doriordan / skuber Goto Github PK
View Code? Open in Web Editor NEWA Scala Kubernetes client library
License: Apache License 2.0
A Scala Kubernetes client library
License: Apache License 2.0
It looks like this is a simple copy/past error, it prevents RoleBinding from being serialized, instead of ResourceDefintion[RoleBinding], the file RoleBinding.scala contain a implicit for ResourceDefintion[Role]
implicit val roleDef = new ResourceDefinition[Role] {
def spec = NonCoreResourceSpecification (
group=Some("rbac.authorization.k8s.io"),
version="v1beta1",
scope = Scope.Namespaced,
names=Names(
plural = "rolebindings",
singular = "rolebinding",
kind = "RoleBinding",
shortNames = Nil
)
)
}
}
10:45:35.680 INFO [ { reqId=7765733c-2d5a-41b2-b69b-8a9b1ceeabe4} } - creating watch on resource
$name of kind $ {rd.spec.names.kind}]
client/src/main/scala/skuber/api/Watch.scala:39
context.logInfo(context.logConfig.logRequestBasic, "creating watch on resource $name of kind ${rd.spec.names.kind}")
missing a 's' at the start of the string:
I've used the SKUBER_CONFIG env para to call the k8s from outside, which succeeded but not safe .Now I need to call the k8s api-server internally with the SKUBERCONFIG, according to the guide, it will read config from ~/.kube/config , which means I should have a config there or I can generate one, but it might need some modifications if I use my app in different k8s env, which means it is not that generic.
In official go SDK, it read the config and the credential info from another path which you can see as follows:
host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")
if len(host) == 0 || len(port) == 0 {
return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
}
token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountTokenKey)
if err != nil {
return nil, err
}
tlsClientConfig := TLSClientConfig{}
rootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountRootCAKey
if _, err := crypto.CertPoolFromFile(rootCAFile); err != nil {
glog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err)
} else {
tlsClientConfig.CAFile = rootCAFile
}
return &Config{
// TODO: switch to using cluster DNS.
Host: "https://" + net.JoinHostPort(host, port),
BearerToken: string(token),
TLSClientConfig: tlsClientConfig,
}, nil
}```
I hope I didnt make anything wrong, and can you give an example of calling the k8s-server api with tls without specific configuration?Thanks!
Can I know when there will be support for scala 2.12
Currently the DeleteOptions implementation doesn't support setting propagationPolicy or preconditions, which were added since it was implemented. These settings can be useful (especially propagationPolicy) so should be supported.
(It also doesn't support orphanDependents but that is deprecated in favour of propagationPolicy so no point in implementing support for it now)
I've looked through the repository for the pod backoff limit setting but it looks like it isn't implemented. Is there another way to configure it?
Thanks!
Add support for pod affinity and anti-affinity in pod specifications
See test and implementation in #36
Would like ability to query for resources according to labels, per the labelSelector
query parameter provided by the kube REST API, document here:
https://kubernetes.io/docs/user-guide/labels/
I've trawled through the skuber source and can't find a way to access a pod's logs as described here:
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#-strong-misc-operations-strong--71
Am I missing something or does skuber not support this currently?
Thanks,
Trevor
What is the proper usage for the partiallyUpdate
method, which performs an HTTP PATCH
on the passed object with the standard rendering?
For example, the PATCH call to scale a Deployment (e.g., to 8 instances) simply involves passing the payload:
{"spec": {"replicas": 8}}
Because most objects have a mandatory metadata: ObjectMeta
field, this will always be constructed, rendered and passed as part of the PATCH
request body. The minimal PATCH construction seems to be this:
sk8.partiallyUpdate[Deployment](Deployment("test-depl").withReplicas(8))
for which the corresponding payload is:
{
"kind": "Deployment",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "test-depl",
"namespace": "default"
},
"spec": {
"replicas": 8
}
}
The good news is that this, according to my manual testing against Kube 1.5.5, seems to work. I was wondering what the thoughts were on this, and whether it was worthwhile checking in some examples and/or tests to document and/or protect this.
I'm running a build from a clone of the skuber repo and see the following when trying to list pods in a specific namespace:
[INFO] [05/14/2018 13:46:19.771] [main] [skuber.api] [ { reqId=bcb42ba3-da57-4b56-8241-cf6b55539ed6} } - about to send HTTP request: GET https://10.167.120.125:6443/api/v1/namespaces/alan/pods]
[INFO] [05/14/2018 13:46:20.323] [k8sclient-akka.actor.default-dispatcher-3] [skuber.api] [ { reqId=bcb42ba3-da57-4b56-8241-cf6b55539ed6} } - received response with HTTP status 200]
Error listing pods in 'alan' namespace: JsResultException(errors:List((,List(JsonValidationError(List(Unknown toleration effect 'NoExecute'),WrappedArray())))))
I see that the NoSchedule and PreferNoSchedule taints are handled, but not NoExecute. It looks like straightforward changes are required to:
./client/src/main/scala/skuber/json/package.scala
./client/src/main/scala/skuber/Pod.scala
./client/src/test/scala/skuber/json/NodeFormatSpec.scala
I'd offer to fix it but by the time I get the legal team at Oracle to approve a contributor request, we'll all have retired :)
When do you plan to add support for Jobs?
Thanks
It would be very handy if Skuber could support the NetworkPolicy resource type.
Stateful spec is missing multiple (optional but useful) spec and status fields such as revisionHistoryLimit, currentReplicas, PodManagementPolicy, UpdateStrategy and some others.
Also StatefulSet.Spec.templates
field is defined as an Option
type, but the template is mandatory per k8s API definition of StatefulSet
The Kubernetes API supports various patch strategies, none of which are currently supported by Skuber but would be useful for some use cases.
This would be a fairly large enhancement and seems to be in the nice-to-have category, so it is unlikely I will work on it anytime soon but if someone wants to work on a PR for this let me know.
The latest Kubernetes versions have some fields across several Volume Source types that are missing from the corresponding Skuber model. In particular, the following fields need to be added:
Git repo: directory
Secret: defaultMode and optional
Config Map: defaultMode and optional
Empty Dir: size limit
Hostpath: type
ISCSI: portals
Currently if no SKUBER environment variables are set then the client doesn't utilise any kubeconfig file for configuration - intead it creates a simple configuration to access the cluster via localhost:8080.
This made sense in the early days for Skuber before it had full support for kubeconfig files, so clients used a local kubectl proxy to access the cluster.
However support for kubeconfig has been implemented in Skuber for a long time now, and I believe the default should now be aligned with that used by other clients (such as kubectl) i.e. to read from the kubeconfig file in the default location.
I plan to get this (simple) change into the next release of Skuber, unless convinced otherwise.
Documenting as an issue to give users a heads-up in case this impacts how they use Skuber
I think there were some errors during the release of 2.0.5
After downloading from central-maven
The jar does not contain the /skuber/Pod$Toleration* classes, which is available in the git tag v2.0.5
In several places Skuber requires passing an ActorMaterializer while less specific Materializer would be fine.
When attempting to scale a deployment to zero instances, the replicas
field is neglected from the JSON output, resulting in the deployment being scaled to (default) 1 instance.
The reason is that the Format[Deployment]
is configured to treat replicas
as formatMaybeInt()
, which uses zero as a indicator value for a missing argument.
I'm going to push a branch with a documenting test, but I'd appreciate some feedback from @doriordan (or anyone) as to the preferred approach to solve the issue (this specific issue with Deployment, and the issue in general). My inclination is to modify formatMaybeInt
to use a different sentinel value (maybe -1? that feels like kicking the can down the road...)
When testing against Kubernetes 1.5.1 an exception is thrown when parsing responses that contain list kinds if the list is empty. This is because the 'items' field is now null in that case, whereas in previous Kubernetes releases it was an empty array.
Currently when scaling, the forExtensionsAPI
is forced to false. This should be determined instead by the Kind type class passed to buildRequest.
Error because of this issue:
Request DefaultHttpRequest(chunked: false)
PUT /api/extensions/v1beta1/namespaces/default/deployments/testing-worker/scale HTTP/1.1
Content-Type: application/json
Content-Length: 127
Connection: keep-alive
Host: 192.168.64.2:8443
Accept: */*
User-Agent: AHC/1.0
Response DefaultHttpResponse(chunked: false)
HTTP/1.1 404 Not Found
Content-Type: application/json
Date: Thu, 06 Apr 2017 03:41:02 GMT
Content-Length: 174
The path should be:
/apis/extensions/v1beta1/namespaces/default/deployments/testing-worker/scale
David,
My team would like to use skuber in a project we're building and it would be very helpful if we could download the package via Bintray's Jcenter/maven repository. Looking at JFrog Bintray, it appears that you can link your package by clicking on the "Include My Package" button somewhere.
Is this something you would be open to doing?
Thanks,
Cory
Hi! I have a hard time trying to list all pods from all namespaces in my cluster.
I’m using a long-lived watchAll subscription to get all pod updates within a namespace.
If the underlying connection dies, I’d like to restart the watchAll from the latest resourceVersion.
However, it seems the resourceVersion I get from object.metadata in WatchEvents is not the same kind of version identifier used in the sinceResourceVersion of watchAll queries.
Is there a way of achieving my dream of a resilient watchAll subscription?
Per kubernetes/kubernetes#44339, by default, NodeAffinity is not supported in Kube 1.6+ as annotations. Instead, they are bonafide properties on the Pod spec. In order to support default cluster configurations, I propose that we add .affinity
to Pod.Spec
.
I'm working on a merge request right now.
I am trying to use my own configuration with k8sInit
but i keep getting this exception
[com.typesafe.sslconfig.ssl.DefaultHostnameVerifier] - verify: Certificate does not match hostname! subjectAltNames = [[2, docker-for-desktop], [2, kubernetes], [2, kubernetes.default], [2, kubernetes.default.svc], [2, kubernetes.default.svc.cluster.local], [7, 10.96.0.1], [7, 192.168.65.3]], hostName = localhost Cause: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found.
Any idea?
(Impacts v2.0.1 only) Setting propagationPolicy in DeleteOptions has no impact due to typo in its json formatter
Docker EE Kubernetes utilizes elliptic curve cryptography, requiring (at least) the ability to parse EC private keys.
I'm adding support this to skuber right now (pull request #127 has a documenting test). There are some arguments in TLS#getKeyManagers
anticipating different types of private keys, but they're not used. The feedback I'd like is whether to use arguments (which presumably require some hint from the skuber user) or to try to autodetect the key type. Any opinion on this, @doriordan ?
These factory methods/vals on the Configuration
object:
useLocalProxyDefault
useLocalProxyOnPort
useProxyAt
return incorrect configurations which do not use the requested proxy address
A side-effect of this is that the SKUBER_URL
environment variable is not correctly used.
Note - only impacts 2.x version.
The ConigMapVolumeSource class is missing the defaultMode field (see https://kubernetes.io/docs/api-reference/v1.8/#configmapvolumesource-v1-core)
If an incorrect path is specified for the kubeconfig file then a NoSuchFileException is thrown in the following:
def parseKubeconfigFile(path: Path = Paths.get(System.getProperty("user.home"),".kube",
"config")) : Try[Configuration] = {
parseKubeconfigStream(Files.newInputStream(path))
}
As this returns a Try[Configuration] it this should instead construct an appropriate Failure rather than simply throwing an exception
As far as I can tell there is no support for PodPreset:
https://kubernetes.io/docs/tasks/inject-data-application/podpreset/
Could this be added please?
When trying to use the following construct to look up a Rolebinding:
val roleBindingAlreadyCreated = k8s
.listInNamespace[RoleBindingList](nameOfNamespace)
.map(_.contains(roleBinding.metadata.name))
I got a compile error of a missing implicit, that I think should look something like this in Rolebinding.scala
implicit val roleListDef = new ResourceDefinition[RoleBindingList] { def spec = specification }
I'm trying to use the Job
type but whenever I try to create one I'm getting this error:
No Json formatter found for type skuber.batch.Job. Try to implement an implicit Format for this type.
I've imported the skuber.json.format._
package. Is there some other package I'm missing?
Logging in the examples
subproject has a couple of config/build issues:
src\main\resources
directory in the subproject.The examples build needs to be updated to include the Akka sl4j and logback-classic logging libraries, and the application.conf
and logback.xml
files should be in the examples
resources directory.
Hi!
Are there any plans to support play 2.5? skuber 1.3 is not compatible with it.
Event watches are by their very nature long-lived, but at present they fail if there are no event messages within a minute:
akka.actor.Status$Failure Failure(akka.stream.scaladsl.TcpIdleTimeoutException: TCP idle-timeout encountered on connection to [10.167.120.125:6443], no bytes passed in the last 1 minute)
The default timeout should be infinite, but I'm also not sure how you would override it with the current implementation.
StatefulSets are very useful and the only way to perform certain tasks. Skuber should support them.
Is there and support for auth-providers suchs gcp?
auth-provider:
config:
cmd-args: config config-helper --format=json
cmd-path: /Users/andrew/google-cloud-sdk/bin/gcloud
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
Approx line 335:
logInfo(logConfig.logResponseFullListResource, s" Unamrshalled list resource: ${result.toString}")
Unamrshalled => Unmarshalled
:)
In Container.scala:
terminationMessagePath: String = "/var/log/termination",
The default k8s termination path is /dev/termination-log
. The terminationMessagePath
parameter to the Container
constructor should default to the k8s default path, or even better, be made into an Option()
.
PersistentVolumes do not support namespaces, but Skuber tries to make a namespaced request when creating one:
Request DefaultHttpRequest(chunked: false)
POST /api/v1/namespaces/default/persistentvolumes HTTP/1.1
Content-Type: application/json
Content-Length: 223
Connection: keep-alive
Host: 192.168.99.100:8443
Accept: */*
User-Agent: AHC/1.0
Response DefaultHttpResponse(chunked: false)
HTTP/1.1 404 Not Found
Content-Type: application/json
Date: Sat, 25 Feb 2017 20:53:08 GMT
Content-Length: 174
Per the API documentation (and my own testing), path
is optional in an HTTPIngressPath.
However, skuber 1.3.0 treats skuber.ext.Ingress#Path#path
as a mandatory String
.
I'm working on a pull request that handles missing path
field from Kubernetes responses.
I'm writing an application with skuber that runs on K8s and creates/deploys other applications on k8s, e.g. my skuber code itself runs within k8s.
The current initialization expects a kubeconfig file setup, which is very hard to create inside a pod. I'm working on cobbling together some way of getting this to work but it's far from ideal.
Any pod running inside of k8s will have its service account, token, and client certificate mounted as files (see Accessing the API from a pod), which could be used by skuber to set up the connection instead of the kubeconfig.
I think this alternative "running side k8s" initialization strategy should be supported.
References:
Probe, at least the version implemented in the release_2.0 branch, is missing several important fields, e.g.:
The full spec is here: https://kubernetes.io/docs/api-reference/v1.8/#probe-v1-core
If I use kubctl to dump out all the node information I see this (trimmed):
"Items": [
"Status": {
"Capacity": {
"Allocatable": {
"Phase": "",
"Conditions": [
"Addresses": [
"DaemonEndpoints": {
"NodeInfo": {
"Images": [
"VolumesInUse"
"VolumesAttached"
If I look at the definition of Node.Status
, half of those are missing:
case class Status(
capacity: Resource.ResourceList=Map(),
phase: Option[Phase.Phase] = None,
conditions: List[Node.Condition] = List(),
addresses: List[Node.Address] = List(),
nodeInfo: Option[Node.SystemInfo] = None)
Runs fine locally, but PRs showing as red due to suddenly started failing on Travis for unknown reason.
Will disable test temporarily until fixed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.