diff options
Diffstat (limited to 'lib/gitlab/kubernetes/kube_client.rb')
-rw-r--r-- | lib/gitlab/kubernetes/kube_client.rb | 72 |
1 files changed, 42 insertions, 30 deletions
diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb index 7c5525b982c..2110d586d30 100644 --- a/lib/gitlab/kubernetes/kube_client.rb +++ b/lib/gitlab/kubernetes/kube_client.rb @@ -19,7 +19,9 @@ module Gitlab apps: { group: 'apis/apps', version: 'v1' }, extensions: { group: 'apis/extensions', version: 'v1beta1' }, istio: { group: 'apis/networking.istio.io', version: 'v1alpha3' }, - knative: { group: 'apis/serving.knative.dev', version: 'v1alpha1' } + knative: { group: 'apis/serving.knative.dev', version: 'v1alpha1' }, + metrics: { group: 'apis/metrics.k8s.io', version: 'v1beta1' }, + networking: { group: 'apis/networking.k8s.io', version: 'v1' } }.freeze SUPPORTED_API_GROUPS.each do |name, params| @@ -33,7 +35,8 @@ module Gitlab end # Core API methods delegates to the core api group client - delegate :get_pods, + delegate :get_nodes, + :get_pods, :get_secrets, :get_config_map, :get_namespace, @@ -56,9 +59,7 @@ module Gitlab # RBAC methods delegates to the apis/rbac.authorization.k8s.io api # group client - delegate :create_cluster_role_binding, - :get_cluster_role_binding, - :update_cluster_role_binding, + delegate :update_cluster_role_binding, to: :rbac_client # RBAC methods delegates to the apis/rbac.authorization.k8s.io api @@ -70,9 +71,7 @@ module Gitlab # RBAC methods delegates to the apis/rbac.authorization.k8s.io api # group client - delegate :create_role_binding, - :get_role_binding, - :update_role_binding, + delegate :update_role_binding, to: :rbac_client # non-entity methods that can only work with the core client @@ -88,6 +87,14 @@ module Gitlab :update_gateway, to: :istio_client + # NetworkPolicy methods delegate to the apis/networking.k8s.io api + # group client + delegate :create_network_policy, + :get_network_policies, + :update_network_policy, + :delete_network_policy, + to: :networking_client + attr_reader :api_prefix, :kubeclient_options DEFAULT_KUBECLIENT_OPTIONS = { @@ -97,6 +104,31 @@ module Gitlab } }.freeze + def self.graceful_request(cluster_id) + { status: :connected, response: yield } + rescue *Gitlab::Kubernetes::Errors::CONNECTION + { status: :unreachable } + rescue *Gitlab::Kubernetes::Errors::AUTHENTICATION + { status: :authentication_failure } + rescue Kubeclient::HttpError => e + { status: kubeclient_error_status(e.message) } + rescue => e + Gitlab::ErrorTracking.track_exception(e, cluster_id: cluster_id) + + { status: :unknown_failure } + end + + # KubeClient uses the same error class + # For connection errors (eg. timeout) and + # for Kubernetes errors. + def self.kubeclient_error_status(message) + if message&.match?(/timed out|timeout/i) + :unreachable + else + :authentication_failure + end + end + # We disable redirects through 'http_max_redirects: 0', # so that KubeClient does not follow redirects and # expose internal services. @@ -125,19 +157,11 @@ module Gitlab end def create_or_update_cluster_role_binding(resource) - if cluster_role_binding_exists?(resource) - update_cluster_role_binding(resource) - else - create_cluster_role_binding(resource) - end + update_cluster_role_binding(resource) end def create_or_update_role_binding(resource) - if role_binding_exists?(resource) - update_role_binding(resource) - else - create_role_binding(resource) - end + update_role_binding(resource) end def create_or_update_service_account(resource) @@ -164,18 +188,6 @@ module Gitlab Gitlab::UrlBlocker.validate!(api_prefix, allow_local_network: false) end - def cluster_role_binding_exists?(resource) - get_cluster_role_binding(resource.metadata.name) - rescue ::Kubeclient::ResourceNotFoundError - false - end - - def role_binding_exists?(resource) - get_role_binding(resource.metadata.name, resource.metadata.namespace) - rescue ::Kubeclient::ResourceNotFoundError - false - end - def service_account_exists?(resource) get_service_account(resource.metadata.name, resource.metadata.namespace) rescue ::Kubeclient::ResourceNotFoundError |