configgin 0.19.6 → 0.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/configgin.rb +14 -16
- data/lib/configgin/version.rb +1 -1
- data/lib/kube_link_generator.rb +6 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 76195539d5fcf090c3e5aefb6b44b33a65368b2f0269ec23aad686208aa5f1e0
|
|
4
|
+
data.tar.gz: 40938f7e9998ea730694ca03517daf3ad7e052c6899317afa5fdbf325b52dd7a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5007925f8d5690e4b18295d9fbf33bb798d3c50a77227a6157542f79ebcf9463a32c52a84dd279061c2a8de3df4a3c70b6d5a12a7e309005f8e8d52a7faedc3
|
|
7
|
+
data.tar.gz: 726e3d78b75c447e222a4c36fb12e3cb9937a4be31a03341246154c58d5d4edb9224f8a1c07017da959381219341834da4ae2081f56fe772951a8b240fed5b1e
|
data/Gemfile.lock
CHANGED
data/lib/configgin.rb
CHANGED
|
@@ -67,17 +67,16 @@ class Configgin
|
|
|
67
67
|
end
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
-
# Write exported properties to secret and
|
|
70
|
+
# Write exported properties to secret and update annotations on importing stateful sets.
|
|
71
71
|
def export_job_properties(jobs)
|
|
72
|
-
#
|
|
72
|
+
# Co-located containers don't get to export properties.
|
|
73
73
|
return unless instance_group == ENV["KUBERNETES_CONTAINER_NAME"]
|
|
74
|
-
#
|
|
74
|
+
# Jobs (errands) don't export properties.
|
|
75
75
|
return unless self_pod['metadata']['ownerReferences'][0]['kind'] == "StatefulSet"
|
|
76
76
|
|
|
77
77
|
sts = kube_client_stateful_set.get_stateful_set(instance_group, kube_namespace)
|
|
78
78
|
|
|
79
79
|
# Make sure the secret attached to the stateful set exists.
|
|
80
|
-
# XXX This should probably be done by fissile via the helm chart.
|
|
81
80
|
secret = Kubeclient::Resource.new
|
|
82
81
|
secret.metadata = {
|
|
83
82
|
name: sts.metadata.name,
|
|
@@ -100,22 +99,22 @@ class Configgin
|
|
|
100
99
|
secret = kube_client.get_secret(instance_group, kube_namespace)
|
|
101
100
|
secret.data ||= {}
|
|
102
101
|
|
|
102
|
+
# version tag changes whenever the chart version or the secrets generation changes
|
|
103
103
|
version_tag = ENV["CONFIGGIN_VERSION_TAG"]
|
|
104
104
|
new_tag = !secret.data[version_tag]
|
|
105
105
|
secret.data = {version_tag => ""} if new_tag # make sure old properties are deleted during upgrade
|
|
106
106
|
|
|
107
107
|
digests = {}
|
|
108
108
|
jobs.each do |name, job|
|
|
109
|
-
digests[name] = property_digest(job.exported_properties)
|
|
110
109
|
secret.data["skiff-exported-properties-#{name}"] = Base64.encode64(job.exported_properties.to_json)
|
|
111
|
-
|
|
112
|
-
encoded_digest = Base64.encode64(digests[name])
|
|
110
|
+
digests[name] = property_digest(job.exported_properties)
|
|
113
111
|
|
|
114
112
|
# Record initial digest values whenever the tag changes, in which case the pod startup
|
|
115
113
|
# order is already controlled by the "CONFIGGIN_IMPORT_#{role}" references to the new
|
|
116
114
|
# tags in the corresponding secrets. There is no annotation when importing this set of
|
|
117
115
|
# initial values because the helm chart doesn't include any annotations, and we don't
|
|
118
116
|
# want to trigger a pod restart by adding them.
|
|
117
|
+
encoded_digest = Base64.encode64(digests[name])
|
|
119
118
|
if new_tag
|
|
120
119
|
secret.data["skiff-initial-digest-#{name}"] = encoded_digest
|
|
121
120
|
end
|
|
@@ -123,12 +122,11 @@ class Configgin
|
|
|
123
122
|
digests[name] = nil
|
|
124
123
|
end
|
|
125
124
|
end
|
|
126
|
-
|
|
127
125
|
kube_client.update_secret(secret)
|
|
128
126
|
|
|
129
|
-
# Some pods might
|
|
130
|
-
# the
|
|
131
|
-
#
|
|
127
|
+
# Some pods might depend on the properties exported by this pod; add annotations
|
|
128
|
+
# to the template spec of the stateful sets so that the pods will be restarted if
|
|
129
|
+
# the exported values have changed from the initial values.
|
|
132
130
|
expected_annotations(@job_configs, digests).each_pair do |instance_group_name, digests|
|
|
133
131
|
# Avoid restarting our own pod
|
|
134
132
|
next if instance_group_name == instance_group
|
|
@@ -143,16 +141,17 @@ class Configgin
|
|
|
143
141
|
response = {}
|
|
144
142
|
end
|
|
145
143
|
if response['reason'] == 'NotFound'
|
|
146
|
-
# The StatefulSet can be missing if we're configured to not have an
|
|
147
|
-
# optional instance group.
|
|
144
|
+
# The StatefulSet can be missing if we're configured to not have an optional instance group.
|
|
148
145
|
warn "Skipping patch of non-existant StatefulSet #{instance_group_name}"
|
|
149
146
|
next
|
|
150
147
|
end
|
|
151
|
-
warn "Error
|
|
148
|
+
warn "Error fetching stateful set #{instance_group_name}: #{response.to_json}"
|
|
152
149
|
raise
|
|
153
150
|
end
|
|
154
151
|
end
|
|
155
152
|
|
|
153
|
+
# Update annotations to match digests for current property values. The stateful set will
|
|
154
|
+
# only restarts pods when the checksum of the pod spec changes, so no-op "updates" are ok.
|
|
156
155
|
annotations = {}
|
|
157
156
|
sts.spec.template.metadata.annotations.each_pair do |key, value|
|
|
158
157
|
annotations[key] = value
|
|
@@ -166,7 +165,6 @@ class Configgin
|
|
|
166
165
|
{ spec: { template: { metadata: { annotations: annotations } } } },
|
|
167
166
|
kube_namespace
|
|
168
167
|
)
|
|
169
|
-
warn "Patched StatefulSet #{instance_group_name} for new exported digests"
|
|
170
168
|
end
|
|
171
169
|
end
|
|
172
170
|
|
|
@@ -192,7 +190,7 @@ class Configgin
|
|
|
192
190
|
end
|
|
193
191
|
|
|
194
192
|
def kube_token
|
|
195
|
-
@kube_token ||= File.read("#{SVC_ACC_PATH}/token")
|
|
193
|
+
@kube_token ||= ENV['CONFIGGIN_SA_TOKEN'] || File.read("#{SVC_ACC_PATH}/token")
|
|
196
194
|
end
|
|
197
195
|
|
|
198
196
|
private
|
data/lib/configgin/version.rb
CHANGED
data/lib/kube_link_generator.rb
CHANGED
|
@@ -80,7 +80,12 @@ class KubeLinkSpecs
|
|
|
80
80
|
# This is done using the CONFIGGIN_IMPORT_ROLE environment variables referencing the version
|
|
81
81
|
# tag in the corresponding secret.
|
|
82
82
|
secret = client.get_secret(role_name, namespace)
|
|
83
|
-
|
|
83
|
+
begin
|
|
84
|
+
JSON.parse(Base64.decode64(secret.data["skiff-exported-properties-#{job_name}"]))
|
|
85
|
+
rescue
|
|
86
|
+
puts "Role #{role_name} is missing skiff-exported-properties-#{job_name}"
|
|
87
|
+
fail
|
|
88
|
+
end
|
|
84
89
|
end
|
|
85
90
|
|
|
86
91
|
def get_pod_instance_info(role_name, pod, job, pods_per_image)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: configgin
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.20.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- SUSE
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-11-
|
|
11
|
+
date: 2019-11-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|