python - GCP云功能-在路径上找不到kubectl

Question

我正在编写此Google Cloud Function(Python)

def create_kubeconfig(request):
    subprocess.check_output("curl https://sdk.cloud.google.com | bash | echo "" ",stdin=subprocess.PIPE, shell=True )
    os.system("./google-cloud-sdk/install.sh")
    os.system("gcloud init")
    os.system("curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl")

    os.system("gcloud container clusters get-credentials **cluster name** --zone us-west2-a --project **project name**")
    os.system("gcloud container clusters get-credentials **cluster name** --zone us-west2-a --project **project name**")
    conf = KubeConfig()
    conf.use_context('**cluster name**')

当我运行代码时，它给了我错误
'无效的kube-config文件。 'kubernetes.config.config_exception.ConfigException:无效的kube-config文件。找不到配置。

请帮我解决

Answer 1

您必须以编程方式访问K8S API。您具有API in the documentation的说明

但是执行起来并不容易。但是，此处提供了一些用于实现所需功能的输入。

首先，获取GKE主IP


然后，您可以轻松访问集群。在这里阅读部署

    import google.auth
    from google.auth.transport import requests
    credentials, project_id = google.auth.default()
    session = requests.AuthorizedSession(credentials)
    response = session.get('https://34.76.28.194/apis/apps/v1/namespaces/default/deployments', verify=False)
    response.raise_for_status()
    print(response.json())

要创建一个，您可以执行此操作

    import google.auth
    from google.auth.transport import requests
    credentials, project_id = google.auth.default()
    session = requests.AuthorizedSession(credentials)
    with open("deployment.yaml", "r") as f:
        data = f.read()
    response = session.post('https://34.76.28.194/apis/apps/v1/namespaces/default/deployments', data=data,
                            headers={'content-type': 'application/yaml'}, verify=False)
    response.raise_for_status()
    print(response.json())

根据要构建的对象，您必须使用正确的文件定义和正确的API端点。我不知道仅在一个API调用中应用带有多个定义的整个 yaml的方法。

最后，请务必将 correct GKE roles提供给Cloud Function服务帐户

更新

另一个解决方案是使用Cloud Run。确实，有了Cloud Run并借助Container功能，您就可以安装和调用系统进程(它是完全开放的，因为 your container runs into a GVisor sandbox，但是允许大多数常用用法)

想法如下:使用gcloud SDK基础镜像并在其上部署应用程序。然后，对您的应用进行编码以执行系统调用。

这是Go中的一个工作示例

Docker文件

FROM golang:1.13 as builder

# Copy local code to the container image.
WORKDIR /app/
COPY go.mod .
ENV GO111MODULE=on
RUN go mod download

COPY . .

# Perform test for building a clean package
RUN go test -v ./...
RUN CGO_ENABLED=0 GOOS=linux go build -v -o server

# Gcloud capable image
FROM google/cloud-sdk

COPY --from=builder /app/server /server
CMD ["/server"]

注意:图像云SDK图像较重:700Mb

内容示例(仅是幸福的路径。我删除了错误管理，并删除了stderr / stdout反馈以简化代码)

    .......
// Example here: recover the yaml file into a bucket
    client,_ := storage.NewClient(ctx)
    reader,_ := client.Bucket("my_bucket").Object("deployment.yaml").NewReader(ctx)
    content,_:= ioutil.ReadAll(reader)
// You can store locally the file into /tmp directory. It's an in-memory file system. Don't forget to purge it to avoid any out of memory crash
    ioutil.WriteFile("/tmp/file.yaml",content, 0644)
// Execute external command
// 1st Recover the kube authentication
    exec.Command("gcloud","container","clusters","get-credentials","cluster-1","--zone=us-central1-c").Run()
// Then interact with the cluster with kubectl tools and simply apply your description file
    exec.Command("kubectl","apply", "-f","/tmp/file.yaml").Run()
    .......