configgin 0.19.6 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/configgin.rb +14 -16
- data/lib/configgin/version.rb +1 -1
- data/lib/kube_link_generator.rb +6 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 76195539d5fcf090c3e5aefb6b44b33a65368b2f0269ec23aad686208aa5f1e0
|
|
4
|
+
data.tar.gz: 40938f7e9998ea730694ca03517daf3ad7e052c6899317afa5fdbf325b52dd7a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5007925f8d5690e4b18295d9fbf33bb798d3c50a77227a6157542f79ebcf9463a32c52a84dd279061c2a8de3df4a3c70b6d5a12a7e309005f8e8d52a7faedc3
|
|
7
|
+
data.tar.gz: 726e3d78b75c447e222a4c36fb12e3cb9937a4be31a03341246154c58d5d4edb9224f8a1c07017da959381219341834da4ae2081f56fe772951a8b240fed5b1e
|
data/Gemfile.lock
CHANGED
data/lib/configgin.rb
CHANGED
|
@@ -67,17 +67,16 @@ class Configgin
|
|
|
67
67
|
end
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
-
# Write exported properties to secret and
|
|
70
|
+
# Write exported properties to secret and update annotations on importing stateful sets.
|
|
71
71
|
def export_job_properties(jobs)
|
|
72
|
-
#
|
|
72
|
+
# Co-located containers don't get to export properties.
|
|
73
73
|
return unless instance_group == ENV["KUBERNETES_CONTAINER_NAME"]
|
|
74
|
-
#
|
|
74
|
+
# Jobs (errands) don't export properties.
|
|
75
75
|
return unless self_pod['metadata']['ownerReferences'][0]['kind'] == "StatefulSet"
|
|
76
76
|
|
|
77
77
|
sts = kube_client_stateful_set.get_stateful_set(instance_group, kube_namespace)
|
|
78
78
|
|
|
79
79
|
# Make sure the secret attached to the stateful set exists.
|
|
80
|
-
# XXX This should probably be done by fissile via the helm chart.
|
|
81
80
|
secret = Kubeclient::Resource.new
|
|
82
81
|
secret.metadata = {
|
|
83
82
|
name: sts.metadata.name,
|
|
@@ -100,22 +99,22 @@ class Configgin
|
|
|
100
99
|
secret = kube_client.get_secret(instance_group, kube_namespace)
|
|
101
100
|
secret.data ||= {}
|
|
102
101
|
|
|
102
|
+
# version tag changes whenever the chart version or the secrets generation changes
|
|
103
103
|
version_tag = ENV["CONFIGGIN_VERSION_TAG"]
|
|
104
104
|
new_tag = !secret.data[version_tag]
|
|
105
105
|
secret.data = {version_tag => ""} if new_tag # make sure old properties are deleted during upgrade
|
|
106
106
|
|
|
107
107
|
digests = {}
|
|
108
108
|
jobs.each do |name, job|
|
|
109
|
-
digests[name] = property_digest(job.exported_properties)
|
|
110
109
|
secret.data["skiff-exported-properties-#{name}"] = Base64.encode64(job.exported_properties.to_json)
|
|
111
|
-
|
|
112
|
-
encoded_digest = Base64.encode64(digests[name])
|
|
110
|
+
digests[name] = property_digest(job.exported_properties)
|
|
113
111
|
|
|
114
112
|
# Record initial digest values whenever the tag changes, in which case the pod startup
|
|
115
113
|
# order is already controlled by the "CONFIGGIN_IMPORT_#{role}" references to the new
|
|
116
114
|
# tags in the corresponding secrets. There is no annotation when importing this set of
|
|
117
115
|
# initial values because the helm chart doesn't include any annotations, and we don't
|
|
118
116
|
# want to trigger a pod restart by adding them.
|
|
117
|
+
encoded_digest = Base64.encode64(digests[name])
|
|
119
118
|
if new_tag
|
|
120
119
|
secret.data["skiff-initial-digest-#{name}"] = encoded_digest
|
|
121
120
|
end
|
|
@@ -123,12 +122,11 @@ class Configgin
|
|
|
123
122
|
digests[name] = nil
|
|
124
123
|
end
|
|
125
124
|
end
|
|
126
|
-
|
|
127
125
|
kube_client.update_secret(secret)
|
|
128
126
|
|
|
129
|
-
# Some pods might
|
|
130
|
-
# the
|
|
131
|
-
#
|
|
127
|
+
# Some pods might depend on the properties exported by this pod; add annotations
|
|
128
|
+
# to the template spec of the stateful sets so that the pods will be restarted if
|
|
129
|
+
# the exported values have changed from the initial values.
|
|
132
130
|
expected_annotations(@job_configs, digests).each_pair do |instance_group_name, digests|
|
|
133
131
|
# Avoid restarting our own pod
|
|
134
132
|
next if instance_group_name == instance_group
|
|
@@ -143,16 +141,17 @@ class Configgin
|
|
|
143
141
|
response = {}
|
|
144
142
|
end
|
|
145
143
|
if response['reason'] == 'NotFound'
|
|
146
|
-
# The StatefulSet can be missing if we're configured to not have an
|
|
147
|
-
# optional instance group.
|
|
144
|
+
# The StatefulSet can be missing if we're configured to not have an optional instance group.
|
|
148
145
|
warn "Skipping patch of non-existant StatefulSet #{instance_group_name}"
|
|
149
146
|
next
|
|
150
147
|
end
|
|
151
|
-
warn "Error
|
|
148
|
+
warn "Error fetching stateful set #{instance_group_name}: #{response.to_json}"
|
|
152
149
|
raise
|
|
153
150
|
end
|
|
154
151
|
end
|
|
155
152
|
|
|
153
|
+
# Update annotations to match digests for current property values. The stateful set will
|
|
154
|
+
# only restarts pods when the checksum of the pod spec changes, so no-op "updates" are ok.
|
|
156
155
|
annotations = {}
|
|
157
156
|
sts.spec.template.metadata.annotations.each_pair do |key, value|
|
|
158
157
|
annotations[key] = value
|
|
@@ -166,7 +165,6 @@ class Configgin
|
|
|
166
165
|
{ spec: { template: { metadata: { annotations: annotations } } } },
|
|
167
166
|
kube_namespace
|
|
168
167
|
)
|
|
169
|
-
warn "Patched StatefulSet #{instance_group_name} for new exported digests"
|
|
170
168
|
end
|
|
171
169
|
end
|
|
172
170
|
|
|
@@ -192,7 +190,7 @@ class Configgin
|
|
|
192
190
|
end
|
|
193
191
|
|
|
194
192
|
def kube_token
|
|
195
|
-
@kube_token ||= File.read("#{SVC_ACC_PATH}/token")
|
|
193
|
+
@kube_token ||= ENV['CONFIGGIN_SA_TOKEN'] || File.read("#{SVC_ACC_PATH}/token")
|
|
196
194
|
end
|
|
197
195
|
|
|
198
196
|
private
|
data/lib/configgin/version.rb
CHANGED
data/lib/kube_link_generator.rb
CHANGED
|
@@ -80,7 +80,12 @@ class KubeLinkSpecs
|
|
|
80
80
|
# This is done using the CONFIGGIN_IMPORT_ROLE environment variables referencing the version
|
|
81
81
|
# tag in the corresponding secret.
|
|
82
82
|
secret = client.get_secret(role_name, namespace)
|
|
83
|
-
|
|
83
|
+
begin
|
|
84
|
+
JSON.parse(Base64.decode64(secret.data["skiff-exported-properties-#{job_name}"]))
|
|
85
|
+
rescue
|
|
86
|
+
puts "Role #{role_name} is missing skiff-exported-properties-#{job_name}"
|
|
87
|
+
fail
|
|
88
|
+
end
|
|
84
89
|
end
|
|
85
90
|
|
|
86
91
|
def get_pod_instance_info(role_name, pod, job, pods_per_image)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: configgin
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.20.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- SUSE
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-11-
|
|
11
|
+
date: 2019-11-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|