNamespace).Create(context.TODO(), serviceAccountSecret, metav1.CreateOptions{})
|
||||||
if err != nil && !k8serrors.IsAlreadyExists(err) {
|
if err != nil && !k8serrors.IsAlreadyExists(err) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
@ -35,7 +35,7 @@ func (kcl *KubeClient) createServiceAccountToken(serviceAccountName string) erro
|
||||||
func (kcl *KubeClient) getServiceAccountToken(serviceAccountName string) (string, error) {
|
func (kcl *KubeClient) getServiceAccountToken(serviceAccountName string) (string, error) {
|
||||||
serviceAccountSecretName := userServiceAccountTokenSecretName(serviceAccountName, kcl.instanceID)
|
serviceAccountSecretName := userServiceAccountTokenSecretName(serviceAccountName, kcl.instanceID)
|
||||||
|
|
||||||
secret, err := kcl.cli.CoreV1().Secrets(portainerNamespace).Get(serviceAccountSecretName, metav1.GetOptions{})
|
secret, err := kcl.cli.CoreV1().Secrets(portainerNamespace).Get(context.TODO(), serviceAccountSecretName, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
@ -51,7 +51,7 @@ func (kcl *KubeClient) getServiceAccountToken(serviceAccountName string) (string
|
||||||
case <-timeout:
|
case <-timeout:
|
||||||
return "", errors.New("unable to find secret token associated to user service account (timeout)")
|
return "", errors.New("unable to find secret token associated to user service account (timeout)")
|
||||||
default:
|
default:
|
||||||
secret, err = kcl.cli.CoreV1().Secrets(portainerNamespace).Get(serviceAccountSecretName, metav1.GetOptions{})
|
secret, err = kcl.cli.CoreV1().Secrets(portainerNamespace).Get(context.TODO(), serviceAccountSecretName, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
|
||||||
portainer "github.com/portainer/portainer/api"
|
portainer "github.com/portainer/portainer/api"
|
||||||
v1 "k8s.io/api/core/v1"
|
v1 "k8s.io/api/core/v1"
|
||||||
rbacv1 "k8s.io/api/rbac/v1"
|
rbacv1 "k8s.io/api/rbac/v1"
|
||||||
|
|
@ -18,7 +20,7 @@ func (kcl *KubeClient) GetServiceAccount(tokenData *portainer.TokenData) (*v1.Se
|
||||||
}
|
}
|
||||||
|
|
||||||
// verify name exists as service account resource within portainer namespace
|
// verify name exists as service account resource within portainer namespace
|
||||||
serviceAccount, err := kcl.cli.CoreV1().ServiceAccounts(portainerNamespace).Get(portainerServiceAccountName, metav1.GetOptions{})
|
serviceAccount, err := kcl.cli.CoreV1().ServiceAccounts(portainerNamespace).Get(context.TODO(), portainerServiceAccountName, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
@ -73,7 +75,7 @@ func (kcl *KubeClient) createUserServiceAccount(namespace, serviceAccountName st
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := kcl.cli.CoreV1().ServiceAccounts(namespace).Create(serviceAccount)
|
_, err := kcl.cli.CoreV1().ServiceAccounts(namespace).Create(context.TODO(), serviceAccount, metav1.CreateOptions{})
|
||||||
if err != nil && !k8serrors.IsAlreadyExists(err) {
|
if err != nil && !k8serrors.IsAlreadyExists(err) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
@ -82,7 +84,7 @@ func (kcl *KubeClient) createUserServiceAccount(namespace, serviceAccountName st
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kcl *KubeClient) ensureServiceAccountHasPortainerUserClusterRole(serviceAccountName string) error {
|
func (kcl *KubeClient) ensureServiceAccountHasPortainerUserClusterRole(serviceAccountName string) error {
|
||||||
clusterRoleBinding, err := kcl.cli.RbacV1().ClusterRoleBindings().Get(portainerUserCRBName, metav1.GetOptions{})
|
clusterRoleBinding, err := kcl.cli.RbacV1().ClusterRoleBindings().Get(context.TODO(), portainerUserCRBName, metav1.GetOptions{})
|
||||||
if k8serrors.IsNotFound(err) {
|
if k8serrors.IsNotFound(err) {
|
||||||
clusterRoleBinding = &rbacv1.ClusterRoleBinding{
|
clusterRoleBinding = &rbacv1.ClusterRoleBinding{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
|
@ -101,7 +103,7 @@ func (kcl *KubeClient) ensureServiceAccountHasPortainerUserClusterRole(serviceAc
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := kcl.cli.RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
|
_, err := kcl.cli.RbacV1().ClusterRoleBindings().Create(context.TODO(), clusterRoleBinding, metav1.CreateOptions{})
|
||||||
return err
|
return err
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -119,14 +121,14 @@ func (kcl *KubeClient) ensureServiceAccountHasPortainerUserClusterRole(serviceAc
|
||||||
Namespace: portainerNamespace,
|
Namespace: portainerNamespace,
|
||||||
})
|
})
|
||||||
|
|
||||||
_, err = kcl.cli.RbacV1().ClusterRoleBindings().Update(clusterRoleBinding)
|
_, err = kcl.cli.RbacV1().ClusterRoleBindings().Update(context.TODO(), clusterRoleBinding, metav1.UpdateOptions{})
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kcl *KubeClient) removeNamespaceAccessForServiceAccount(serviceAccountName, namespace string) error {
|
func (kcl *KubeClient) removeNamespaceAccessForServiceAccount(serviceAccountName, namespace string) error {
|
||||||
roleBindingName := namespaceClusterRoleBindingName(namespace, kcl.instanceID)
|
roleBindingName := namespaceClusterRoleBindingName(namespace, kcl.instanceID)
|
||||||
|
|
||||||
roleBinding, err := kcl.cli.RbacV1().RoleBindings(namespace).Get(roleBindingName, metav1.GetOptions{})
|
roleBinding, err := kcl.cli.RbacV1().RoleBindings(namespace).Get(context.TODO(), roleBindingName, metav1.GetOptions{})
|
||||||
if k8serrors.IsNotFound(err) {
|
if k8serrors.IsNotFound(err) {
|
||||||
return nil
|
return nil
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
|
|
@ -143,14 +145,14 @@ func (kcl *KubeClient) removeNamespaceAccessForServiceAccount(serviceAccountName
|
||||||
|
|
||||||
roleBinding.Subjects = updatedSubjects
|
roleBinding.Subjects = updatedSubjects
|
||||||
|
|
||||||
_, err = kcl.cli.RbacV1().RoleBindings(namespace).Update(roleBinding)
|
_, err = kcl.cli.RbacV1().RoleBindings(namespace).Update(context.TODO(), roleBinding, metav1.UpdateOptions{})
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kcl *KubeClient) ensureNamespaceAccessForServiceAccount(serviceAccountName, namespace string) error {
|
func (kcl *KubeClient) ensureNamespaceAccessForServiceAccount(serviceAccountName, namespace string) error {
|
||||||
roleBindingName := namespaceClusterRoleBindingName(namespace, kcl.instanceID)
|
roleBindingName := namespaceClusterRoleBindingName(namespace, kcl.instanceID)
|
||||||
|
|
||||||
roleBinding, err := kcl.cli.RbacV1().RoleBindings(namespace).Get(roleBindingName, metav1.GetOptions{})
|
roleBinding, err := kcl.cli.RbacV1().RoleBindings(namespace).Get(context.TODO(), roleBindingName, metav1.GetOptions{})
|
||||||
if k8serrors.IsNotFound(err) {
|
if k8serrors.IsNotFound(err) {
|
||||||
roleBinding = &rbacv1.RoleBinding{
|
roleBinding = &rbacv1.RoleBinding{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
|
@ -169,7 +171,7 @@ func (kcl *KubeClient) ensureNamespaceAccessForServiceAccount(serviceAccountName
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = kcl.cli.RbacV1().RoleBindings(namespace).Create(roleBinding)
|
_, err = kcl.cli.RbacV1().RoleBindings(namespace).Create(context.TODO(), roleBinding, metav1.CreateOptions{})
|
||||||
return err
|
return err
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -187,6 +189,6 @@ func (kcl *KubeClient) ensureNamespaceAccessForServiceAccount(serviceAccountName
|
||||||
Namespace: portainerNamespace,
|
Namespace: portainerNamespace,
|
||||||
})
|
})
|
||||||
|
|
||||||
_, err = kcl.cli.RbacV1().RoleBindings(namespace).Update(roleBinding)
|
_, err = kcl.cli.RbacV1().RoleBindings(namespace).Update(context.TODO(), roleBinding, metav1.UpdateOptions{})
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
portainer "github.com/portainer/portainer/api"
|
portainer "github.com/portainer/portainer/api"
|
||||||
|
|
@ -39,11 +40,11 @@ func Test_GetServiceAccount(t *testing.T) {
|
||||||
Name: tokenData.Username,
|
Name: tokenData.Username,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
_, err := k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(serviceAccount)
|
_, err := k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("failed to create service acount; err=%s", err)
|
t.Errorf("failed to create service acount; err=%s", err)
|
||||||
}
|
}
|
||||||
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(serviceAccount.Name, nil)
|
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(context.Background(), serviceAccount.Name, metav1.DeleteOptions{})
|
||||||
|
|
||||||
sa, err := k.GetServiceAccount(tokenData)
|
sa, err := k.GetServiceAccount(tokenData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -72,11 +73,11 @@ func Test_GetServiceAccount(t *testing.T) {
|
||||||
Name: serviceAccountName,
|
Name: serviceAccountName,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
_, err := k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(serviceAccount)
|
_, err := k.cli.CoreV1().ServiceAccounts(portainerNamespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("failed to create service acount; err=%s", err)
|
t.Errorf("failed to create service acount; err=%s", err)
|
||||||
}
|
}
|
||||||
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(serviceAccount.Name, nil)
|
defer k.cli.CoreV1().ServiceAccounts(portainerNamespace).Delete(context.Background(), serviceAccount.Name, metav1.DeleteOptions{})
|
||||||
|
|
||||||
sa, err := k.GetServiceAccount(tokenData)
|
sa, err := k.GetServiceAccount(tokenData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
package kubernetes
|
package kubernetes
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"log"
|
"log"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/portainer/portainer/api/kubernetes/cli"
|
|
||||||
|
|
||||||
portainer "github.com/portainer/portainer/api"
|
portainer "github.com/portainer/portainer/api"
|
||||||
|
"github.com/portainer/portainer/api/kubernetes/cli"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/client-go/kubernetes"
|
"k8s.io/client-go/kubernetes"
|
||||||
)
|
)
|
||||||
|
|
@ -33,7 +33,7 @@ func (snapshotter *Snapshotter) CreateSnapshot(endpoint *portainer.Endpoint) (*p
|
||||||
}
|
}
|
||||||
|
|
||||||
func snapshot(cli *kubernetes.Clientset, endpoint *portainer.Endpoint) (*portainer.KubernetesSnapshot, error) {
|
func snapshot(cli *kubernetes.Clientset, endpoint *portainer.Endpoint) (*portainer.KubernetesSnapshot, error) {
|
||||||
res := cli.RESTClient().Get().AbsPath("/healthz").Do()
|
res := cli.RESTClient().Get().AbsPath("/healthz").Do(context.TODO())
|
||||||
if res.Error() != nil {
|
if res.Error() != nil {
|
||||||
return nil, res.Error()
|
return nil, res.Error()
|
||||||
}
|
}
|
||||||
|
|
@ -65,7 +65,7 @@ func snapshotVersion(snapshot *portainer.KubernetesSnapshot, cli *kubernetes.Cli
|
||||||
}
|
}
|
||||||
|
|
||||||
func snapshotNodes(snapshot *portainer.KubernetesSnapshot, cli *kubernetes.Clientset) error {
|
func snapshotNodes(snapshot *portainer.KubernetesSnapshot, cli *kubernetes.Clientset) error {
|
||||||
nodeList, err := cli.CoreV1().Nodes().List(metav1.ListOptions{})
|
nodeList, err := cli.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue