From a7102ec60fc00896351c661b130cf381504fa6fd Mon Sep 17 00:00:00 2001 From: David Garcia Date: Wed, 22 Jul 2020 17:56:12 +0200 Subject: [PATCH] Get the kubeconfig credentials from MongoDB This the previous approach, the kubeconfig was gotten from the filesystem, which has issues scaling the LCM, because the kubeconfig was only present in the pod that had initialized the environment. The kubeconfig is stored in Mongo, and this commit basically gets the config from there, so it doesn't matter which LCM needs access to it. Change-Id: I80458db5124122a4b7b3eb3a9b00cb4a4add11ff Signed-off-by: David Garcia --- n2vc/k8s_juju_conn.py | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/n2vc/k8s_juju_conn.py b/n2vc/k8s_juju_conn.py index 8cdf388..808201d 100644 --- a/n2vc/k8s_juju_conn.py +++ b/n2vc/k8s_juju_conn.py @@ -683,7 +683,16 @@ class K8sJujuConnector(K8sConnector): ) -> list: """Return a list of services of a kdu_instance""" - config_file = self.get_config_file(cluster_uuid=cluster_uuid) + credentials = self.get_credentials(cluster_uuid=cluster_uuid) + + config_path = "/tmp/{}".format(cluster_uuid) + config_file = "{}/config".format(config_path) + + if not os.path.exists(config_path): + os.makedirs(config_path) + with open(config_file, "w") as f: + f.write(credentials) + kubectl = Kubectl(config_file=config_file) return kubectl.get_services( field_selector="metadata.namespace={}".format(kdu_instance) @@ -694,7 +703,16 @@ class K8sJujuConnector(K8sConnector): ) -> object: """Return data for a specific service inside a namespace""" - config_file = self.get_config_file(cluster_uuid=cluster_uuid) + credentials = self.get_credentials(cluster_uuid=cluster_uuid) + + config_path = "/tmp/{}".format(cluster_uuid) + config_file = "{}/config".format(config_path) + + if not os.path.exists(config_path): + os.makedirs(config_path) + with open(config_file, "w") as f: + f.write(credentials) + kubectl = Kubectl(config_file=config_file) return kubectl.get_services( @@ -851,11 +869,23 @@ class K8sJujuConnector(K8sConnector): if "already exists" not in stderr: raise Exception(stderr) - def get_config_file(self, cluster_uuid: str) -> str: + def get_credentials(self, cluster_uuid: str) -> str: """ - Get Cluster Kubeconfig location + Get Cluster Kubeconfig """ - return "{}/{}/.kube/config".format(self.fs.path, cluster_uuid) + k8scluster = self.db.get_one( + "k8sclusters", q_filter={"_id": cluster_uuid}, fail_on_empty=False + ) + + self.db.encrypt_decrypt_fields( + k8scluster.get("credentials"), + "decrypt", + ["password", "secret"], + schema_version=k8scluster["schema_version"], + salt=k8scluster["_id"], + ) + + return yaml.safe_dump(k8scluster.get("credentials")) def get_config(self, cluster_uuid: str,) -> dict: """Get the cluster configuration -- 2.25.1