configgin 0.18.8 → 0.19.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Gemfile.lock +1 -1
- data/lib/configgin.rb +35 -14
- data/lib/configgin/version.rb +1 -1
- data/lib/kube_link_generator.rb +36 -13
- data/update-stemcell.sh +5 -4
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 7afff002f44ef79e750661a23265886a989243c3
|
4
|
+
data.tar.gz: 9b9c28a4869c3d35b9ff0bb029a11f2f40aac885
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8883388252e21304d58e981bd14119b1f6944ab111ed5ed43b1bf1d8733c05199fc7eb3ea31faaeff590362cf64e1fe3ee03584aa294c71b0256b0e98727662d
|
7
|
+
data.tar.gz: 8f5fc2c019b7c4d1429c41cc95e2d2dac09b688b24803538b4d8c4cb09e5e87c732f2e6ecfcad98c71db3a67412d72178bb354c0a8aa4722855cecc89e2ea4dc
|
data/Gemfile.lock
CHANGED
data/lib/configgin.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'base64'
|
1
2
|
require 'json'
|
2
3
|
|
3
4
|
require_relative 'cli'
|
@@ -59,23 +60,43 @@ class Configgin
|
|
59
60
|
|
60
61
|
# Set the exported properties and their digests, and return the digests.
|
61
62
|
def patch_job_metadata(jobs)
|
63
|
+
pod = kube_client.get_pod(@self_name, kube_namespace)
|
64
|
+
|
65
|
+
secret = Kubeclient::Resource.new
|
66
|
+
secret.metadata = {}
|
67
|
+
# Prefixing with pod.metadata.name is purely for human convenience/debugging.
|
68
|
+
secret.metadata.name = "#{pod.metadata.name}-#{pod.metadata.uid}"
|
69
|
+
secret.metadata.namespace = kube_namespace
|
70
|
+
|
71
|
+
# Make sure the secret gets removed when the pod is deleted.
|
72
|
+
secret.metadata.ownerReferences = [
|
73
|
+
{
|
74
|
+
apiVersion: pod.apiVersion,
|
75
|
+
blockOwnerDeletion: false,
|
76
|
+
controller: false,
|
77
|
+
kind: pod.kind,
|
78
|
+
name: pod.metadata.name,
|
79
|
+
uid: pod.metadata.uid,
|
80
|
+
}
|
81
|
+
]
|
82
|
+
|
83
|
+
secret.data = {}
|
62
84
|
digests = {}
|
63
85
|
jobs.each do |name, job|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
{
|
68
|
-
metadata: {
|
69
|
-
annotations: {
|
70
|
-
:"skiff-exported-properties-#{name}" => job.exported_properties.to_json,
|
71
|
-
:"skiff-exported-digest-#{name}" => digest
|
72
|
-
}
|
73
|
-
}
|
74
|
-
},
|
75
|
-
kube_namespace
|
76
|
-
)
|
77
|
-
digests[name] = digest
|
86
|
+
digests[name] = property_digest(job.exported_properties)
|
87
|
+
secret.data["skiff-exported-properties-#{name}"] = Base64.encode64(job.exported_properties.to_json)
|
88
|
+
secret.data["skiff-exported-digest-#{name}"] = Base64.encode64(digests[name])
|
78
89
|
end
|
90
|
+
|
91
|
+
# Only the main container gets to export properties; colocated sidecars don't.
|
92
|
+
if instance_group == ENV["KUBERNETES_CONTAINER_NAME"]
|
93
|
+
begin
|
94
|
+
kube_client.delete_secret(secret.metadata.name, kube_namespace)
|
95
|
+
rescue
|
96
|
+
end
|
97
|
+
kube_client.create_secret(secret)
|
98
|
+
end
|
99
|
+
|
79
100
|
digests
|
80
101
|
end
|
81
102
|
|
data/lib/configgin/version.rb
CHANGED
data/lib/kube_link_generator.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'base64'
|
1
2
|
require 'digest/sha1'
|
2
3
|
require 'kubeclient'
|
3
4
|
require 'uri'
|
@@ -63,10 +64,13 @@ class KubeLinkSpecs
|
|
63
64
|
pods = _get_pods_for_role(role_name, sts_image)
|
64
65
|
good_pods = pods.select do |pod|
|
65
66
|
next false unless pod.status.podIP
|
66
|
-
|
67
|
+
begin
|
68
|
+
secret = client.get_secret("#{pod.metadata.name}-#{pod.metadata.uid}", namespace)
|
69
|
+
next true if secret.data["skiff-exported-properties-#{job}"]
|
67
70
|
|
68
|
-
|
69
|
-
|
71
|
+
rescue
|
72
|
+
pod.metadata.annotations["skiff-exported-properties-#{job}"]
|
73
|
+
end
|
70
74
|
end
|
71
75
|
|
72
76
|
if options[:wait_for_all]
|
@@ -82,21 +86,40 @@ class KubeLinkSpecs
|
|
82
86
|
end
|
83
87
|
end
|
84
88
|
|
89
|
+
def patch_pod_with_imported_properties(role_name, job_name, digest)
|
90
|
+
client.patch_pod(
|
91
|
+
ENV['HOSTNAME'],
|
92
|
+
{ metadata: { annotations: { :"skiff-in-props-#{role_name}-#{job_name}" => digest } } },
|
93
|
+
namespace
|
94
|
+
)
|
95
|
+
end
|
96
|
+
|
85
97
|
def get_exported_properties(role_name, pod, job_name)
|
86
|
-
|
98
|
+
# Exported properties are stored in a secret linked to the pod by naming convention.
|
99
|
+
begin
|
100
|
+
secret = client.get_secret("#{pod.metadata.name}-#{pod.metadata.uid}", namespace)
|
101
|
+
rescue
|
102
|
+
end
|
103
|
+
|
104
|
+
if !secret.nil?
|
105
|
+
digest = secret.data["skiff-exported-digest-#{job_name}"]
|
106
|
+
# digest not being set only happens during the spec tests???
|
107
|
+
if digest
|
108
|
+
# Copy the digest over, so that if the source role changes we can be restarted.
|
109
|
+
patch_pod_with_imported_properties(role_name, job_name, Base64.decode64(digest))
|
110
|
+
end
|
111
|
+
JSON.parse(Base64.decode64(secret.data["skiff-exported-properties-#{job_name}"]))
|
112
|
+
|
113
|
+
# Older implementation stored exported properties in annotations (one per job).
|
114
|
+
elsif pod.metadata.annotations["skiff-exported-properties-#{job_name}"]
|
115
|
+
# digest not being set only happens during the spec tests???
|
87
116
|
if pod.metadata.annotations["skiff-exported-digest-#{job_name}"]
|
88
|
-
# Copy the digest over, so that if the source role changes we can be
|
89
|
-
# restarted.
|
117
|
+
# Copy the digest over, so that if the source role changes we can be restarted.
|
90
118
|
digest = pod.metadata.annotations["skiff-exported-digest-#{job_name}"]
|
91
|
-
|
92
|
-
ENV['HOSTNAME'],
|
93
|
-
{ metadata: { annotations: { :"skiff-in-props-#{role_name}-#{job_name}" => digest } } },
|
94
|
-
namespace
|
95
|
-
)
|
119
|
+
patch_pod_with_imported_properties(role_name, job_name, digest)
|
96
120
|
end
|
97
121
|
JSON.parse(pod.metadata.annotations["skiff-exported-properties-#{job_name}"])
|
98
|
-
|
99
|
-
JSON.parse(pod.metadata.annotations['skiff-exported-properties'])[job_name]
|
122
|
+
|
100
123
|
else
|
101
124
|
{}
|
102
125
|
end
|
data/update-stemcell.sh
CHANGED
@@ -11,7 +11,8 @@
|
|
11
11
|
|
12
12
|
set -o errexit -o nounset
|
13
13
|
|
14
|
-
|
14
|
+
: "${HELM:=helm}"
|
15
|
+
: "${REPO:=../scf}"
|
15
16
|
|
16
17
|
REPO="$( cd "${REPO}" && echo "${PWD}" )"
|
17
18
|
IMAGE="$( cd "${REPO}" && source .envrc && echo "${FISSILE_STEMCELL}" )"
|
@@ -42,9 +43,9 @@ vagrant_ready=""
|
|
42
43
|
if test -z "${NO_RUN:-}" ; then
|
43
44
|
if ( cd "${REPO}" && (vagrant status 2>/dev/null | grep --quiet running) ) ; then
|
44
45
|
vagrant_ready="true"
|
45
|
-
releases=$(
|
46
|
+
releases=$("${HELM}" list --short)
|
46
47
|
if test -n "${releases}" ; then
|
47
|
-
|
48
|
+
"${HELM}" delete --purge ${releases}
|
48
49
|
fi
|
49
50
|
kubectl delete ns cf ||:
|
50
51
|
kubectl delete ns uaa ||:
|
@@ -100,7 +101,7 @@ vagrant ssh -- -tt <<EOF
|
|
100
101
|
sleep 1
|
101
102
|
done
|
102
103
|
docker images --format={{.Repository}}:{{.Tag}} | \
|
103
|
-
grep -E '/scf-|role-packages' | \
|
104
|
+
grep -E '/scf-|uaa-|role-packages' | \
|
104
105
|
xargs --no-run-if-empty docker rmi -f
|
105
106
|
docker images | \
|
106
107
|
awk '/<none>/ { print \$3 }' | \
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: configgin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.19.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- SUSE
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-10-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -182,7 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
182
182
|
version: '0'
|
183
183
|
requirements: []
|
184
184
|
rubyforge_project:
|
185
|
-
rubygems_version: 2.
|
185
|
+
rubygems_version: 2.6.13
|
186
186
|
signing_key:
|
187
187
|
specification_version: 4
|
188
188
|
summary: A simple cli app in Ruby to generate configurations using BOSH ERB templates
|