Support third party resources of a given Kind #201
Comments
|
dup #5? Third party resources are normally not supported as they need a new code generation. We have a plan to split clients to generator and utilities so you can provide a specification for your new API group (through OpenAPI) and generate a client for it. you can do this with a little more work today. I may work on an example soon but feel free to give it a try (define an OpenAPI spec, run swagger-codegen to create a client, move API and Model classes to your code, fix import paths, etc.) |
|
@mbohlool ool thanks for this, however I'm still really lost on what to do but I need this urgently for my usecase, is it possible to give me an outline of what to do? Maybe some example or reference? I'd be glad to create a PR with my work once I have something working. Thanks. |
|
Hi @mbohlool with a bit of googling I've managed to create a simple swagger spec to list the resources and to get specific resources, I'm working on a way to manage git repositories from Kubernetes i.e. you can create repos as Kube resources and the controller creates a webhook mapped to a volume/pvc, when you git push the webhook is called a fresh pull is carried out and you can specify a post-pull command Here's the very simple output from swagger code-gen Could use some help with the following;
The swagger file The Thirdparty Resource spec and sample |
|
I think you are almost there. You need to add a watch flag to your get/list API calls. Again I never had any experience with Third Party Resources, but I assume they acting the same as other API objects in regard to watch. When you add watch flag, and make your API/Models work (make sure API object gets our api client with config already loaded in it), use the Watch class and pass your api object.func_name, plus parameters. I think with a little try and error you should be able to make it work. |
|
from the main swagger file, this is the parameter you need to add to your get/list calls (or just common parameters): to answer you second question, you need to copy models and apis class to your code, and make sure import paths are correct (import our configuration, our rest client, etc. instead of old relative ones in those files). then create api objects of your class and follow the watch example. In general the API class should create a Rest call similar to what normally happening for API objects, if you follow that path, (enable debug in configuration) you should be able to make it work. Sorry I don't have time to work on this right now, but I will try to give you as much help as I can. |
|
@mbohlool I've made progress, and merged my apis classes and models classes into a fork of client-python here https://github.com/jonathan-kosgei/client-python I'm running the following example code (inside a pod) with the following error I've created a special serviceaccount for this pod with a priveleged clusterrole like so |
|
Why don't you start simple with minikube ok local cluster and use
config.load_config for now.
…On Apr 28, 2017 3:00 AM, "Jonathan Kosgei" ***@***.***> wrote:
@mbohlool <https://github.com/mbohlool> I've made progress, and merged my
apis classes and models classes into a fork of client-python here
https://github.com/jonathan-kosgei/client-python
I'm running the following example code with the following error
from __future__ import print_function
import time
import kubernetes.client
from kubernetes.client.rest import ApiException
from pprint import pprint
with open('/var/run/secrets/kubernetes.io/serviceaccount/token', 'r') as token_file:
token=token_file.read()
kubernetes.client.configuration.api_key['authorization'] = token
kubernetes.client.configuration.api_key_prefix['authorization'] = 'Bearer'
kubernetes.client.configuration.host = 'https://kubernetes.default.svc'
kubernetes.client.configuration.ssl_ca_cert = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
api_instance = kubernetes.client.DefaultApi()
watch = True # bool | Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. (optional)
try:
# Gets Repos
api_response = api_instance.repos_get(watch=watch)
pprint(api_response)
except ApiException as e:
print("Exception when calling DefaultApi->repos_get: %s\n" % e)
Exception when calling DefaultApi->repos_get: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Date': 'Fri, 28 Apr 2017 09:56:18 GMT', 'Content-Length': '57', 'Content-Type': 'text/plain', 'X-Content-Type-Options': 'nosniff'})
HTTP response body: User "system:anonymous" cannot get at the cluster scope
I've created a special serviceaccount for this pod with a priveleged
clusterrole like so
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-repo
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kube-repo
namespace: default
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kube-repo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-repo
subjects:
- kind: ServiceAccount
name: kube-repo
namespace: default
---
apiVersion: v1
kind: Pod
metadata:
name: kubeRepo
namespace: default
spec:
containers:
- name: kubeRepo
image: kubeRepo:latest
imagePullPolicy: Always
serviceAccountName: kube-repo
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#201 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABic4GK_iF7UMIMO9uLeK0IL29o1ZfQBks5r0biogaJpZM4NIikK>
.
|
It works with load_kube_config :) Watching also works, I just need to figure out what's up with the config using the token. I'd tested it before on other endpoints with the bearer token and the ca file and it was able to watch pods, list other resources successfully. It's not convenient to copy files and modify paths with every update, so I'm thinking of adding my spec file to the larger swagger spec file on this repo and running code-gen on that Getting a specific repo also works |
|
Testing the token with basic requests code also works, whatever issue is with the configuration or something, check this out The above returns successfully |
|
Got it to work :) , I hadn't set it up to pass the bearer token for the above requests, which is why it gave the user as |
|
Spoke too soon..Having trouble with watching i.e. I see no output when I create/delete objects, I'm using the example on watching on a namespace object in this repos README and I'm testing the following code I create/delete a repo resource while the above is still running. |
|
that watch line should be something like: for event in w.stream(api_instance.apis_git_k8s_com_v1_repos_get, _request_timeout=60): |
|
Awesome it worked. Can't believe it worked :) I made it generic https://github.com/jonathan-kosgei/kubeResource , the client there can monitor any third party resource. I could convert the paths to json, add them to the main swagger.json file and make a pull request? I haven't added support for all the available paths provided for third party resources though it'd be easy to do. Top to bottom working sample: |
|
@jonathan-kosgei "add them to the main swagger.json file and make a pull request" 👍 +1 |
|
@jonathan-kosgei Nice. Should we do code generation for each new third party resource as their spec is differ from each other? Also keep in mind that swagger.json file is overwritten by each version of kubernetes, so you can't just add it to the file. But I would like to understand this more as it would be a very cool feature for the client. Can you explain it, maybe, in a tutorial like document? |
|
@jonathan-kosgei OK. I spoke too soon. I see what you did there. I would love to see a pull request for this. Some notes:
You can start the PR and we can go deeper to make this a natural part of the client. Thanks for doing this. |
|
The json for the watch paths is here: I've looked at |
|
Do the injection in its own appropriately named function and call it in process_swagger function. look at update-client.sh file too, I suggest you add a post-processing step using ged/find to rename the api call to something more readable. This is amazing. Thanks for contribution. |
|
Instead of (or in addition to) post-processing the api name, we can also add a package under kubernetes (maybe call it |
|
Hi @mbohlool , happy to contribute :) , I've fixed the names somewhat, hope it works and made a preliminary pull request. Only watching and getting single resources is supported so far, will add support for the other endpoints. On testing the I added the following to the pom.xml file and tried again but it failed with the same error |
|
ahh. The problem is we were relying on snapshot version of swagger-codgen (you needed to build it locally). I've fixed that in #213. After that merged, you should be able to update client. Let me know if that fixed your problem. |
|
Hi @mbohlool I've added put/delete and create https://github.com/jonathan-kosgei/kubeResource |
mbohlool
changed the title
…_obj_fix FileOrData: Handle None object
Hi,
Thanks for this! This does exactly what I need. I am however very lost on how to handle the following use case
I've created a new thirdparty resource of eg. type
databaseHow do I watch the
/apis/database.k8s.com/v1/databasesendpoint to get events when a new resource of type database is created or deleted.I understand I'd have to sub-class one of the classes to create an endpoint? however I'm not sure which one?
Would appreciate any help with this.
Thanks.
The text was updated successfully, but these errors were encountered: