mirror of
https://github.com/lukaszraczylo/kubernetes-images-sync-operator.git
synced 2026-07-07 03:44:38 +00:00
Dummy commit.
This commit is contained in:
@@ -229,7 +229,8 @@ release-chart:
|
|||||||
cd ../helm-charts/; git add -A charts/packages; git fix; git push;
|
cd ../helm-charts/; git add -A charts/packages; git fix; git push;
|
||||||
cd ../helm-charts/charts/${CHART_NAME}; cr upload --config ../../chart-releaser.yaml --skip-existing;
|
cd ../helm-charts/charts/${CHART_NAME}; cr upload --config ../../chart-releaser.yaml --skip-existing;
|
||||||
cd ../helm-charts/charts/${CHART_NAME}; rm -fr .cr-index; mkdir .cr-index; cr index --config ../../chart-releaser.yaml; cp .cr-index/index.yaml ../../index.yaml;
|
cd ../helm-charts/charts/${CHART_NAME}; rm -fr .cr-index; mkdir .cr-index; cr index --config ../../chart-releaser.yaml; cp .cr-index/index.yaml ../../index.yaml;
|
||||||
../helm-charts; git fix; git push
|
echo "index.yaml updated"
|
||||||
|
cd ../helm-charts; git fix; git push
|
||||||
|
|
||||||
# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
|
# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
|
||||||
# $1 - target path with name of binary
|
# $1 - target path with name of binary
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# kubernetes-images-sync-operator
|
# kubernetes-images-sync-operator
|
||||||
|
|
||||||
Kubernetes operator backing up images into the local / S3 compatible storage
|
Kubernetes operator backing up images into the local / S3 compatible storage.
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
@@ -63,6 +63,10 @@ spec:
|
|||||||
maxConcurrentJobs: 1
|
maxConcurrentJobs: 1
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Worth knowing
|
||||||
|
|
||||||
|
* If you provide roleARN, you also need to set the useRole to true.
|
||||||
|
|
||||||
#### Random fluff
|
#### Random fluff
|
||||||
|
|
||||||
Copyright 2024.
|
Copyright 2024.
|
||||||
|
|||||||
+2
-2
@@ -10,9 +10,9 @@ description: |
|
|||||||
|
|
||||||
type: application
|
type: application
|
||||||
|
|
||||||
version: 0.1.11
|
version: 0.1.14
|
||||||
|
|
||||||
appVersion: "0.1.11"
|
appVersion: "0.1.14"
|
||||||
|
|
||||||
home: https://github.com/lukaszraczylo/kubernetes-images-sync-operator
|
home: https://github.com/lukaszraczylo/kubernetes-images-sync-operator
|
||||||
|
|
||||||
|
|||||||
+1
-1
@@ -11,7 +11,7 @@ cmRaczyloCom:
|
|||||||
- ALL
|
- ALL
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/lukaszraczylo/kubernetes-images-sync-operator
|
repository: ghcr.io/lukaszraczylo/kubernetes-images-sync-operator
|
||||||
tag: 0.1.11
|
tag: 0.1.14
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
|
|||||||
@@ -1,39 +1,8 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
import os
|
import os
|
||||||
import boto3
|
|
||||||
import argparse
|
import argparse
|
||||||
from botocore.exceptions import ClientError
|
from botocore.exceptions import ClientError
|
||||||
|
from s3_utils import get_s3_client, parse_s3_path, add_common_arguments, validate_args
|
||||||
def get_s3_client(use_role=False, role_name=None, aws_access_key_id=None, aws_secret_access_key=None, endpoint_url=None, region=None):
|
|
||||||
"""
|
|
||||||
Create and return an S3 client based on the provided authentication method, endpoint, and region.
|
|
||||||
"""
|
|
||||||
client_kwargs = {}
|
|
||||||
|
|
||||||
if endpoint_url:
|
|
||||||
client_kwargs['endpoint_url'] = endpoint_url
|
|
||||||
elif region:
|
|
||||||
client_kwargs['region_name'] = region
|
|
||||||
|
|
||||||
if use_role:
|
|
||||||
if role_name:
|
|
||||||
# Assume the specified role
|
|
||||||
sts_client = boto3.client('sts')
|
|
||||||
assumed_role_object = sts_client.assume_role(
|
|
||||||
RoleArn=f"arn:aws:iam::{boto3.client('sts').get_caller_identity()['Account']}:role/{role_name}",
|
|
||||||
RoleSessionName="AssumeRoleSession"
|
|
||||||
)
|
|
||||||
credentials = assumed_role_object['Credentials']
|
|
||||||
client_kwargs['aws_access_key_id'] = credentials['AccessKeyId']
|
|
||||||
client_kwargs['aws_secret_access_key'] = credentials['SecretAccessKey']
|
|
||||||
client_kwargs['aws_session_token'] = credentials['SessionToken']
|
|
||||||
return boto3.client('s3', **client_kwargs)
|
|
||||||
elif aws_access_key_id and aws_secret_access_key:
|
|
||||||
client_kwargs['aws_access_key_id'] = aws_access_key_id
|
|
||||||
client_kwargs['aws_secret_access_key'] = aws_secret_access_key
|
|
||||||
return boto3.client('s3', **client_kwargs)
|
|
||||||
else:
|
|
||||||
raise ValueError("Either use_role must be True, or both aws_access_key_id and aws_secret_access_key must be provided")
|
|
||||||
|
|
||||||
def remove_directory(destination, use_role=False, role_name=None, aws_access_key_id=None, aws_secret_access_key=None, endpoint_url=None, region=None):
|
def remove_directory(destination, use_role=False, role_name=None, aws_access_key_id=None, aws_secret_access_key=None, endpoint_url=None, region=None):
|
||||||
"""
|
"""
|
||||||
@@ -67,39 +36,13 @@ def remove_directory(destination, use_role=False, role_name=None, aws_access_key
|
|||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def parse_s3_path(s3_path):
|
|
||||||
"""
|
|
||||||
Parse an S3 path into bucket and key
|
|
||||||
"""
|
|
||||||
parts = s3_path.replace('s3://', '').split('/', 1)
|
|
||||||
bucket = parts[0]
|
|
||||||
key = parts[1] if len(parts) > 1 else ''
|
|
||||||
return bucket, key
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
parser = argparse.ArgumentParser(description="Remove a directory recursively, either local or in an S3 bucket.")
|
parser = argparse.ArgumentParser(description="Remove a directory recursively, either local or in an S3 bucket.")
|
||||||
parser.add_argument("destination", help="The directory path (local) or S3 path (e.g., 's3://bucket/prefix') to remove")
|
parser.add_argument("destination", help="The directory path (local) or S3 path (e.g., 's3://bucket/prefix') to remove")
|
||||||
parser.add_argument("--use_role", action="store_true", help="Use IAM role for authentication")
|
add_common_arguments(parser)
|
||||||
parser.add_argument("--role_name", help="The name of the IAM role to assume")
|
|
||||||
parser.add_argument("--aws_access_key_id", help="AWS access key ID")
|
|
||||||
parser.add_argument("--aws_secret_access_key", help="AWS secret access key")
|
|
||||||
parser.add_argument("--endpoint_url", help="S3-compatible endpoint URL")
|
|
||||||
parser.add_argument("--region", help="AWS region (ignored if endpoint_url is specified)")
|
|
||||||
|
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
validate_args(args, parser)
|
||||||
if args.destination.startswith('s3://'):
|
|
||||||
if args.use_role and (args.aws_access_key_id or args.aws_secret_access_key or args.endpoint_url):
|
|
||||||
parser.error("When using IAM role (--use_role), access key, secret, and endpoint URL should not be specified.")
|
|
||||||
|
|
||||||
if (args.aws_access_key_id or args.aws_secret_access_key) and not (args.aws_access_key_id and args.aws_secret_access_key):
|
|
||||||
parser.error("Both --aws_access_key_id and --aws_secret_access_key must be provided when using access key authentication.")
|
|
||||||
|
|
||||||
if not args.use_role and not (args.aws_access_key_id and args.aws_secret_access_key):
|
|
||||||
parser.error("Either --use_role or both --aws_access_key_id and --aws_secret_access_key must be provided for S3 operations.")
|
|
||||||
|
|
||||||
if args.use_role and args.role_name and (args.aws_access_key_id or args.aws_secret_access_key):
|
|
||||||
parser.error("When using a specific role (--role_name), access key and secret should not be specified.")
|
|
||||||
|
|
||||||
success = remove_directory(
|
success = remove_directory(
|
||||||
args.destination,
|
args.destination,
|
||||||
|
|||||||
@@ -1,39 +1,8 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
import os
|
import os
|
||||||
import boto3
|
|
||||||
import argparse
|
import argparse
|
||||||
from botocore.exceptions import ClientError
|
from botocore.exceptions import ClientError
|
||||||
|
from s3_utils import get_s3_client, parse_s3_path, add_common_arguments, validate_args
|
||||||
def get_s3_client(use_role=False, role_name=None, aws_access_key_id=None, aws_secret_access_key=None, endpoint_url=None, region=None):
|
|
||||||
"""
|
|
||||||
Create and return an S3 client based on the provided authentication method, endpoint, and region.
|
|
||||||
"""
|
|
||||||
client_kwargs = {}
|
|
||||||
|
|
||||||
if endpoint_url:
|
|
||||||
client_kwargs['endpoint_url'] = endpoint_url
|
|
||||||
elif region:
|
|
||||||
client_kwargs['region_name'] = region
|
|
||||||
|
|
||||||
if use_role:
|
|
||||||
if role_name:
|
|
||||||
# Assume the specified role
|
|
||||||
sts_client = boto3.client('sts')
|
|
||||||
assumed_role_object = sts_client.assume_role(
|
|
||||||
RoleArn=f"arn:aws:iam::{boto3.client('sts').get_caller_identity()['Account']}:role/{role_name}",
|
|
||||||
RoleSessionName="AssumeRoleSession"
|
|
||||||
)
|
|
||||||
credentials = assumed_role_object['Credentials']
|
|
||||||
client_kwargs['aws_access_key_id'] = credentials['AccessKeyId']
|
|
||||||
client_kwargs['aws_secret_access_key'] = credentials['SecretAccessKey']
|
|
||||||
client_kwargs['aws_session_token'] = credentials['SessionToken']
|
|
||||||
return boto3.client('s3', **client_kwargs)
|
|
||||||
elif aws_access_key_id and aws_secret_access_key:
|
|
||||||
client_kwargs['aws_access_key_id'] = aws_access_key_id
|
|
||||||
client_kwargs['aws_secret_access_key'] = aws_secret_access_key
|
|
||||||
return boto3.client('s3', **client_kwargs)
|
|
||||||
else:
|
|
||||||
raise ValueError("Either use_role must be True, or both aws_access_key_id and aws_secret_access_key must be provided")
|
|
||||||
|
|
||||||
def transfer_file(source, destination, use_role=False, role_name=None, aws_access_key_id=None, aws_secret_access_key=None, endpoint_url=None, region=None):
|
def transfer_file(source, destination, use_role=False, role_name=None, aws_access_key_id=None, aws_secret_access_key=None, endpoint_url=None, region=None):
|
||||||
"""
|
"""
|
||||||
@@ -66,40 +35,14 @@ def transfer_file(source, destination, use_role=False, role_name=None, aws_acces
|
|||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def parse_s3_path(s3_path):
|
|
||||||
"""
|
|
||||||
Parse an S3 path into bucket and key
|
|
||||||
"""
|
|
||||||
parts = s3_path.replace('s3://', '').split('/', 1)
|
|
||||||
bucket = parts[0]
|
|
||||||
key = parts[1] if len(parts) > 1 else ''
|
|
||||||
return bucket, key
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
parser = argparse.ArgumentParser(description="Transfer a file from a local source to either a local destination or an S3 bucket.")
|
parser = argparse.ArgumentParser(description="Transfer a file from a local source to either a local destination or an S3 bucket.")
|
||||||
parser.add_argument("source", help="The local source file path")
|
parser.add_argument("source", help="The local source file path")
|
||||||
parser.add_argument("destination", help="The destination file path (local) or S3 path (e.g., 's3://bucket/key')")
|
parser.add_argument("destination", help="The destination file path (local) or S3 path (e.g., 's3://bucket/key')")
|
||||||
parser.add_argument("--use_role", action="store_true", help="Use IAM role for authentication")
|
add_common_arguments(parser)
|
||||||
parser.add_argument("--role_name", help="The name of the IAM role to assume")
|
|
||||||
parser.add_argument("--aws_access_key_id", help="AWS access key ID")
|
|
||||||
parser.add_argument("--aws_secret_access_key", help="AWS secret access key")
|
|
||||||
parser.add_argument("--endpoint_url", help="S3-compatible endpoint URL")
|
|
||||||
parser.add_argument("--region", help="AWS region (ignored if endpoint_url is specified)")
|
|
||||||
|
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
validate_args(args, parser)
|
||||||
if args.destination.startswith('s3://'):
|
|
||||||
if args.use_role and (args.aws_access_key_id or args.aws_secret_access_key or args.endpoint_url):
|
|
||||||
parser.error("When using IAM role (--use_role), access key, secret, and endpoint URL should not be specified.")
|
|
||||||
|
|
||||||
if (args.aws_access_key_id or args.aws_secret_access_key) and not (args.aws_access_key_id and args.aws_secret_access_key):
|
|
||||||
parser.error("Both --aws_access_key_id and --aws_secret_access_key must be provided when using access key authentication.")
|
|
||||||
|
|
||||||
if not args.use_role and not (args.aws_access_key_id and args.aws_secret_access_key):
|
|
||||||
parser.error("Either --use_role or both --aws_access_key_id and --aws_secret_access_key must be provided for S3 transfers.")
|
|
||||||
|
|
||||||
if args.use_role and args.role_name and (args.aws_access_key_id or args.aws_secret_access_key):
|
|
||||||
parser.error("When using a specific role (--role_name), access key and secret should not be specified.")
|
|
||||||
|
|
||||||
success = transfer_file(
|
success = transfer_file(
|
||||||
args.source,
|
args.source,
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ func CreateJob[T any](params JobParams, setupFunc func(T) []string) *batchv1.Job
|
|||||||
func SetupS3Params(s3Config raczylocomv1.ClusterImageStorageS3) []string {
|
func SetupS3Params(s3Config raczylocomv1.ClusterImageStorageS3) []string {
|
||||||
params := []string{}
|
params := []string{}
|
||||||
if s3Config.UseRole {
|
if s3Config.UseRole {
|
||||||
params = append(params, "--use-role")
|
params = append(params, "--use_role")
|
||||||
} else {
|
} else {
|
||||||
params = append(params, fmt.Sprintf("--aws_access_key_id='%s'", s3Config.AccessKey))
|
params = append(params, fmt.Sprintf("--aws_access_key_id='%s'", s3Config.AccessKey))
|
||||||
params = append(params, fmt.Sprintf("--aws_secret_access_key='%s'", s3Config.SecretKey))
|
params = append(params, fmt.Sprintf("--aws_secret_access_key='%s'", s3Config.SecretKey))
|
||||||
|
|||||||
Reference in New Issue
Block a user