Kubernetes/GCP GKE Aspects: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 63: | Line 63: | ||
done | done | ||
</pre> | </pre> | ||
== Authenticating to k8s with gcp creds in python == | |||
reference: https://github.com/googleapis/python-container/issues/6 | |||
so useful: | |||
<code> | |||
pip install kubernetes | |||
pip install google-api-python-client | |||
pip install google-cloud-container | |||
from google.cloud import container_v1 | |||
import google.auth | |||
import google.auth.transport.requests | |||
from kubernetes import client as kubernetes_client | |||
from tempfile import NamedTemporaryFile | |||
import base64 | |||
def check_k8s_client(): | |||
project_id = 'your-project-name' | |||
zone = 'us-central1-b' | |||
cluster_id = 'your-cluster-name' | |||
print('Attempting to init k8s client from cluster response.') | |||
container_client = container_v1.ClusterManagerClient() | |||
response = container_client.get_cluster(project_id, zone, cluster_id) | |||
credentials, project = google.auth.default( | |||
scopes=['https://www.googleapis.com/auth/cloud-platform']) | |||
creds, projects = google.auth.default() | |||
auth_req = google.auth.transport.requests.Request() | |||
creds.refresh(auth_req) | |||
configuration = kubernetes_client.Configuration() | |||
configuration.host = f'https://{response.endpoint}' | |||
with NamedTemporaryFile(delete=False) as ca_cert: | |||
ca_cert.write( | |||
base64.b64decode(response.master_auth.cluster_ca_certificate)) | |||
configuration.ssl_ca_cert = ca_cert.name | |||
configuration.api_key_prefix['authorization'] = 'Bearer' | |||
configuration.api_key['authorization'] = creds.token | |||
k8s_client = kubernetes_client.BatchV1Api( | |||
kubernetes_client.ApiClient(configuration)) | |||
ret = k8s_client.list_job_for_all_namespaces() | |||
print(ret) | |||
check_k8s_client() | |||
</code> | |||
Revision as of 14:24, 14 November 2022
Show nodes in each node pool:
gcloud container clusters list
export CLUSTERNAME=mycluster
export LOCATION=us-central1
for i in `gcloud container node-pools list --cluster ${CLUSTERNAME} --region ${LOCATION} | grep -v NAME | awk '{print $1}'`
do
echo $i ;
kubectl get node -l cloud.google.com/gke-nodepool=$i
done
cordon one node pool:
for i in `kns get no -l cloud.google.com/gke-nodepool=production-gcp-env-blue -o name` do echo $i #kubectl node cordon $i done
GKE Ingress Features
How do you get access to GCP Load Balancer features via kubernetes?
Via annotation and two CRDs:
- FrontEndConfig
- BackEndConfig
THIS IS ALWAYS CHANGING!!! :
https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
Script to check all ingresses for tls policy
#!/bin/sh
for namespace in `kubectl get ns -o name | cut -d \/ -f 2`
do
echo "namespace: $namespace"
for ingress in `kubectl get ingress -n $namespace -o name`
do
echo " ingress: $ingress"
for frontendconfig in `kubectl get $ingress -n $namespace -o json | jq -r '.metadata.annotations."networking.gke.io/v1beta1.FrontendConfig"'`
do
echo " frontendconfig: $frontendconfig"
if [[ $frontendconfig != "null" ]]
then
policy=`kubectl get frontendconfig $frontendconfig -n $namespace -o json | jq -r '.spec.sslPolicy'`
echo " sslPolicy: $policy"
fi
done
done
done
Authenticating to k8s with gcp creds in python
reference: https://github.com/googleapis/python-container/issues/6
so useful:
pip install kubernetes
pip install google-api-python-client
pip install google-cloud-container
from google.cloud import container_v1
import google.auth
import google.auth.transport.requests
from kubernetes import client as kubernetes_client
from tempfile import NamedTemporaryFile
import base64
def check_k8s_client():
project_id = 'your-project-name'
zone = 'us-central1-b'
cluster_id = 'your-cluster-name'
print('Attempting to init k8s client from cluster response.')
container_client = container_v1.ClusterManagerClient()
response = container_client.get_cluster(project_id, zone, cluster_id)
credentials, project = google.auth.default(
scopes=['https://www.googleapis.com/auth/cloud-platform'])
creds, projects = google.auth.default()
auth_req = google.auth.transport.requests.Request()
creds.refresh(auth_req)
configuration = kubernetes_client.Configuration()
configuration.host = f'https://{response.endpoint}'
with NamedTemporaryFile(delete=False) as ca_cert:
ca_cert.write(
base64.b64decode(response.master_auth.cluster_ca_certificate))
configuration.ssl_ca_cert = ca_cert.name
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = creds.token
k8s_client = kubernetes_client.BatchV1Api(
kubernetes_client.ApiClient(configuration))
ret = k8s_client.list_job_for_all_namespaces()
print(ret)
check_k8s_client()
