Class: Kubernetes::InClusterConfig

Inherits:

Object

• Object
• Kubernetes::InClusterConfig

Defined in:

lib/kubernetes/config/incluster_config.rb

Overview

The InClusterConfig class represents configuration for authn/authz in a Kubernetes cluster.

Constant Summary

SERVICE_HOST_ENV_NAME =

rubocop:disable Metrics/LineLength

'KUBERNETES_SERVICE_HOST'.freeze

SERVICE_PORT_ENV_NAME =

'KUBERNETES_SERVICE_PORT'.freeze

SERVICE_TOKEN_FILENAME =

'/var/run/secrets/kubernetes.io/serviceaccount/token'.freeze

SERVICE_CA_CERT_FILENAME =

'/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'.freeze

TOKEN_REFRESH_PERIOD =

1 minute

60

Instance Attribute Summary

• #host ⇒ Object

  rubocop:enable Metrics/LineLength.

• #port ⇒ Object

  Returns the value of attribute port.

• #token ⇒ Object

  Returns the value of attribute token.

• #token_expires_at ⇒ Object

  Returns the value of attribute token_expires_at.

Class Method Summary

• .in_cluster? ⇒ Boolean

Instance Method Summary

• #ca_cert ⇒ Object
• #configure(configuration, try_refresh_token: true) ⇒ Object

  rubocop:disable Metrics/AbcSize.

• #env ⇒ Object
• #load_token ⇒ Object
• #token_file ⇒ Object
• #token_refresh_period ⇒ Object
• #validate ⇒ Object

Instance Attribute Details

#host ⇒ Object

rubocop:enable Metrics/LineLength

# File 'lib/kubernetes/config/incluster_config.rb', line 31

def host
  @host
end

#port ⇒ Object

Returns the value of attribute port.

# File 'lib/kubernetes/config/incluster_config.rb', line 32

def port
  @port
end

#token ⇒ Object

Returns the value of attribute token.

# File 'lib/kubernetes/config/incluster_config.rb', line 33

def token
  @token
end

#token_expires_at ⇒ Object

Returns the value of attribute token_expires_at.

# File 'lib/kubernetes/config/incluster_config.rb', line 34

def token_expires_at
  @token_expires_at
end

Class Method Details

.in_cluster? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kubernetes/config/incluster_config.rb', line 48

def self.in_cluster?
  File.exist?(SERVICE_TOKEN_FILENAME) &&
    File.exist?(SERVICE_CA_CERT_FILENAME)
end

Instance Method Details

#ca_cert ⇒ Object

# File 'lib/kubernetes/config/incluster_config.rb', line 58

def ca_cert
  @ca_cert ||= SERVICE_CA_CERT_FILENAME
  @ca_cert
end

#configure(configuration, try_refresh_token: true) ⇒ Object

rubocop:disable Metrics/AbcSize

# File 'lib/kubernetes/config/incluster_config.rb', line 81

def configure(configuration, try_refresh_token: true)
  validate
  load_token
  configuration.api_key['authorization'] = "Bearer #{token}"
  configuration.scheme = 'https'
  configuration.host = "#{host}:#{port}"
  configuration.ssl_ca_cert = ca_cert
  return unless try_refresh_token

  Configuration.instance_variable_set(:@in_cluster_config, self)
  Configuration.prepend(Module.new do
    # rubocop:disable Metrics/LineLength
    def api_key_with_prefix(identifier)
      in_cluster_config = self.class.instance_variable_get(:@in_cluster_config)
      if identifier == 'authorization' && @api_key.key?(identifier) && in_cluster_config.token_expires_at <= Time.now
        in_cluster_config.load_token
        @api_key[identifier] = 'Bearer ' + in_cluster_config.token
      end
      super identifier
    end
    # rubocop:enable Metrics/LineLength
  end)
end

#env ⇒ Object

# File 'lib/kubernetes/config/incluster_config.rb', line 53

def env
  @env ||= ENV
  @env
end

#load_token ⇒ Object

# File 'lib/kubernetes/config/incluster_config.rb', line 73

def load_token
  File.open(token_file) do |io|
    self.token = io.read.chomp
    self.token_expires_at = Time.now + token_refresh_period
  end
end

#token_file ⇒ Object

# File 'lib/kubernetes/config/incluster_config.rb', line 63

def token_file
  @token_file ||= SERVICE_TOKEN_FILENAME
  @token_file
end

#token_refresh_period ⇒ Object

# File 'lib/kubernetes/config/incluster_config.rb', line 68

def token_refresh_period
  @token_refresh_period ||= TOKEN_REFRESH_PERIOD
  @token_refresh_period
end

#validate ⇒ Object

Raises:

• (ConfigError)

# File 'lib/kubernetes/config/incluster_config.rb', line 36

def validate
  unless (self.host = env[SERVICE_HOST_ENV_NAME]) &&
         (self.port = env[SERVICE_PORT_ENV_NAME])
    raise ConfigError, 'Service host/port is not set'
  end

  # rubocop:disable Metrics/LineLength
  raise ConfigError, 'Service token file does not exists' unless File.file?(token_file)
  raise ConfigError, 'Service token file does not exists' unless File.file?(ca_cert)
  # rubocop:enable Metrics/LineLength
end