HEX
Server: Apache
System: Linux server2.voipitup.com.au 4.18.0-553.109.1.lve.el8.x86_64 #1 SMP Thu Mar 5 20:23:46 UTC 2026 x86_64
User: posscale (1027)
PHP: 8.2.30
Disabled: exec,passthru,shell_exec,system
Upload Files
File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/__pycache__/k8s.cpython-310.pyc
o

�N�gib�@szdZddlZddlZddlZddlZddlZddlZddl	m
mZddlZdZ
e�e�Zdd�ZdFdd�Zdd	�Zd
d�Zdd
�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�ZdGdd�ZdGdd�ZdGd d!�ZdGd"d#�Z dHd%d&�Z!d'd(�Z"dFd)d*�Z#dId+d,�Z$d-d.�Z%d/d0�Z&d1d2�Z'd3d4�Z(d5d6�Z)d7d8�Z*dJd:d;�Z+d<d=�Z,	?dKd@dA�Z-		9	9	?dLdBdC�Z.dMdDdE�Z/dS)Na
Salt module to manage Kubernetes cluster

.. versionadded:: 2016.3.0

Roadmap:

* Add creation of K8S objects (pod, rc, service, ...)
* Add replace of K8S objects (pod, rc, service, ...)
* Add deletion of K8S objects (pod, rc, service, ...)
* Add rolling update
* Add (auto)scalling

�NZk8scCstS)z*Load load if python-requests is installed.)�__virtualname__�rr�D/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/k8s.py�__virtual__ srcCs�d}|dur|Sdtjvrtj�d�}nUtdd�r!tdd�}nHtj�|�s.tddd�rgtdd|�}t�dtj�}t	j
j�|��}|�
�D]}|�|�}qH|rW|�d	�}Wd�n1sawYnd
}t�d|�|S)z^Try to guees the kubemaster url from environ,
    then from `/etc/kubernetes/config` file
    z/etc/kubernetes/configNZKUBERNETES_MASTERz
config.getz
k8s:masterz
k8s:config�z!KUBE_MASTER=['"]--master=(.*)['"]�zhttp://127.0.0.1:8080z$Discoverd k8s API server address: %s)�os�environ�get�__salt__�path�exists�re�compile�	MULTILINE�salt�utils�files�fopen�	readlines�match�group�log�debug)�
apiserver_urlZdefault_configZconfigZ
kubeapi_regexZfh_k8s�lineZ
match_linerrr�_guess_apiserver%s.
�
���rcCsTddi}t�d||�tj|d|tjj�|�d�}|�d�r |Stjj�	|�d��S)z,create any object in kubernetes based on URL�Content-Type�application/jsonzurl is: %s, data is: %s�POST��methodZheader_dict�data�error�body)
r�trace�http�queryrr�json�dumpsr
�loads��urlr"�headers�retrrr�_kpostAs�
r/cCsFddi}tj|d|tjj�|�d�}|�d�r|Stjj�|�d��S)z)put any object in kubernetes based on URLrr�PUTr r#r$)r&r'rrr(r)r
r*r+rrr�_kputRs�
r1cCsXddi}tj|d|tjj�|�d�}|�d�r"t�d|�d��|Stjj�	|�d��S)z+patch any object in kubernetes based on URLrzapplication/json-patch+json�PATCHr r#zGot an error: %sr$)
r&r'rrr(r)r
rr#r*r+rrr�_kpatchbs�
r3cCs^t|t�r|�di��dd�gSt|ttf�r-g}|D]}|�|�di��dd��q|SdS)z4Get name or names out of json result from API server�metadata�namerzUnknown type)�
isinstance�dictr
�list�tuple�append)�obj�names�irrr�_knamess
r>cCs4t�d�}|�|�rt�d|�dSt�d|�dS)z�Check that name is DNS subdomain: One or more lowercase rfc1035/rfc1123
    labels separated by '.' with a maximum length of 253 charactersz^[a-z0-9\.-]{1,253}$zName: %s is valid DNS subdomainTz#Name: %s is not valid DNS subdomainF)rrrrr)r5Z
dns_subdomainrrr�_is_dns_subdomain�s

r?cC�t�d�}|�|�rdSdS)aCheck that name is IANA service: An alphanumeric (a-z, and 0-9) string,
    with a maximum length of 15 characters, with the '-' character allowed
    anywhere except the first or the last character or adjacent to another '-'
    character, it must contain at least a (a-z) characterz^[a-z0-9]{1,15}$TF�rrr)r5Z	port_namerrr�
_is_port_name��

rBcCr@)z�Check that name is DNS label: An alphanumeric (a-z, and 0-9) string,
    with a maximum length of 63 characters, with the '-' character allowed
    anywhere except the first or last character, suitable for use as a hostname
    or segment in a domain namez^[a-z0-9][a-z0-9\.-]{1,62}$TFrA)r5Z	dns_labelrrr�
_is_dns_label�rCrDcCs|dur
tdd�S|S)z.Try to guess kube node ID using salt minion IDNz
grains.get�id)r)�noderrr�_guess_node_id�srGcCsj|�d|��}t�|�}d|vrtjj�|�d��}n|�dd�dkr)d|�d�S|S|�di��d	i�S)
z Get all labels from a kube node.�/api/v1/nodes/r$�statusr��Node � doesn't existr4�labels)r&r'rrr(r*r
)rFrr,r.rrr�_get_labels�s
rNcCsD|�d|��}dd|d�g}t||�}|�d�dkr d|�d�S|S)	z Replace labels dict by a new onerH�replacez/metadata/labels��opr�valuerIrJrKrL�r3r
)rFrrMr,r"r.rrr�_set_labels�s
rTcCs.t|�}t|�}|durdSt||�}d|iS)z�
    .. versionadded:: 2016.3.0

    Get labels from the current node

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.get_labels
        salt '*' k8s.get_labels kube-node.cluster.local http://kube-master.cluster.local

    NFrM)rGrrN)rFrr.rrr�
get_labels�s
rUcCs>|ddid�}t|�}t|�}|durdSt||�}||vrT||i|d<t|�||<t|||�}|�d�dkrJt�d	�i|d<d
|�d�|d<|Sd
|�d�|d<|S|�|�t|�kr�|t|�i|d<t|�||<t|||�}|�d�dkr�t�d	�i|d<d|�d�|d<|Sd
|�d�|d<|Sd
|�d�|d<|S)a
    .. versionadded:: 2016.3.0

    Set label to the current node

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.label_present hw/disktype ssd

        salt '*' k8s.label_present hw/disktype ssd kube-node.cluster.local http://kube-master.cluster.local

    Tr�r5�result�comment�changesNFrYrI��Got 409, will try laterzCould not create label �, please retryrX�Label � createdzCould not update label z updatedz already set)rGrrN�strrTr
rr)r5rRrFrr.rM�resrrr�
label_present�s<

��
��racs��ddid�}t|�}t|�}|durdSt||�}�fdd�|��D�}||kr3d��d	�|d
<|St|||�}|�d�dkrSt�d
�i|d<d��d�|d
<|Sd�i|d<d��d�|d
<|S)a

    .. versionadded:: 2016.3.0

    Delete label to the current node

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.label_absent hw/disktype
        salt '*' k8s.label_absent hw/disktype kube-node.cluster.local http://kube-master.cluster.local

    TrrVNFcsi|]\}}|�kr||�qSrr��.0�keyrR�r5rr�
<dictcomp>;sz label_absent.<locals>.<dictcomp>r]� already absentrXrIrZr[rYzCould not delete label r\�deleted� absent)rGrrN�itemsrTr
rr�r5rFrr.Z
old_labelsrMr`rrer�label_absent!s&

�
�rlcs�|�d�d��ddid�}t|�}t|�}|durdSt||�}�fdd�|��D�}||kr:d	��d
�|d<|St|||�}|�d�d
krYt�d�i|d<d�	��|d<|Sd�i|d<d	��d�|d<|S)a
    .. versionadded:: 2016.3.0

    Delete label folder to the current node

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.label_folder_absent hw
        salt '*' k8s.label_folder_absent hw/ kube-node.cluster.local http://kube-master.cluster.local

    �/TrrVNFcs i|]\}}|���s||�qSr)�
startswithrb�Zfolderrrrfjs
��z'label_folder_absent.<locals>.<dictcomp>z
Label folder rgrXrIrZr[rYz.Could not delete label folder {}, please retryrhri)
�striprGrrNrjrTr
rr�formatrkrror�label_folder_absentOs0

��
��rrrcCs:|�d|��}t�|�}|�d�rtjj�|�d��SdS)zEGet namespace is namespace is defined otherwise return all namespaces�/api/v1/namespaces/r$N�r&r'r
rrr(r*)rr5r,r.rrr�_get_namespaces�s


rucCs@|�d�}ddd|id�}t�d|�t||�}t�d|�|S)�+create namespace on the defined k8s clusterz/api/v1/namespaces�	Namespace�v1r5)�kind�
apiVersionr4znamespace creation requests: %sz
result is: %s)rr%r/)�	namespacerr,r"r.rrr�_create_namespace�s

r|cCsf|ddid�}t|�}|durdSt||�s)t||�||d<d|�d�|d	<|Sd|�d
�|d	<|S)a�
    .. versionadded:: 2016.3.0

    Create kubernetes namespace from the name, similar to the functionality added to kubectl since v.1.2.0:
    .. code-block:: bash

        kubectl create namespaces namespace-name

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.create_namespace namespace_name

        salt '*' k8s.create_namespace namespace_name http://kube-master.cluster.local

    TrrVNFrYz
Namespace r^rXz already present)rrur|)r5rr.rrr�create_namespace�s

�r}cCs"t|�}|dur
dSt||�}|S)a_
    .. versionadded:: 2016.3.0

    Get one or all kubernetes namespaces.

    If namespace parameter is omitted, all namespaces will be returned back to user, similar to following kubectl example:

    .. code-block:: bash

        kubectl get namespaces -o json

    In case namespace is set by user, the output will be similar to the one from kubectl:

    .. code-block:: bash

        kubectl get namespaces namespace_name -o json

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.get_namespaces
        salt '*' k8s.get_namespaces namespace_name http://kube-master.cluster.local

    NF)rru)r{rr.rrr�get_namespaces�s

r~cCs@|�d|�d|��}t�|�}|�d�rtjj�|�d��SdS)zGet secrets of the namespace.rs�	/secrets/r$Nrt)r{r5rr,r.rrr�_get_secrets�s


r�cCsJ|�d|�d|��}dd|d�g}t||�}|�d�dkr#d|�d	�S|S)
z!Replace secrets data by a new onersrrOz/datarPrIrJrKrLrS)r{r5r"rr,r.rrr�_update_secret�s
r�cCs2|�d|�d�}dd||d�|d�}t||�}|S)rvrsz/secretsrxZSecret)r5r{)rzryr4r")r/)r{r5r"rr,�requestr.rrr�_create_secret�s�
r�cCs8tj�|�rtj�|�rt�d|�dSt�d|�dS)NzFile: %s is valid secret fileTz$File: %s does not exists or not fileF)rrr
�isfilerr�warning)�filenamerrr�_is_valid_secret_file
s
r�cCsRt�d|�tjj�|d��}|��}t�|�Wd�S1s"wYdS)NzEncoding secret file: %s�rb)	rr%rrrr�read�base64�	b64encode)r��fr"rrr�_file_encodes
$�r�cCs�|�dg�}|r5t|�D]"\}}t�||�|�di���D]\}}t�|�||d|<qq||d<|S|�di���D]
\}}t�|�|d|<q=|S)Nrjr")r
�	enumeraterr%rjr��	b64decode)Zsecretsrjr=�secret�k�vrrr�_decode_secretss�r�FcCs<t|�}|dur
dS|st|||�}|Stt|||��}|S)z�
    Get k8s namespaces

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.get_secrets namespace_name
        salt '*' k8s.get_secrets namespace_name secret_name http://kube-master.cluster.local

    NF)rr�r�)r{r5r�decodeZbriefr.rrr�get_secrets+s
�r�cCs�ztj�|�}Wn
tydifYSwd}t�d|�|jr&|jdkrJtj�	|j�}tj�
|�}t�d|j�t|�rHt
|�rH|t|�fSdS|j|vrjtd||�}|s`t�d|�dStj�
|�t|�fSdS)	Nr)rr&�https�ftpZswiftZs3�filezparsed source looks like: %sr�z"Source is a regular local file: %sz
cp.cache_filez$Source file: %s can not be retrieved)rr)�urllib�parse�urlparse�	TypeErrorrr%�schemerr�abspath�basenamerr?r�r�rr�)�source�saltenvZ
source_url�protosr��snamerrr�_source_encodeDs*�	
�r�T�basec	Cs"t|�}t|||||d|d�}|S)a�
    .. versionadded:: 2016.3.0

    alias to k8s.create_secret with update=true

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.update_secret namespace_name secret_name sources [apiserver_url] [force=true] [update=false] [saltenv='base']

    sources are either dictionary of {name: path, name1: path} pairs or array of strings defining paths.

    Example of paths array:

    .. code-block:: bash

    ['/full/path/filename', "file:///full/path/filename", "salt://secret/storage/file.txt", "http://user:password@securesite.com/secret-file.json"]

    Example of dictionaries:

    .. code-block:: bash

    {"nameit": '/full/path/fiename', name2: "salt://secret/storage/file.txt"}

    optional parameters accepted:

    force=[true] default value is true
    if the to False, secret will not be created in case one of the files is not
    valid kubernetes secret. e.g. capital letters in secret name or _
    in case force is set to True, wrong files will be skipped but secret will be created any way.

    saltenv=['base'] default value is base
    in case 'salt://' path is used, this parameter can change the visibility of files

    T)r�force�updater�)r�
create_secret)r{r5�sourcesrr�r�r.rrr�
update_secret_s'�	r�cCs|ddid�}|s|ddid�St|�}t||�s(|r!t||�n|ddid�St|||�}|rD|sDt�d||�|dd|�d	�id�Si}	|D]w}
t�d
|
�t|
t�r�t�	d|
�|
�
�D]0\}}t||�\}
}|
|krtdkr�nn|dd
|�d�7<|r�q_|S||	|<q_qHt|
t�r�t|
|�\}
}|
|kr�dkr�nn|r�|dd�
|
�7<qH|S||	|
<qHt�	d|	�|�r|�r|	s�|dd7<d|d<|S|�d�r�|	|�d�kr�t|||	|�}d|d<d|d<|St�d�d|d<|St|||	|�}|S)a�
    .. versionadded:: 2016.3.0

    Create k8s secrets in the defined namespace from the list of files

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.create_secret namespace_name secret_name sources

        salt '*' k8s.create_secret namespace_name secret_name sources
        http://kube-master.cluster.local

    sources are either dictionary of {name: path, name1: path} pairs or array of strings defining paths.

    Example of paths array:

    .. code-block:: bash

    ['/full/path/filename', "file:///full/path/filename", "salt://secret/storage/file.txt", "http://user:password@securesite.com/secret-file.json"]

    Example of dictionaries:

    .. code-block:: bash

    {"nameit": '/full/path/fiename', name2: "salt://secret/storage/file.txt"}

    optional parameters accepted:

    update=[false] default value is false
    if set to false, and secret is already present on the cluster - warning will be returned and no changes to the secret will be done.
    In case it is set to "true" and secret is present but data is differ - secret will be updated.

    force=[true] default value is true
    if the to False, secret will not be created in case one of the files is not
    valid kubernetes secret. e.g. capital letters in secret name or _
    in case force is set to True, wrong files will be skipped but secret will be created any way.

    saltenv=['base'] default value is base
    in case 'salt://' path is used, this parameter can change the visibility of files

    TrrVFzNo source availablezNamespace doesn't existsz"Secret %s is already present on %szSecret z is already presentz
source is: %szsource is dictionary: %srXzSource file z! is missing or name is incorrect
z/Source file {} is missing or name is incorrect
zsecret data is: %sz5Could not find source files or your sources are emptyrWr"zUpdated secretrYz3Secret has not been changed on cluster, skipping itz,Has not been changed on cluster, skipping it)rrur|r�r�inforr6r7r%rjr�r_rqr
r�r�)r{r5r�rr�r�r�r.r�r"r�r�r�r��encodedr`rrrr��s�4�
�
�
�
�
�
����
�
��r�cCs�|ddid�}t|�}|durdSt||�s|ddid�S|�d|�d|��}tj|d	d
�}|�d�r>d|�d
|�d�|d<|S)a^
    .. versionadded:: 2016.3.0

    Delete kubernetes secret in the defined namespace. Namespace is the mandatory parameter as well as name.

    CLI Example:

    .. code-block:: bash

        salt '*' k8s.delete_secret namespace_name secret_name

        salt '*' k8s.delete_secret namespace_name secret_name http://kube-master.cluster.local

    TrrVNFz5Namespace doesn't exists, can't delete anything therersrZDELETE)r!r$zRemoved secret z in z
 namespacerX)rrur&r'r
)r{r5rr�r.r,r`rrr�
delete_secrets
�
r�)N)NN)r)rN)rNFF)NTr�)NFFr�)NT)0�__doc__r��loggingrr�urllib.parser�Zsalt.utils.filesrZsalt.utils.httprr&Zsalt.utils.jsonr�	getLogger�__name__rrrr/r1r3r>r?rBrDrGrNrTrUrarlrrrur|r}r~r�r�r�r�r�r�r�r�r�r�r�rrrr�<module>s`








:
.
3

#%


�9
�