Merge "openshiftpods: define ca_crt parameter if available"

2020-05-18 12:14:53 +00:00 · 2020-05-18 12:14:53 +00:00 · fa2a850cb9
commit fa2a850cb9
parent 2456820f89 48524da2ca
3 changed files with 12 additions and 3 deletions
--- a/nodepool/driver/openshiftpods/handler.py
+++ b/nodepool/driver/openshiftpods/handler.py
@ -40,6 +40,7 @@ class OpenshiftPodLauncher(OpenshiftLauncher):
            'pod': pod_name,
            'namespace': project,
            'host': k8s.api_client.configuration.host,
+            'ca_crt': self.handler.manager.ca_crt,
            'skiptls': not k8s.api_client.configuration.verify_ssl,
            'token': self.handler.manager.token,
            'user': 'zuul-worker',
--- a/nodepool/driver/openshiftpods/provider.py
+++ b/nodepool/driver/openshiftpods/provider.py
@ -12,6 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+import base64
 import logging
 import urllib3
 import time
@ -34,7 +35,7 @@ class OpenshiftPodsProvider(OpenshiftProvider):
        self.provider = provider
        self.ready = False
        try:
-            self.token, self.k8s_client = self._get_client(
+            self.token, self.ca_crt, self.k8s_client = self._get_client(
                provider.context)
        except kce.ConfigException:
            self.log.exception("Couldn't load client from config")
@ -44,6 +45,7 @@ class OpenshiftPodsProvider(OpenshiftProvider):
                          "config.list_kube_config_contexts()[0]]))\"")
            self.token = None
            self.k8s_client = None
+            self.ca_crt = None
        self.pod_names = set()
        for pool in provider.pools.values():
            self.pod_names.update(pool.labels.keys())
@ -51,7 +53,12 @@ class OpenshiftPodsProvider(OpenshiftProvider):
    def _get_client(self, context):
        conf = config.new_client_from_config(context=context)
        token = conf.configuration.api_key.get('authorization', '').split()[-1]
-        return (token, k8s_client.CoreV1Api(conf))
+        ca = None
+        if conf.configuration.ssl_ca_cert:
+            with open(conf.configuration.ssl_ca_cert) as ca_file:
+                ca = ca_file.read()
+                ca = base64.b64encode(ca.encode('utf-8')).decode('utf-8')
+        return (token, ca, k8s_client.CoreV1Api(conf))

    def start(self, zk_conn):
        self.log.debug("Starting")
--- a/nodepool/tests/unit/test_driver_openshiftpods.py
+++ b/nodepool/tests/unit/test_driver_openshiftpods.py
@ -76,7 +76,7 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
        self.fake_k8s_client = FakeCoreClient()

        def fake_get_client(*args):
-            return "fake-token", self.fake_k8s_client
+            return "fake-token", None, self.fake_k8s_client

        self.useFixture(fixtures.MockPatchObject(
            provider.OpenshiftPodsProvider, '_get_client',
@ -103,6 +103,7 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
        self.assertIsNotNone(node.launcher)
        self.assertEqual(node.connection_type, 'kubectl')
        self.assertEqual(node.connection_port.get('token'), 'fake-token')
+        self.assertIn('ca_crt', node.connection_port)
        self.assertEqual(node.attributes,
                         {'key1': 'value1', 'key2': 'value2'})