diff options
author | Kamil TrzciĆski <ayufan@ayufan.eu> | 2016-12-20 13:34:29 +0300 |
---|---|---|
committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-12-21 16:39:59 +0300 |
commit | f99d71c490dc31dbddb8a620f3353d6ef2e9b27f (patch) | |
tree | 8441b6c99ec6662aede3ba00aa17faa81dcd823f /lib | |
parent | 748ed92d919d09bad2267877086d1180aa014f32 (diff) |
Merge branch '22864-kubernetes-deploy-with-terminal' into 'master'
Add online terminal support for Kubernetes
## What does this MR do?
Gives terminal access to kubernetes-deployed environments via the deployment service
## Are there points in the code the reviewer needs to double check?
## Why was this MR needed?
Part of idea to production
## Screenshots (if relevant)
### `/root/reviewing/environments`
![Screen_Shot_2016-12-15_at_19.10.40](/uploads/bd2c54c07b6c85dec3328a20cd185b64/Screen_Shot_2016-12-15_at_19.10.40.png)
### `/root/reviewing/environments/10013`
![Screen_Shot_2016-12-19_at_12.52.39](/uploads/db4e4e06cda88437e8727433d65898b9/Screen_Shot_2016-12-19_at_12.52.39.png)
### `/root/reviewing/enviroments/10013/terminal`
![Screen_Shot_2016-12-15_at_02.35.52](/uploads/1bb77b7e2de2c657ae3bda62dc4f0970/Screen_Shot_2016-12-15_at_02.35.52.png)
## Does this MR meet the acceptance criteria?
- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- Tests
- [X] Added for this feature/bug
- [x] All builds are passing
- [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
* Closes #22864 #22958
* Alternative to, and somewhat based on, !6770
* Depends on https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/83
See merge request !7690
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/kubernetes.rb | 80 | ||||
-rw-r--r-- | lib/gitlab/workhorse.rb | 13 |
2 files changed, 93 insertions, 0 deletions
diff --git a/lib/gitlab/kubernetes.rb b/lib/gitlab/kubernetes.rb new file mode 100644 index 00000000000..288771c1c12 --- /dev/null +++ b/lib/gitlab/kubernetes.rb @@ -0,0 +1,80 @@ +module Gitlab + # Helper methods to do with Kubernetes network services & resources + module Kubernetes + # This is the comand that is run to start a terminal session. Kubernetes + # expects `command=foo&command=bar, not `command[]=foo&command[]=bar` + EXEC_COMMAND = URI.encode_www_form( + ['sh', '-c', 'bash || sh'].map { |value| ['command', value] } + ) + + # Filters an array of pods (as returned by the kubernetes API) by their labels + def filter_pods(pods, labels = {}) + pods.select do |pod| + metadata = pod.fetch("metadata", {}) + pod_labels = metadata.fetch("labels", nil) + next unless pod_labels + + labels.all? { |k, v| pod_labels[k.to_s] == v } + end + end + + # Converts a pod (as returned by the kubernetes API) into a terminal + def terminals_for_pod(api_url, namespace, pod) + metadata = pod.fetch("metadata", {}) + status = pod.fetch("status", {}) + spec = pod.fetch("spec", {}) + + containers = spec["containers"] + pod_name = metadata["name"] + phase = status["phase"] + + return unless containers.present? && pod_name.present? && phase == "Running" + + created_at = DateTime.parse(metadata["creationTimestamp"]) rescue nil + + containers.map do |container| + { + selectors: { pod: pod_name, container: container["name"] }, + url: container_exec_url(api_url, namespace, pod_name, container["name"]), + subprotocols: ['channel.k8s.io'], + headers: Hash.new { |h, k| h[k] = [] }, + created_at: created_at, + } + end + end + + def add_terminal_auth(terminal, token, ca_pem = nil) + terminal[:headers]['Authorization'] << "Bearer #{token}" + terminal[:ca_pem] = ca_pem if ca_pem.present? + terminal + end + + def container_exec_url(api_url, namespace, pod_name, container_name) + url = URI.parse(api_url) + url.path = [ + url.path.sub(%r{/+\z}, ''), + 'api', 'v1', + 'namespaces', ERB::Util.url_encode(namespace), + 'pods', ERB::Util.url_encode(pod_name), + 'exec' + ].join('/') + + url.query = { + container: container_name, + tty: true, + stdin: true, + stdout: true, + stderr: true, + }.to_query + '&' + EXEC_COMMAND + + case url.scheme + when 'http' + url.scheme = 'ws' + when 'https' + url.scheme = 'wss' + end + + url.to_s + end + end +end diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb index aeb1a26e1ba..d28bb583fe7 100644 --- a/lib/gitlab/workhorse.rb +++ b/lib/gitlab/workhorse.rb @@ -95,6 +95,19 @@ module Gitlab ] end + def terminal_websocket(terminal) + details = { + 'Terminal' => { + 'Subprotocols' => terminal[:subprotocols], + 'Url' => terminal[:url], + 'Header' => terminal[:headers] + } + } + details['Terminal']['CAPem'] = terminal[:ca_pem] if terminal.has_key?(:ca_pem) + + details + end + def version path = Rails.root.join(VERSION_FILE) path.readable? ? path.read.chomp : 'unknown' |