Allow KubectlBuildWrapper to work when k8s API server is behind firewall #599
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Wilkhu90
commented
Sep 19, 2019
Wilkhu90
commented
- Adding changes to accommodate to situation when k8s API server is behind firewall.
- This will run kubectl commands using proxy when the value is set and ignore it otherwise.
…is behind firewall
jglick
changed the title
Vlatombe
reviewed
Sep 25, 2019
src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.java
Outdated
Show resolved
Hide resolved
| int status = launcher.launch() | ||
| .cmdAsSingleString("kubectl config --kubeconfig=\"" + configFile.getRemote() | ||
| .cmdAsSingleString(kubectlBegin + configFile.getRemote() |
There was a problem hiding this comment.
Use launcher.launch().envs("HTTPS_PROXY="+this.https_proxy).cmdAsSingleString... (possibly refactor it to a method to avoid repeating it)
There was a problem hiding this comment.
I'll see if this way works in my environment and make the change.
src/main/java/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud.java
Outdated
Show resolved
Hide resolved
src/main/resources/org/csanchez/jenkins/plugins/kubernetes/KubernetesCloud/config.jelly
Outdated
Show resolved
Hide resolved
Vlatombe
reviewed
Oct 4, 2019
| @@ -113,8 +120,10 @@ public void setUp(Context context, Run<?, ?> build, FilePath workspace, Launcher | |||
| tlsConfig = " --insecure-skip-tls-verify=true"; | |||
| } | |||
|
|
|||
| int status = launcher.launch() | |||
| .cmdAsSingleString("kubectl config --kubeconfig=\"" + configFile.getRemote() | |||
| kubectlBegin += "kubectl config --kubeconfig=\""; | |||
There was a problem hiding this comment.
Can you inline it so that the diff is minimal?
| .cmdAsSingleString("kubectl config --kubeconfig=\"" + configFile.getRemote() | ||
| kubectlBegin += "kubectl config --kubeconfig=\""; | ||
|
|
||
| int status = launcher.launch().envs("HTTPS_PROXY="+this.httpsProxy) |
There was a problem hiding this comment.
Refactor launcher.launch().envs("HTTPS_PROXY="+this.httpsProxy) to a method to remove duplicates. Also, it should handle null httpsProxy.
| @@ -171,6 +173,11 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove | |||
| builder = builder.withRequestTimeout(readTimeout * 1000).withConnectionTimeout(connectTimeout * 1000); | |||
| builder.withMaxConcurrentRequestsPerHost(maxRequestsPerHost); | |||
|
|
|||
| if(httpsProxy != null && !httpsProxy.isEmpty()) { | |||
| LOGGER.info("Https Proxy used is " + httpsProxy); | |||
There was a problem hiding this comment.
Use level fine or even remove it (this is trivial)
| @@ -97,6 +98,7 @@ public KubernetesFactoryAdapter(String serviceAddress, String namespace, @CheckF | |||
| this.connectTimeout = connectTimeout; | |||
| this.readTimeout = readTimeout; | |||
| this.maxRequestsPerHost = maxRequestsPerHost; | |||
| this.httpsProxy = httpsProxy != null && !httpsProxy.isEmpty() ? httpsProxy : null; | |||
There was a problem hiding this comment.
Let KubernetesCloud do the validation
|
|
||
| @DataBoundSetter | ||
| public void setHttpsProxy(@Nonnull String httpsProxy) { | ||
| this.httpsProxy = httpsProxy; |
There was a problem hiding this comment.
Suggested change
| this.httpsProxy = httpsProxy; | |
| this.httpsProxy = Util.fixEmpty(httpsProxy); |
| @QueryParameter int connectionTimeout, | ||
| @QueryParameter int readTimeout) throws Exception { | ||
| Jenkins.get().checkPermission(Jenkins.ADMINISTER); | ||
|
|
||
| if (StringUtils.isBlank(name)) | ||
| return FormValidation.error("name is required"); | ||
|
|
||
| try (KubernetesClient client = new KubernetesFactoryAdapter(serverUrl, namespace, | ||
| try (KubernetesClient client = new KubernetesFactoryAdapter(serverUrl, httpsProxy, namespace, |
There was a problem hiding this comment.
Suggested change
| try (KubernetesClient client = new KubernetesFactoryAdapter(serverUrl, httpsProxy, namespace, | |
| try (KubernetesClient client = new KubernetesFactoryAdapter(serverUrl, Util.fixEmpty(httpsProxy), namespace, |
| @@ -171,6 +173,11 @@ public KubernetesClient createClient() throws NoSuchAlgorithmException, Unrecove | |||
| builder = builder.withRequestTimeout(readTimeout * 1000).withConnectionTimeout(connectTimeout * 1000); | |||
| builder.withMaxConcurrentRequestsPerHost(maxRequestsPerHost); | |||
|
|
|||
| if(httpsProxy != null && !httpsProxy.isEmpty()) { | |||
There was a problem hiding this comment.
Suggested change
| if(httpsProxy != null && !httpsProxy.isEmpty()) { | |
| if(httpsProxy != null) { |
It's already checked above
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.