Skip to content
This repository has been archived by the owner on May 6, 2022. It is now read-only.

Kubectl plugin for service catalog #840

Closed

Conversation

simonleung8
Copy link
Contributor

@simonleung8 simonleung8 commented May 12, 2017

Plugin commands create-service-broker, create-service, bind-service
To use, compile the commands, and set the env var KUBECTL_PLUGINS_PATH and SERVICE_CATALOG_URL

Example:
export KUBECTL_PLUGINS_PATH=$PWD/kubernetes-incubator/service-catalog/bin
export SERVICE_CATALOG_URL={SERVICE_CATALOG_URL}

** if SERVICE_CATALOG_URL is not set, it defaults to minikube IP 192.168.99.100:30080

USAGE:

  kubectl plugin create-service-broker BROKER_NAME BROKER_URL

  kubectl plugin create-service-instance SERVICE_CLASS_NAME PLAN_NAME NAMESPACE INSTANCE_NAME

  kubectl plugin bind-service INSTANCE_NAME BINDING_NAME NAMESPACE
  *secret name defaults to the BINDING_NAME

Currently I do not intent to include unit tests for these plugins, since the kubectl plugin architecture might still be changing. However, integration test make sense and is coming soon.

Current kubectl plugin limitation:

  • Plugins must be invoked with the plugin command
  • No custom command flags allowed, kubectl global flags are allowed.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 12, 2017
@duglin
Copy link
Contributor

duglin commented May 12, 2017

VERY COOL!

On the syntax:

  • you said you can't do flags for the plugin, can you do optional args? If so, we could then add [userid] [password] to the create-service-broker
  • it should probably be: create-service-instance to avoid confusion with normal kube services
  • on bind-service I think you meant to have INSTANCE_NAME instead of SERVICE_CLASS_NAME. So bind-service INSTANCE_NAME SECRET_NAME. When we have podpreset then we'll add another parameter.
  • Can we use the global --namespace flag from kubectl instead of having people add NAMESPACE/ to the instance name?

Copy link
Contributor

@pmorie pmorie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job. I would like to see a demo of these and discuss before we merge this PR, but looks like a promising start.

@@ -0,0 +1,104 @@
package main
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume kubectl_plugins here is just a place to start hacking on this and not a statement that this code should live where it currently is in this PR.

Precedent for this type of code in kubernetes: the scheduler lives in plugin/cmd/kube-scheduler. How about plugin/cmd/kubectl/<binary-name> for these?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pmorie I have moved the plugins into the dir you have recommended plugin/cmd/kubectl/...

const USAGE = `

Usage:
kubectl plugin bind-service SERVICE_CLASS_NAME SECRET_NAME NAMESPACE/INSTANCE_NAME
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

namespace is a function of the entire binding, not just the instance name. It's preferable to use --namespace for the whole operation.

Also, this operation should not need to take the service class at all.

Suggest the following order for arguments:

bind-service INSTANCE_NAME SECRET_NAME --namespace <namespace>

Copy link
Contributor Author

@simonleung8 simonleung8 May 15, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As of right now, we are not able to leverage the global option flag --namespace. While kubectl will accept the flag, it is not being passed on the plugin. I have made "namespace" into an argument, with the intention to eventually make it into an option flag, I believe kubectl will soon expose this feature (work is being done).

Regarding your comment of binding service not needing a service class, I wasn't able to get it to work without provide the service class name. This is the error I get without one:

Error binding service instance (Binding.servicecatalog.k8s.io "ups-binding" is invalid: Spec.instanceRef.name: Invalid value: "": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'))

UPDATE: Sorry for the confusion, I see what you and @duglin meant now, I have renamed it to INSTANCE_NAME from SERVICE_CLASS_NAME

INVALID USAGE:

Usage:
kubectl plugin create-service-broker BROKER_NAME BROKER_URL
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a follow-up: We should plumb through auth somehow. We should assume basic auth will be one of many options. Basic auth is stored in a secret, so we will need to plumb through the namespace and name of the secret.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will do this in a follow up, however, since option flag is not yet available, the syntax might not be as good as we want. We could have 1 single optional argument and everything (namespace/secret..) will have to go into that argument.

const USAGE = `

Usage:
kubectl plugin create-service SERVICE_CLASS_NAME PLAN_NAME NAMESPACE/INSTANCE_NAME
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should decide whether we want create-service-instance, provision-service-instance, both, or something else.

Same comments about --namespace apply here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am going with create-service-instance for now.

See my comment above regarding --namespace

@MHBauer MHBauer self-requested a review May 12, 2017 18:41
@pmorie pmorie added this to the 1.0.0 milestone May 15, 2017
@pmorie
Copy link
Contributor

pmorie commented May 15, 2017

Added to 1.0.0 for now because I'm not sure if work is still happening on this or when we expect it to be merged, but I would like ot have this before we call service-catalog 1.0.0

@duglin
Copy link
Contributor

duglin commented May 15, 2017

what do you mean by "if" ?

@simonleung8 simonleung8 force-pushed the plugin-cmds branch 3 times, most recently from d3ed19a to 275eee9 Compare May 15, 2017 22:13
@simonleung8
Copy link
Contributor Author

Currently the secret name will default to the binding name during bind_service

@duglin duglin changed the title Kubectl plugin for service catalog - WIP WIP: Kubectl plugin for service catalog May 24, 2017
@pmorie
Copy link
Contributor

pmorie commented May 25, 2017

@simonleung8 is this still something you are working on?

@simonleung8
Copy link
Contributor Author

@pmorie Yes, it seems like folks are generally ok with the direction this is going, I am going to finish refining the code and the UX.

Copy link
Contributor

@arschles arschles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simonleung8 looks like a good start. I made 1 small comment, and also I don't think that the binary should be checked in.

func CheckNamespaceExists(name, proxyURL string) error {
resp, err := http.Get(fmt.Sprintf("%s/api/v1/namespaces/%s", proxyURL, name))
if err != nil {
fmt.Errorf("Error looking up namespace from core api server (%s)", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this needs a return before the fmt.Errorf

@simonleung8 simonleung8 force-pushed the plugin-cmds branch 2 times, most recently from 6282d90 to 9838341 Compare June 5, 2017 18:48
@simonleung8
Copy link
Contributor Author

@arschles Thanks, cleaned up the code

@simonleung8 simonleung8 force-pushed the plugin-cmds branch 2 times, most recently from 6e2eb13 to ec1f5b6 Compare June 5, 2017 18:53
@simonleung8 simonleung8 changed the title WIP: Kubectl plugin for service catalog Kubectl plugin for service catalog Jun 5, 2017
proxyURL := "http://127.0.0.1"
proxyPort := "8881"

kubeProxy := exec.Command("kubectl", "proxy", "-p", proxyPort)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here you can use the KUBECTL_PLUGINS_CALLER env var, which will give you the full path to the kubectl binary.

import "fmt"

func Green(str string) string {
return fmt.Sprintf("\x1b[32;1m%s\x1b[0m", str)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that these aren't supported and will look bad on most Windows terminals. One of the major reasons we didn't add broader support to colors in kubectl yet. If you absolutely want them, I suggest using a library like this one.

)

const USAGE = `Usage:
kubectl plugin bind-service INSTANCE_NAME BINDING_NAME NAMESPACE`

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The NAMESPACE you want here is not the global --namespace flag but one specific to this command, correct?

Just mentioning because you can find the value from the global flag in the KUBECTL_PLUGINS_GLOBAL_FLAG_NAMESPACE and there's also KUBECTL_PLUGINS_CURRENT_NAMESPACE which will given the "namespace in use" concept (the one coming from the kubeconfig, or overriden by the --namespace flag, etc).

@fabianofranz
Copy link

I know we're still lacking docs for kubectl plugins, but I added a couple comments here. Hope it helps. ;)

@simonleung8
Copy link
Contributor Author

@fabianofranz Thanks, good info!

@fabianofranz
Copy link

Full flags support in plugins + API proxy are PR'ed:

kubernetes/kubernetes#47151
kubernetes/kubernetes#47267

@MHBauer
Copy link
Contributor

MHBauer commented Aug 9, 2017

rebased to bring the 1.7 rebase into scope.

@fabianofranz
Copy link

kubernetes/kubernetes#47267 flags support is merged.
kubernetes/kubernetes#47151 API proxy not merged and not getting broader acception given security concerns. Most likely plugins will not have a proxy mechanism and/or have token env vars set, and will have to deal with accessing the API themselves.

So I'd like to submit a few adjustments here to reflect the current status of plugins. Should I do it by adding commits to this PR, or let's move on to get this merged and I open a separate one after that?

@MHBauer
Copy link
Contributor

MHBauer commented Aug 10, 2017

@fabianofranz I have not tested this one yet myself, adding commits is fine by me if you know what we shoudl be doing.

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Sep 1, 2017
@MorganBauer
Copy link

rebased on the names stuff. still builds and runs nice.

@MHBauer
Copy link
Contributor

MHBauer commented Sep 20, 2017

rebasing on the new api changes.

@MHBauer
Copy link
Contributor

MHBauer commented Oct 24, 2017

more work was done on the side in simonleung8#1

I have a simple reconciliation and proposal to PR soon.

@n3wscott
Copy link
Contributor

Out of date, can be closed or still wanted?

@duglin
Copy link
Contributor

duglin commented Nov 13, 2017

@jberkhahn is still doing stuff, but perhaps its moved to a new PR. Jonathan?

@pmorie
Copy link
Contributor

pmorie commented Jan 4, 2018

@jberkhahn can we close this PR now that #1621 is open?

@pmorie
Copy link
Contributor

pmorie commented Jan 20, 2018

Okay, I think we can def close this one now that #1664 is merged.

@pmorie pmorie closed this Jan 20, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants