A Ruby client for OpenShift Container Platform REST api. The client supports GET, POST, PUT, DELETE on projects, build configs, quotas, and role bindings. The client currently supports OCP REST api version v1.
This client heavily leverages the Kubeclient Ruby Gem and operates almost identically.
Add this line to your application's Gemfile:
gem 'ocpclient'
And then execute:
$ bundle
Or install it yourself as:
$ gem install ocpclient
Initialize the client:
client = Ocpclient::Client.new 'https://localhost:8443/' , "v1"
Or without specifying version (it will be set by default to "v1")
client = Ocpclient::Client.new 'https://localhost:8443/'
Another option is to initialize the client with URI object:
uri = URI::HTTP.build(host: "somehostname", port: 8443)
client = Ocpclient::Client.new uri
It is also possible to use https and configure ssl with:
ssl_options = {
client_cert: OpenSSL::X509::Certificate.new(File.read('/path/to/client.crt')),
client_key: OpenSSL::PKey::RSA.new(File.read('/path/to/client.key')),
ca_file: '/path/to/ca.crt',
verify_ssl: OpenSSL::SSL::VERIFY_PEER
}
client = Ocpclient::Client.new 'https://localhost:8443/' , "v1",
ssl_options: ssl_options
As an alternative to the ca_file it's possible to use the cert_store:
cert_store = OpenSSL::X509::Store.new
cert_store.add_cert(OpenSSL::X509::Certificate.new(ca_cert_data))
ssl_options = {
cert_store: cert_store,
verify_ssl: OpenSSL::SSL::VERIFY_PEER
}
client = Ocpclient::Client.new 'https://localhost:8443/' , "v1",
ssl_options: ssl_options
For testing and development purpose you can disable the ssl check with:
ssl_options = { verify_ssl: OpenSSL::SSL::VERIFY_NONE }
client = Ocpclient::Client.new 'https://localhost:8443/' , 'v1',
ssl_options: ssl_options
If you are using basic authentication or bearer tokens as described here then you can specify one of the following:
auth_options = {
username: 'username',
password: 'password'
}
client = Ocpclient::Client.new 'https://localhost:8443/' , 'v1',
auth_options: auth_options
or
auth_options = {
bearer_token: 'MDExMWJkMjItOWY1Ny00OGM5LWJlNDEtMjBiMzgxODkxYzYz'
}
client = Ocpclient::Client.new 'https://localhost:8443/' , 'v1',
auth_options: auth_options
or
auth_options = {
bearer_token_file: '/path/to/token_file'
}
client = Ocpclient::Client.new 'https://localhost:8443/' , 'v1',
auth_options: auth_options
If you've been using kubectl and have a .kube/config file, you can auto-populate a config object using Kubeclient::Config:
config = Kubeclient::Config.read('/path/to/.kube/config')
...and then pass that object to Kubeclient::Client:
Kubeclient::Client.new(
config.context.api_endpoint,
config.context.api_version,
{
ssl_options: config.context.ssl_options,
auth_options: config.context.auth_options
}
)
You can also load your JSONified config in from an ENV variable (e.g. KUBE_CONFIG) like so:
Kubeclient::Config.new(JSON.parse(ENV['KUBE_CONFIG']), nil)
Such as: get_pods, get_secrets, get_services, get_nodes, get_replication_controllers, get_resource_quotas, get_limit_ranges, get_persistent_volumes, get_persistent_volume_claims, get_component_statuses, get_service_accounts
pods = client.get_pods
Get all entities of a specific type in a namespace:
services = client.get_services(namespace: 'development')
You can get entities which have specific labels by specifying a parameter named label_selector (named labelSelector in Kubernetes server):
pods = client.get_pods(label_selector: 'name=redis-master')
You can specify multiple labels (that option will return entities which have both labels:
pods = client.get_pods(label_selector: 'name=redis-master,app=redis')
Such as: get_service "service name" , get_pod "pod name" , get_replication_controller "rc name", get_secret "secret name", get_resource_quota "resource quota name", get_limit_range "limit range name" , get_persistent_volume "persistent volume name" , get_persistent_volume_claim "persistent volume claim name", get_component_status "component name", get_service_account "service account name"
The GET request should include the namespace name, except for nodes and namespaces entities.
node = client.get_node "127.0.0.1"
service = client.get_service "guestbook", 'development'
Note - Kubernetes doesn't work with the uid, but rather with the 'name' property. Querying with uid causes 404.
For example: delete_pod "pod name" , delete_replication_controller "rc name", delete_node "node name", delete_secret "secret name"
Input parameter - name (string) specifying service name, pod name, replication controller name.
client.delete_service "redis-service"
For example: create_pod pod_object, create_replication_controller rc_obj, create_secret secret_object, create_resource_quota resource_quota_object, create_limit_range limit_range_object, create_persistent_volume persistent_volume_object, create_persistent_volume_claim persistent_volume_claim_object, create_service_account service_account_object
Input parameter - object of type Service, Pod, ReplicationController.
The below example is for v1
service = Service.new
service.metadata = {}
service.metadata.name = "redis-master"
service.metadata.namespace = 'staging'
service.spec = {}
service.spec.ports = [{ 'port' => 6379,
'targetPort' => 'redis-server'
}]
service.spec.selector = {}
service.spec.selector.name = "redis"
service.spec.selector.role = "master"
service.metadata.labels = {}
service.metadata.labels.app = 'redis'
service.metadata.labels.role = 'slave'
client.create_service service`
For example: update_pod, update_service, update_replication_controller, update_secret, update_resource_quota, update_limit_range, update_persistent_volume, update_persistent_volume_claim, update_service_account
Input parameter - object of type Pod, Service, ReplicationController etc.
The below example is for v1
client.update_service service1
For example: patch_pod, patch_service, patch_secret, patch_resource_quota, patch_persistent_volume
Input parameters - name (string) specifying the entity name, patch (hash) to be applied to the resource, optional: namespace name (string)
The PATCH request should include the namespace name, except for nodes and namespaces entities.
The below example is for v1
client.patch_pod "docker-registry", {:metadata => {:annotations => {:key => 'value'}}}, "default"
Returns a hash with the following keys (node, secret, service, pod, replication_controller, namespace, resource_quota, limit_range, endpoint, event, persistent_volume, persistent_volume_claim, component_status and service_account). Each key points to an EntityList of same type. This method is a convenience method instead of calling each entity's get method separately.
client.all_entities
It is possible to receive live update notices watching the relevant entities:
watcher = client.watch_pods
watcher.each do |notice|
# process notice data
end
It is possible to interrupt the watcher from another thread with:
watcher.finish
You can use the field_selector option as part of the watch methods.
watcher = client.watch_events(namespace: 'development', field_selector: 'involvedObject.name=redis-master')
watcher.each do |notice|
# process notice date
end
You can get a complete URL for connecting a kubernetes entity via the proxy.
client.proxy_url('service', 'srvname', 'srvportname', 'ns')
=> "https://localhost.localdomain:8443/api/v1/proxy/namespaces/ns/services/srvname:srvportname"
Note the third parameter, port, is a port name for services and an integer for pods:
client.proxy_url('pod', 'podname', 5001, 'ns')
=> "https://localhost.localdomain:8443/api/v1/namespaces/ns/pods/podname:5001/proxy"
You can get the logs of a running pod, specifying the name of the pod and the namespace where the pod is running:
client.get_pod_log('pod-name', 'default')
=> "Running...\nRunning...\nRunning...\n"
If that pod has more than one container, you must specify the container:
client.get_pod_log('pod-name', 'default', container: 'ruby')
=> "..."
If a container in a pod terminates, a new container is started, and you want to
retrieve the logs of the dead container, you can pass in the :previous option:
client.get_pod_log('pod-name', 'default', previous: true)
=> "..."
You can also watch the logs of a pod to get a stream of data:
watcher = client.watch_pod_log('pod-name', 'default', container: 'ruby')
watcher.each do |line|
puts line
end
git checkout -b my-new-feature)rake test rubocop, add new tests if needed.git commit -am 'Add some feature')git push origin my-new-feature)This client is tested with Minitest and also uses VCR recordings in some tests. Please run all tests before submitting a Pull Request, and add new tests for new functionality.
Running tests:
rake test
FAQs
Unknown package
We found that ocpclient demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
Security News
Research
Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.