コード例 #1
ファイル: deploy.go プロジェクト: rhuss/gofabric8
func deployFabric8SASSecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory, ns string) (Result, error) {
	name := Fabric8SASSCC
	scc := kapi.SecurityContextConstraints{
		ObjectMeta: kapi.ObjectMeta{
			Name: name,
		SELinuxContext: kapi.SELinuxContextStrategyOptions{
			Type: kapi.SELinuxStrategyRunAsAny,
		RunAsUser: kapi.RunAsUserStrategyOptions{
			Type: kapi.RunAsUserStrategyRunAsAny,
		Groups:  []string{"system:serviceaccounts"},
		Volumes: []kapi.FSType{kapi.FSTypeGitRepo, kapi.FSTypeConfigMap, kapi.FSTypeSecret, kapi.FSTypeEmptyDir},
	_, err := c.SecurityContextConstraints().Get(name)
	if err == nil {
		err = c.SecurityContextConstraints().Delete(name)
		if err != nil {
			return Failure, err
	_, err = c.SecurityContextConstraints().Create(&scc)
	if err != nil {
		util.Fatalf("Cannot create SecurityContextConstraints: %v\n", err)
		util.Fatalf("Failed to create SecurityContextConstraints %v in namespace %s: %v\n", scc, ns, err)
		return Failure, err
	util.Infof("SecurityContextConstraints %s is setup correctly\n", name)
	return Success, err
コード例 #2
ファイル: docker_env.go プロジェクト: gashcrumb/gofabric8
// NewCmdDockerEnv sets the current
func NewCmdDockerEnv(f *cmdutil.Factory) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "docker-env",
		Short: "Sets up docker env variables; Usage 'eval $(gofabric8 docker-env)'",
		Long:  `Sets up docker env variables; Usage 'eval $(gofabric8 docker-env)'`,

		Run: func(cmd *cobra.Command, args []string) {
			c, _ := client.NewClient(f)

			nodes, err := c.Nodes().List(api.ListOptions{})
			if err != nil {
				util.Errorf("Unable to find any nodes: %s\n", err)
			if len(nodes.Items) == 1 {
				node := nodes.Items[0]
				var command string
				var args []string

				if node.Name == minikubeNodeName {
					command = "minikube"
					args = []string{"docker-env"}

				} else if node.Name == minishiftNodeName {
					command = "minishift"
					args = []string{"docker-env"}

				} else if node.Name == rhelcdk {
					command = "vagrant"
					args = []string{"service-manager", "env", "docker"}

				if command == "" {
					util.Fatalf("Unrecognised cluster environment for node %s\n", node.Name)
					util.Fatalf("docker-env support is currently only for CDK, Minishift and Minikube\n")


				e := exec.Command(command, args...)
				e.Stdout = os.Stdout
				e.Stderr = os.Stderr
				err = e.Run()
				if err != nil {
					util.Fatalf("Unable to set the docker environment %v", err)
			} else {
				util.Fatalf("docker-env is only available to run on clusters of 1 node")


	return cmd
コード例 #3
ファイル: secrets.go プロジェクト: iocanel/gofabric8
func generateSshKeyPair(logGeneratedKeys string) Keypair {

	priv, err := rsa.GenerateKey(rand.Reader, 2014)
	if err != nil {
		util.Fatalf("Error generating key", err)
	err = priv.Validate()
	if err != nil {
		util.Fatalf("Validation failed.", err)

	// Get der format. priv_der []byte
	priv_der := x509.MarshalPKCS1PrivateKey(priv)

	// pem.Block
	// blk pem.Block
	priv_blk := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   priv_der,

	// Resultant private key in PEM format.
	// priv_pem string
	priv_pem := string(pem.EncodeToMemory(&priv_blk))

	if logGeneratedKeys == "true" {

	// Public Key generation
	pub := priv.PublicKey
	pub_der, err := x509.MarshalPKIXPublicKey(&pub)
	if err != nil {
		util.Fatalf("Failed to get der format for PublicKey.", err)

	pub_blk := pem.Block{
		Type:    "PUBLIC KEY",
		Headers: nil,
		Bytes:   pub_der,
	pub_pem := string(pem.EncodeToMemory(&pub_blk))
	if logGeneratedKeys == "true" {

	return Keypair{
		pub:  []byte(pub_pem),
		priv: []byte(priv_pem),
コード例 #4
ファイル: client.go プロジェクト: rhuss/gofabric8
func NewClient(f *cmdutil.Factory) (*client.Client, *restclient.Config) {
	var err error
	cfg, err := f.ClientConfig()
	if err != nil {
		util.Error("Could not initialise a client - is your server setting correct?\n\n")
		util.Fatalf("%v", err)
	c, err := client.New(cfg)
	if err != nil {
		util.Fatalf("Could not initialise a client: %v", err)

	return c, cfg
コード例 #5
ファイル: deploy.go プロジェクト: rhuss/gofabric8
func deployFabric8SecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory, ns string) (Result, error) {
	name := Fabric8SCC
	if ns != "default" {
		name += "-" + ns
	scc := kapi.SecurityContextConstraints{
		ObjectMeta: kapi.ObjectMeta{
			Name: name,
		Priority:                 &[]int{10}[0],
		AllowPrivilegedContainer: true,
		AllowHostNetwork:         true,
		AllowHostPorts:           true,
		Volumes:                  []kapi.FSType{kapi.FSTypeAll},
		SELinuxContext: kapi.SELinuxContextStrategyOptions{
			Type: kapi.SELinuxStrategyRunAsAny,
		RunAsUser: kapi.RunAsUserStrategyOptions{
			Type: kapi.RunAsUserStrategyRunAsAny,
		Users: []string{
			"system:serviceaccount:" + ns + ":default",
			"system:serviceaccount:" + ns + ":fabric8",
			"system:serviceaccount:" + ns + ":gerrit",
			"system:serviceaccount:" + ns + ":jenkins",
			"system:serviceaccount:" + ns + ":router",
			"system:serviceaccount:" + ns + ":registry",
			"system:serviceaccount:" + ns + ":gogs",
			"system:serviceaccount:" + ns + ":fluentd",
		Groups: []string{bootstrappolicy.ClusterAdminGroup, bootstrappolicy.NodesGroup},
	_, err := c.SecurityContextConstraints().Get(name)
	if err == nil {
		err = c.SecurityContextConstraints().Delete(name)
		if err != nil {
			return Failure, err
	_, err = c.SecurityContextConstraints().Create(&scc)
	if err != nil {
		util.Fatalf("Cannot create SecurityContextConstraints: %v\n", err)
		util.Fatalf("Failed to create SecurityContextConstraints %v in namespace %s: %v\n", scc, ns, err)
		return Failure, err
	util.Infof("SecurityContextConstraints %s is setup correctly\n", name)
	return Success, err
コード例 #6
ファイル: copy_endpoints.go プロジェクト: fabric8io/gofabric8
func NewCmdCopyEndpoints(f *cmdutil.Factory) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "copy-endpoints",
		Short: "Copies endpoints from the current namespace to a target namespace",
		Long:  `Copies endpoints from the current namespace to a target namespace`,
		PreRun: func(cmd *cobra.Command, args []string) {
		Run: func(cmd *cobra.Command, args []string) {

			if len(args) == 0 {
				util.Info("Please specify one or more endpoint names to copy as arguments!\n")
			c, cfg := client.NewClient(f)
			oc, _ := client.NewOpenShiftClient(cfg)


			toNamespace := cmd.Flags().Lookup(toNamespaceFlag).Value.String()

			fromNamespace := cmd.Flags().Lookup(fromNamespaceFlag).Value.String()
			if len(fromNamespace) == 0 {
				ns, _, err := f.DefaultNamespace()
				if err != nil {
					util.Fatal("No default namespace")
				fromNamespace = ns
			if len(toNamespace) == 0 {
				util.Fatal("No target namespace specified!")

			util.Infof("Copying endpoints from namespace: %s to namespace: %s\n", fromNamespace, toNamespace)
			err := ensureNamespaceExists(c, oc, toNamespace)
			if err != nil {
				util.Fatalf("Failed to copy endpoints %v", err)

			err = copyEndpoints(c, fromNamespace, toNamespace, args)
			if err != nil {
				util.Fatalf("Failed to copy endpoints %v", err)
	cmd.PersistentFlags().StringP(fromNamespaceFlag, "f", "", "the source namespace or uses the default namespace")
	cmd.PersistentFlags().StringP(toNamespaceFlag, "t", "", "the destination namespace")
	return cmd
コード例 #7
ファイル: install.go プロジェクト: rawlingsj/gofabric8
func getFabric8BinLocation() string {
	home := homedir.HomeDir()
	if home == "" {
		util.Fatalf("No user home environment variable found for OS %s", runtime.GOOS)
	return filepath.Join(home, ".fabric8", "bin")
コード例 #8
ファイル: service.go プロジェクト: fabric8io/gofabric8
// NewCmdService looks up the external service address and opens the URL
// Credits: https://github.com/kubernetes/minikube/blob/v0.9.0/cmd/minikube/cmd/service.go
func NewCmdService(f *cmdutil.Factory) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "service",
		Short: "Opens the specified Kubernetes service in your browser",
		Long:  `Opens the specified Kubernetes service in your browser`,

		Run: func(cmd *cobra.Command, args []string) {
			c, _ := client.NewClient(f)

			ns := cmd.Flags().Lookup(namespaceCommandFlag).Value.String()
			if ns == "" {
				ns, _, _ = f.DefaultNamespace()
			printURL := cmd.Flags().Lookup(urlCommandFlag).Value.String() == "true"
			retry := cmd.Flags().Lookup(retryFlag).Value.String() == "true"
			if len(args) == 1 {
				openService(ns, args[0], c, printURL, retry)
			} else {
				util.Fatalf("Please choose a service, found %v arguments\n", len(args))
	cmd.PersistentFlags().StringP(namespaceCommandFlag, "n", "default", "The service namespace")
	cmd.PersistentFlags().BoolP(urlCommandFlag, "u", false, "Display the kubernetes service exposed URL in the CLI instead of opening it in the default browser")
	cmd.PersistentFlags().Bool(retryFlag, true, "Retries to find the service if its not available just yet")
	return cmd
コード例 #9
ファイル: secrets.go プロジェクト: MarWestermann/gofabric8
func generateSshKeyPair() Keypair {

	priv, err := rsa.GenerateKey(rand.Reader, 2014)
	if err != nil {
		util.Fatalf("Error generating key", err)

	// Get der format. priv_der []byte
	priv_der := x509.MarshalPKCS1PrivateKey(priv)

	// pem.Block
	// blk pem.Block
	priv_blk := pem.Block{
		Type:    "RSA PRIVATE KEY",
		Headers: nil,
		Bytes:   priv_der,

	// Resultant private key in PEM format.
	// priv_pem string
	priv_pem := string(pem.EncodeToMemory(&priv_blk))

	// Public Key generation
	sshPublicKey, err := ssh.NewPublicKey(&priv.PublicKey)
	pubBytes := ssh.MarshalAuthorizedKey(sshPublicKey)

	return Keypair{
		pub:  []byte(pubBytes),
		priv: []byte(priv_pem),
コード例 #10
ファイル: deploy.go プロジェクト: rhuss/gofabric8
func loadJsonDataAndAdaptFabric8Images(uri string, dockerRegistry string, arch string) ([]byte, error) {
	resp, err := http.Get(uri)
	if err != nil {
		util.Fatalf("Cannot get fabric8 template to deploy: %v", err)
	defer resp.Body.Close()
	jsonData, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		util.Fatalf("Cannot get fabric8 template to deploy: %v", err)
	jsonData, err = adaptFabric8ImagesInResourceDescriptor(jsonData, dockerRegistry, arch)
	if err != nil {
		util.Fatalf("Cannot append docker registry: %v", err)
	return jsonData, nil
コード例 #11
ファイル: secrets.go プロジェクト: fabric8io/gofabric8
func getTemplates(c *oclient.Client, ns string) *tapi.TemplateList {
	templates, err := c.Templates(ns).List(api.ListOptions{})
	if err != nil {
		util.Fatalf("No Templates found in namespace %s\n", ns)
	return templates
コード例 #12
ファイル: cleanup.go プロジェクト: rawlingsj/gofabric8
// NewCmdCleanUp delete all fabric8 apps, environments and configurations
func NewCmdCleanUp(f *cmdutil.Factory) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "cleanup",
		Short: "Hard delete all fabric8 apps, environments and configurations",
		Long:  `Hard delete all fabric8 apps, environments and configurations`,

		Run: func(cmd *cobra.Command, args []string) {

			currentContext, err := util.GetCurrentContext()
			if err != nil {
				util.Fatalf("%s", err)
			fmt.Fprintf(os.Stdout, `WARNING this is destructive and will remove ALL fabric8 apps, environments and configuration from cluster %s.  Continue? [y/N] `, currentContext)

			var confirm string

			if confirm == "y" {

	return cmd
コード例 #13
ファイル: validate.go プロジェクト: ALRubinger/gofabric8
func validateRouter(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
	ns, _, err := f.DefaultNamespace()
	if err != nil {
		return Failure, err
	requirement, err := labels.NewRequirement("router", labels.EqualsOperator, kutil.NewStringSet("router"))
	if err != nil {
		return Failure, err
	label := labels.LabelSelector{*requirement}

	rc, err := c.ReplicationControllers(ns).List(label)
	if err != nil {
		util.Fatalf("Failed to get PersistentVolumeClaims, %s in namespace %s\n", err, ns)
	if rc != nil {
		items := rc.Items
		if len(items) > 0 {
			return Success, err
	//util.Fatalf("No router running in namespace %s\n", ns)
	// TODO lets create a router
	return Failure, err
コード例 #14
ファイル: secrets.go プロジェクト: MarWestermann/gofabric8
func getTemplates(c *oclient.Client, ns string) *tapi.TemplateList {

	rc, err := c.Templates(ns).List(labels.Everything(), fields.Everything())
	if err != nil {
		util.Fatalf("No Templates found in namespace %s\n", ns)
	return rc
コード例 #15
ファイル: stop.go プロジェクト: rawlingsj/gofabric8
// NewCmdStop stops the current local cluster
func NewCmdStop(f *cmdutil.Factory) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "stop",
		Short: "Stops a running local cluster",
		Long:  `Stops a running local cluster`,

		Run: func(cmd *cobra.Command, args []string) {
			context, err := util.GetCurrentContext()
			if err != nil {
				util.Fatalf("Error getting current context %s", err)
			var command string
			var cargs []string

			if context == util.Minikube {
				command = "minikube"
				cargs = []string{"stop"}

			} else if util.IsMiniShift(context) {
				command = "minishift"
				cargs = []string{"stop"}

			} else if context == util.CDK {
				command = "vagrant"
				cargs = []string{"halt"}

			if command == "" {
				util.Fatalf("Context %s not supported.  Currently only CDK, Minishift and Minikube are supported by this command\n", context)

			e := exec.Command(command, cargs...)
			e.Stdout = os.Stdout
			e.Stderr = os.Stderr
			err = e.Run()
			if err != nil {
				util.Fatalf("Unable to stop the cluster %s", err)


	return cmd
コード例 #16
ファイル: client.go プロジェクト: rhuss/gofabric8
func NewOpenShiftClient(cfg *restclient.Config) (*oclient.Client, *restclient.Config) {
	ocfg := *cfg
	ocfg.APIPath = ""
	c, err := oclient.New(&ocfg)
	if err != nil {
		util.Fatalf("Could not initialise an OpenShift client: %v", err)

	return c, cfg
コード例 #17
ファイル: deploy.go プロジェクト: iocanel/gofabric8
func f8Version(v string, typeOfMaster util.MasterType) string {
	metadataUrl := consoleMetadataUrl
	if typeOfMaster == util.Kubernetes {
		metadataUrl = consoleKubernetesMetadataUrl

	resp, err := http.Get(metadataUrl)
	if err != nil {
		util.Fatalf("Cannot get fabric8 version to deploy: %v", err)
	defer resp.Body.Close()
	// read xml http response
	xmlData, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		util.Fatalf("Cannot get fabric8 version to deploy: %v", err)

	type Metadata struct {
		Release  string   `xml:"versioning>release"`
		Versions []string `xml:"versioning>versions>version"`

	var m Metadata
	err = xml.Unmarshal(xmlData, &m)
	if err != nil {
		util.Fatalf("Cannot get fabric8 version to deploy: %v", err)

	if v == "latest" {
		return m.Release

	for _, version := range m.Versions {
		if v == version {
			return version

	util.Errorf("\nUnknown version: %s\n", v)
	util.Fatalf("Valid versions: %v\n", append(m.Versions, "latest"))
	return ""
コード例 #18
ファイル: deploy.go プロジェクト: iocanel/gofabric8
func deployFabric8SecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
	name := Fabric8SCC
	scc := kapi.SecurityContextConstraints{
		ObjectMeta: kapi.ObjectMeta{
			Name: name,
		AllowPrivilegedContainer: true,
		AllowHostNetwork:         true,
		AllowHostPorts:           true,
		AllowHostDirVolumePlugin: true,
		SELinuxContext: kapi.SELinuxContextStrategyOptions{
			Type: kapi.SELinuxStrategyRunAsAny,
		RunAsUser: kapi.RunAsUserStrategyOptions{
			Type: kapi.RunAsUserStrategyRunAsAny,
		Users:  []string{"system:serviceaccount:openshift-infra:build-controller", "system:serviceaccount:default:default", "system:serviceaccount:default:fabric8", "system:serviceaccount:default:gerrit", "system:serviceaccount:default:jenkins", "system:serviceaccount:default:router"},
		Groups: []string{bootstrappolicy.ClusterAdminGroup, bootstrappolicy.NodesGroup},
	ns, _, err := f.DefaultNamespace()
	if err != nil {
		util.Fatal("No default namespace")
		return Failure, err
	_, err = c.SecurityContextConstraints().Get(name)
	if err == nil {
		err = c.SecurityContextConstraints().Delete(name)
		if err != nil {
			return Failure, err
	_, err = c.SecurityContextConstraints().Create(&scc)
	if err != nil {
		util.Fatalf("Cannot create SecurityContextConstraints: %v\n", err)
		util.Fatalf("Failed to create SecurityContextConstraints %v in namespace %s: %v\n", scc, ns, err)
		return Failure, err
	util.Infof("SecurityContextConstraints %s is setup correctly\n", name)
	return Success, err
コード例 #19
ファイル: validate.go プロジェクト: rawlingsj/gofabric8
func validatePersistenceVolumeClaims(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
	ns, _, err := f.DefaultNamespace()
	if err != nil {
		return Failure, err
	rc, err := c.PersistentVolumeClaims(ns).List(api.ListOptions{})
	if err != nil {
		util.Fatalf("Failed to get PersistentVolumeClaims, %s in namespace %s\n", err, ns)
	if rc != nil {
		items := rc.Items
		pendingClaimNames := make([]string, 0, len(items))
		for _, item := range items {
			status := item.Status.Phase
			if status != "Bound" {
				pendingClaimNames = append(pendingClaimNames, item.ObjectMeta.Name)
		if len(pendingClaimNames) > 0 {
			util.Failuref("PersistentVolumeClaim not Bound for: %s. You need to create a PersistentVolume!\n", strings.Join(pendingClaimNames, ", "))
You can enable dynamic PersistentVolume creation with Kubernetes 1.4 or later.

Or to get gofabric8 to create HostPath based PersistentVolume resources for you on minikube and minishift type:

  gofabric8 volumes

For other clusters you could do something like this - though ideally with a persistent volume implementation other than hostPath:

cat <<EOF | oc create -f -
kind: PersistentVolume
apiVersion: v1
  name: fabric8
    - ReadWrite
    storage: 1000
    path: /opt/fabric8-data

			return Failure, err
		return Success, err
	return Failure, err
コード例 #20
ファイル: cleanup.go プロジェクト: rawlingsj/gofabric8
func cleanUpOpenshiftResources(c *k8sclient.Client, oc *oclient.Client, ns string, selector labels.Selector) {

	err := deleteDeploymentConfigs(oc, ns, selector)
	if err != nil {
		util.Fatalf("%s", err)

	err = deleteBuilds(oc, ns, selector)
	if err != nil {
		util.Fatalf("%s", err)

	err = deleteBuildConfigs(oc, ns, selector)
	if err != nil {
		util.Fatalf("%s", err)

	err = deleteRoutes(oc, ns, selector)
	if err != nil {
		util.Fatalf("%s", err)
コード例 #21
ファイル: validate.go プロジェクト: ALRubinger/gofabric8
func validateSecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
	ns, _, err := f.DefaultNamespace()
	if err != nil {
		return Failure, err
	rc, err := c.SecurityContextConstraints().Get("fabric8")
	if err != nil {
		util.Fatalf("Failed to get SecurityContextConstraints, %s in namespace %s\n", err, ns)
	if rc != nil {
		return Success, err
	return Failure, err
コード例 #22
ファイル: deploy.go プロジェクト: fabric8io/gofabric8
func versionForUrl(v string, metadataUrl string) string {
	resp, err := http.Get(metadataUrl)
	if err != nil {
		util.Fatalf("Cannot get fabric8 version to deploy: %v", err)
	defer resp.Body.Close()
	// read xml http response
	xmlData, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		util.Fatalf("Cannot get fabric8 version to deploy: %v", err)

	type Metadata struct {
		Release  string   `xml:"versioning>release"`
		Versions []string `xml:"versioning>versions>version"`

	var m Metadata
	err = xml.Unmarshal(xmlData, &m)
	if err != nil {
		util.Fatalf("Cannot get fabric8 version to deploy: %v", err)

	if v == "latest" {
		return m.Release

	for _, version := range m.Versions {
		if v == version {
			return version

	util.Errorf("\nUnknown version %s for %s\n", v, metadataUrl)
	util.Fatalf("Valid versions: %v\n", append(m.Versions, "latest"))
	return ""
コード例 #23
ファイル: validate.go プロジェクト: ALRubinger/gofabric8
func validatePersistenceVolumeClaims(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
	ns, _, err := f.DefaultNamespace()
	if err != nil {
		return Failure, err
	rc, err := c.PersistentVolumeClaims(ns).List(labels.Everything(), fields.Everything())
	if err != nil {
		util.Fatalf("Failed to get PersistentVolumeClaims, %s in namespace %s\n", err, ns)
	if rc != nil {
		items := rc.Items
		pendingClaimNames := make([]string, 0, len(items))
		for _, item := range items {
			status := item.Status.Phase
			if status != "Bound" {
				pendingClaimNames = append(pendingClaimNames, item.ObjectMeta.Name)
		if len(pendingClaimNames) > 0 {
			util.Failuref("PersistentVolumeClaim not Bound for: %s. You need to create a PersistentVolume!\n", strings.Join(pendingClaimNames, ", "))
to generate a single node PersistentVolume then type something like this:

cat <<EOF | oc create -f -
kind: PersistentVolume
apiVersion: v1
  name: fabric8
    - ReadWrite
    storage: 1000
    path: /opt/fabric8-data

			return Failure, err
		return Success, err
	return Failure, err
コード例 #24
ファイル: deploy.go プロジェクト: rhuss/gofabric8
// Ensure that the `restricted` SecurityContextConstraints has the RunAsUser set to RunAsAny
// if `restricted does not exist lets create it
// otherwise if needed lets modify the RunAsUser
func verifyRestrictedSecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
	name := RestrictedSCC
	ns, _, e := f.DefaultNamespace()
	if e != nil {
		util.Fatal("No default namespace")
		return Failure, e
	rc, err := c.SecurityContextConstraints().Get(name)
	if err != nil {
		scc := kapi.SecurityContextConstraints{
			ObjectMeta: kapi.ObjectMeta{
				Name: RestrictedSCC,
			SELinuxContext: kapi.SELinuxContextStrategyOptions{
				Type: kapi.SELinuxStrategyMustRunAs,
			RunAsUser: kapi.RunAsUserStrategyOptions{
				Type: kapi.RunAsUserStrategyRunAsAny,
			Groups: []string{bootstrappolicy.AuthenticatedGroup},

		_, err = c.SecurityContextConstraints().Create(&scc)
		if err != nil {
			return Failure, err
		} else {
			util.Infof("SecurityContextConstraints %s created\n", name)
			return Success, err

	// lets check that the restricted is configured correctly
	if kapi.RunAsUserStrategyRunAsAny != rc.RunAsUser.Type {
		rc.RunAsUser.Type = kapi.RunAsUserStrategyRunAsAny
		_, err = c.SecurityContextConstraints().Update(rc)
		if err != nil {
			util.Fatalf("Failed to update SecurityContextConstraints %v in namespace %s: %v\n", rc, ns, err)
			return Failure, err
		util.Infof("SecurityContextConstraints %s is updated to enable fabric8\n", name)
	} else {
		util.Infof("SecurityContextConstraints %s is configured correctly\n", name)
	return Success, err
コード例 #25
ファイル: pull.go プロジェクト: MarWestermann/gofabric8
func downloadTemplateDockerImages(cmd *cobra.Command, ns string, c *oclient.Client, fac *cmdutil.Factory, name string) (Result, error) {
	rc, err := c.Templates(ns).Get(name)
	if err != nil {
		util.Fatalf("No Template %s found in namespace %s\n", name, ns)

	// convert Template.Objects to Kubernetes resources
	_ = runtime.DecodeList(rc.Objects, api.Scheme, runtime.UnstructuredJSONScheme)
	for _, rc := range rc.Objects {
		switch rc := rc.(type) {
		case *api.ReplicationController:
			for _, container := range rc.Spec.Template.Spec.Containers {
				err = downloadDockerImage(container.Image)
				if err != nil {
					return Failure, err
	return Success, nil
コード例 #26
ファイル: install.go プロジェクト: rawlingsj/gofabric8
func isInstalled(isMinishift bool) bool {
	home := homedir.HomeDir()
	if home == "" {
		util.Fatalf("No user home environment variable found for OS %s", runtime.GOOS)

	// check if we can find a local kube config file
	if _, err := os.Stat(home + "/.kube/config"); os.IsNotExist(err) {
		return false

	// check for kubectl
	_, err := exec.LookPath(kubectl)
	if err != nil {
		return false

	if isMinishift {
		// check for minishift
		_, err = exec.LookPath(minishift)
		if err != nil {
			return false
		// check for oc client
		_, err = exec.LookPath(oc)
		if err != nil {
			return false

	} else {
		// check for minikube
		_, err = exec.LookPath(minikube)
		if err != nil {
			return false

	return true
コード例 #27
ファイル: deploy.go プロジェクト: fabric8io/gofabric8
func processTemplate(tmpl *tapi.Template, ns string, domain string, apiserver string) {
	generators := map[string]generator.Generator{
		"expression": generator.NewExpressionValueGenerator(rand.New(rand.NewSource(time.Now().UnixNano()))),
	p := template.NewProcessor(generators)

	ip, port, err := net.SplitHostPort(apiserver)
	if err != nil && !strings.Contains(err.Error(), "missing port in address") {
		util.Fatalf("%s", err)

	namespaceIdx := -1
	for i, param := range tmpl.Parameters {
		if param.Name == "NAMESPACE" {
			namespaceIdx = i
	if namespaceIdx >= 0 {
		tmpl.Parameters[namespaceIdx].Value = ns
	tmpl.Parameters = append(tmpl.Parameters, tapi.Parameter{
		Name:  "DOMAIN",
		Value: ns + "." + domain,
	}, tapi.Parameter{
		Name:  "APISERVER",
		Value: ip,
	}, tapi.Parameter{
		Value: port,

	errorList := p.Process(tmpl)
	for _, errInfo := range errorList {
		util.Errorf("Processing template field %s got error %s\n", errInfo.Field, errInfo.Detail)
コード例 #28
ファイル: deploy.go プロジェクト: rhuss/gofabric8
func NewCmdDeploy(f *cmdutil.Factory) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "deploy",
		Short: "Deploy fabric8 to your Kubernetes or OpenShift environment",
		Long:  `deploy fabric8 to your Kubernetes or OpenShift environment`,
		PreRun: func(cmd *cobra.Command, args []string) {
		Run: func(cmd *cobra.Command, args []string) {
			c, cfg := client.NewClient(f)
			ns, _, _ := f.DefaultNamespace()

			domain := cmd.Flags().Lookup(domainFlag).Value.String()
			apiserver := cmd.Flags().Lookup(apiServerFlag).Value.String()
			arch := cmd.Flags().Lookup(archFlag).Value.String()

			typeOfMaster := util.TypeOfMaster(c)

			util.Info("Deploying fabric8 to your ")
			util.Info(" installation at ")
			util.Info(" for domain ")
			util.Info(" in namespace ")
			util.Successf("%s\n\n", ns)

			useIngress := cmd.Flags().Lookup(useIngressFlag).Value.String() == "true"
			deployConsole := cmd.Flags().Lookup(consoleFlag).Value.String() == "true"

			mavenRepo := cmd.Flags().Lookup(mavenRepoFlag).Value.String()
			if !strings.HasSuffix(mavenRepo, "/") {
				mavenRepo = mavenRepo + "/"
			util.Info("Loading fabric8 releases from maven repository:")
			util.Successf("%s\n", mavenRepo)

			dockerRegistry := cmd.Flags().Lookup(dockerRegistryFlag).Value.String()
			if len(dockerRegistry) > 0 {
				util.Infof("Loading fabric8 docker images from docker registry: %s\n", dockerRegistry)

			if len(apiserver) == 0 {
				apiserver = domain

			if strings.Contains(domain, "=") {
				util.Warnf("\nInvalid domain: %s\n\n", domain)
			} else if confirmAction(cmd.Flags()) {
				v := cmd.Flags().Lookup("fabric8-version").Value.String()

				consoleVersion := f8ConsoleVersion(mavenRepo, v, typeOfMaster)

				versioniPaaS := cmd.Flags().Lookup(versioniPaaSFlag).Value.String()
				versioniPaaS = versionForUrl(versioniPaaS, urlJoin(mavenRepo, iPaaSMetadataUrl))

				versionDevOps := cmd.Flags().Lookup(versionDevOpsFlag).Value.String()
				versionDevOps = versionForUrl(versionDevOps, urlJoin(mavenRepo, devOpsMetadataUrl))

				versionKubeflix := cmd.Flags().Lookup(versionKubeflixFlag).Value.String()
				versionKubeflix = versionForUrl(versionKubeflix, urlJoin(mavenRepo, kubeflixMetadataUrl))

				versionZipkin := cmd.Flags().Lookup(versionZipkinFlag).Value.String()
				versionZipkin = versionForUrl(versionZipkin, urlJoin(mavenRepo, zipkinMetadataUrl))

				util.Warnf("\nStarting fabric8 console deployment using %s...\n\n", consoleVersion)

				oc, _ := client.NewOpenShiftClient(cfg)


				if typeOfMaster == util.Kubernetes {
					uri := fmt.Sprintf(urlJoin(mavenRepo, baseConsoleKubernetesUrl), consoleVersion)
					if fabric8ImageAdaptionNeeded(dockerRegistry, arch) {
						jsonData, err := loadJsonDataAndAdaptFabric8Images(uri, dockerRegistry, arch)
						if err == nil {
							tmpFileName := "/tmp/fabric8-console.json"
							t, err := os.OpenFile(tmpFileName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0777)
							if err != nil {
								util.Fatalf("Cannot open the converted fabric8 console template file: %v", err)
							defer t.Close()

							_, err = io.Copy(t, bytes.NewReader(jsonData))
							if err != nil {
								util.Fatalf("Cannot write the converted fabric8 console template file: %v", err)
							uri = tmpFileName
					filenames := []string{uri}

					if deployConsole {
						createCmd := &cobra.Command{}
						err := kcmd.RunCreate(f, createCmd, ioutil.Discard, &kcmd.CreateOptions{Filenames: filenames})
						if err != nil {
							printResult("fabric8 console", Failure, err)
						} else {
							printResult("fabric8 console", Success, nil)
					printAddServiceAccount(c, f, "fluentd")
					printAddServiceAccount(c, f, "registry")
				} else {
					r, err := verifyRestrictedSecurityContextConstraints(c, f)
					printResult("SecurityContextConstraints restricted", r, err)
					r, err = deployFabric8SecurityContextConstraints(c, f, ns)
					printResult("SecurityContextConstraints fabric8", r, err)
					r, err = deployFabric8SASSecurityContextConstraints(c, f, ns)
					printResult("SecurityContextConstraints "+Fabric8SASSCC, r, err)

					printAddClusterRoleToUser(oc, f, "cluster-admin", "system:serviceaccount:"+ns+":fabric8")
					printAddClusterRoleToUser(oc, f, "cluster-admin", "system:serviceaccount:"+ns+":jenkins")
					printAddClusterRoleToUser(oc, f, "cluster-reader", "system:serviceaccount:"+ns+":metrics")
					printAddClusterRoleToUser(oc, f, "cluster-reader", "system:serviceaccount:"+ns+":fluentd")

					printAddServiceAccount(c, f, "fluentd")
					printAddServiceAccount(c, f, "registry")
					printAddServiceAccount(c, f, "router")

					if cmd.Flags().Lookup(templatesFlag).Value.String() == "true" {
						if deployConsole {
							uri := fmt.Sprintf(urlJoin(mavenRepo, baseConsoleUrl), consoleVersion)
							jsonData, err := loadJsonDataAndAdaptFabric8Images(uri, dockerRegistry, arch)
							if err != nil {
								printError("failed to apply docker registry prefix", err)

							// lets delete the OAuthClient first as the domain may have changed
							createTemplate(jsonData, "fabric8 console", ns, domain, apiserver, c)
					} else {
						printError("Ignoring the deploy of the fabric8 console", nil)
				if deployConsole {
					println("Created fabric8 console")

				if cmd.Flags().Lookup(templatesFlag).Value.String() == "true" {
					println("Installing templates!")
					printError("Install DevOps templates", installTemplates(c, oc, f, versionDevOps, urlJoin(mavenRepo, devopsTemplatesDistroUrl), dockerRegistry, arch, domain))
					printError("Install iPaaS templates", installTemplates(c, oc, f, versioniPaaS, urlJoin(mavenRepo, iPaaSTemplatesDistroUrl), dockerRegistry, arch, domain))
					printError("Install Kubeflix templates", installTemplates(c, oc, f, versionKubeflix, urlJoin(mavenRepo, kubeflixTemplatesDistroUrl), dockerRegistry, arch, domain))
					printError("Install Zipkin templates", installTemplates(c, oc, f, versionZipkin, urlJoin(mavenRepo, zipkinTemplatesDistroUrl), dockerRegistry, arch, domain))
				} else {
					printError("Ignoring the deploy of templates", nil)

				appToRun := cmd.Flags().Lookup(runFlag).Value.String()
				if len(appToRun) > 0 {
					runTemplate(c, oc, appToRun, ns, domain, apiserver)

				if typeOfMaster == util.Kubernetes {
					if useIngress {
						runTemplate(c, oc, "ingress-nginx", ns, domain, apiserver)

						printError("Create ingress resources", createIngressForDomain(ns, domain, c, f))
				} else {
					printError("Create route resources", createRoutesForDomain(ns, domain, c, oc, f))

				// lets label the namespace/project as a developer team
				nss := c.Namespaces()
				namespace, err := nss.Get(ns)
				if err != nil {
					printError("Failed to load namespace", err)
				} else {
					if addLabelIfNotxisEt(&namespace.ObjectMeta, typeLabel, teamTypeLabelValue) {
						_, err = nss.Update(namespace)
						if err != nil {
							printError("Failed to label namespace", err)
	cmd.PersistentFlags().StringP("domain", "d", defaultDomain(), "The domain name to append to the service name to access web applications")
	cmd.PersistentFlags().String("api-server", "", "overrides the api server url")
	cmd.PersistentFlags().String(archFlag, goruntime.GOARCH, "CPU architecture for referencing Docker images with this as a name suffix")
	cmd.PersistentFlags().String(versioniPaaSFlag, "latest", "The version to use for the Fabric8 iPaaS templates")
	cmd.PersistentFlags().String(versionDevOpsFlag, "latest", "The version to use for the Fabric8 DevOps templates")
	cmd.PersistentFlags().String(versionKubeflixFlag, "latest", "The version to use for the Kubeflix templates")
	cmd.PersistentFlags().String(versionZipkinFlag, "latest", "The version to use for the Zipkin templates")
	cmd.PersistentFlags().String(mavenRepoFlag, "https://repo1.maven.org/maven2/", "The maven repo used to find releases of fabric8")
	cmd.PersistentFlags().String(dockerRegistryFlag, "", "The docker registry used to download fabric8 images. Typically used to point to a staging registry")
	cmd.PersistentFlags().String(runFlag, "", "The name of the fabric8 app to startup. e.g. use `--app=cd-pipeline` to run the main CI/CD pipeline app")
	cmd.PersistentFlags().Bool(templatesFlag, true, "Should the standard Fabric8 templates be installed?")
	cmd.PersistentFlags().Bool(consoleFlag, true, "Should the Fabric8 console be deployed?")
	cmd.PersistentFlags().Bool(useIngressFlag, true, "Should Ingress be enabled by default?")
	return cmd
コード例 #29
ファイル: deploy.go プロジェクト: rhuss/gofabric8
func installTemplates(kc *k8sclient.Client, c *oclient.Client, fac *cmdutil.Factory, v string, templateUrl string, dockerRegistry string, arch string, domain string) error {
	ns, _, err := fac.DefaultNamespace()
	if err != nil {
		util.Fatal("No default namespace")
		return err
	templates := c.Templates(ns)

	util.Infof("Downloading templates for version %v\n", v)
	uri := fmt.Sprintf(templateUrl, v)
	resp, err := http.Get(uri)
	if err != nil {
		util.Fatalf("Cannot get fabric8 template to deploy: %v", err)
	defer resp.Body.Close()

	tmpFileName := "/tmp/fabric8-template-distros.tar.gz"
	t, err := os.OpenFile(tmpFileName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0777)
	if err != nil {
		return err
	defer t.Close()

	_, err = io.Copy(t, resp.Body)
	if err != nil {
		return err

	r, err := zip.OpenReader(tmpFileName)
	if err != nil {
		return err
	defer r.Close()

	typeOfMaster := util.TypeOfMaster(kc)

	for _, f := range r.File {
		mode := f.FileHeader.Mode()
		if mode.IsDir() {

		rc, err := f.Open()
		if err != nil {
			return err
		defer rc.Close()

		util.Infof("Loading template %s\n", f.Name)
		jsonData, err := ioutil.ReadAll(rc)
		if err != nil {
			util.Fatalf("Cannot get fabric8 template to deploy: %v", err)
		jsonData, err = adaptFabric8ImagesInResourceDescriptor(jsonData, dockerRegistry, arch)
		if err != nil {
			util.Fatalf("Cannot append docker registry: %v", err)
		jsonData = replaceDomain(jsonData, domain, ns, typeOfMaster)

		var v1tmpl tapiv1.Template
		err = json.Unmarshal(jsonData, &v1tmpl)
		if err != nil {
			util.Fatalf("Cannot get fabric8 template to deploy: %v", err)

		var tmpl tapi.Template

		err = api.Scheme.Convert(&v1tmpl, &tmpl)
		if err != nil {
			util.Fatalf("Cannot get fabric8 template to deploy: %v", err)
			return err

		name := tmpl.ObjectMeta.Name
		if typeOfMaster == util.Kubernetes {
			appName := name
			name = "catalog-" + appName

			// lets install ConfigMaps for the templates
			// TODO should the name have a prefix?
			configmap := api.ConfigMap{
				ObjectMeta: api.ObjectMeta{
					Name:      name,
					Namespace: ns,
					Labels: map[string]string{
						"name":     appName,
						"provider": "fabric8.io",
						"kind":     "catalog",
				Data: map[string]string{
					name + ".json": string(jsonData),
			configmaps := kc.ConfigMaps(ns)
			_, err = configmaps.Get(name)
			if err == nil {
				err = configmaps.Delete(name)
				if err != nil {
					util.Errorf("Could not delete configmap %s due to: %v\n", name, err)
			_, err = configmaps.Create(&configmap)
			if err != nil {
				util.Fatalf("Failed to create configmap %v", err)
				return err
		} else {
			// lets install the OpenShift templates
			_, err = templates.Get(name)
			if err == nil {
				err = templates.Delete(name)
				if err != nil {
					util.Errorf("Could not delete template %s due to: %v\n", name, err)
			_, err = templates.Create(&tmpl)
			if err != nil {
				util.Fatalf("Failed to create template %v", err)
				return err
	return nil
コード例 #30
ファイル: deploy.go プロジェクト: rhuss/gofabric8
func createTemplate(jsonData []byte, templateName string, ns string, domain string, apiserver string, c *k8sclient.Client) {
	var v1tmpl tapiv1.Template
	err := json.Unmarshal(jsonData, &v1tmpl)
	if err != nil {
		util.Fatalf("Cannot get %s template to deploy. error: %v\ntemplate: %s", templateName, err, string(jsonData))
	var tmpl tapi.Template

	err = api.Scheme.Convert(&v1tmpl, &tmpl)
	if err != nil {
		util.Fatalf("Cannot convert %s template to deploy: %v", templateName, err)

	generators := map[string]generator.Generator{
		"expression": generator.NewExpressionValueGenerator(rand.New(rand.NewSource(time.Now().UnixNano()))),
	p := template.NewProcessor(generators)

	tmpl.Parameters = append(tmpl.Parameters, tapi.Parameter{
		Name:  "DOMAIN",
		Value: domain,
	}, tapi.Parameter{
		Name:  "APISERVER",
		Value: apiserver,


	objectCount := len(tmpl.Objects)

	if objectCount == 0 {
		// can't be a template so lets try just process it directly
		var v1List v1.List
		err = json.Unmarshal(jsonData, &v1List)
		if err != nil {
			util.Fatalf("Cannot unmarshal List %s to deploy. error: %v\ntemplate: %s", templateName, err, string(jsonData))
		if len(v1List.Items) == 0 {
			// lets check if its an RC / ReplicaSet or something
			_, groupVersionKind, err := api.Codecs.UniversalDeserializer().Decode(jsonData, nil, nil)
			if err != nil {
				printResult(templateName, Failure, err)
			} else {
				kind := groupVersionKind.Kind
				util.Infof("Processing resource of kind: %s version: %s\n", kind, groupVersionKind.Version)
				if len(kind) <= 0 {
					printResult(templateName, Failure, fmt.Errorf("Could not find kind from json %s", string(jsonData)))
				} else {
					processResource(c, jsonData, ns, kind)
		} else {
			var kubeList api.List
			err = api.Scheme.Convert(&v1List, &kubeList)
			if err != nil {
				util.Fatalf("Cannot convert %s List to deploy: %v", templateName, err)

			util.Infof("Converted json to list with %d items with json %s\n", len(kubeList.Items), string(jsonData))

			util.Infof("Creating "+templateName+" list resources from %d objects\n", len(kubeList.Items))
			for _, o := range kubeList.Items {
				err = processItem(c, &o, ns)

	} else {
		util.Infof("Creating "+templateName+" template resources from %d objects\n", objectCount)
		for _, o := range tmpl.Objects {
			err = processItem(c, &o, ns)

	if err != nil {
		printResult(templateName, Failure, err)
	} else {
		printResult(templateName, Success, nil)