configgin 0.19.6 → 0.20.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4d5a7939e1688f2736e064e5934774426b532431c4c04d96efd35d56ecc226ff
4
- data.tar.gz: 39796b6aaac3881c229140934a850c796ea14806b1a6f6b5e2e7669221f8d89e
3
+ metadata.gz: 76195539d5fcf090c3e5aefb6b44b33a65368b2f0269ec23aad686208aa5f1e0
4
+ data.tar.gz: 40938f7e9998ea730694ca03517daf3ad7e052c6899317afa5fdbf325b52dd7a
5
5
  SHA512:
6
- metadata.gz: d9f0fa9861e5d214e53e4808c0ce6ec7c6e7c9a16c8d2f49fa2287ae364e055336119f7afc7cc545dc4ec1d07b1da751c7ae28b49dd028d2faaf95a1815e50b6
7
- data.tar.gz: c63722bc02704f2eed7d980c064b6536819c4064597cae386f45824302d1b57e0376f5f4847f34f480e874238665e0978ff78d4200c827571509c7f8d608372d
6
+ metadata.gz: f5007925f8d5690e4b18295d9fbf33bb798d3c50a77227a6157542f79ebcf9463a32c52a84dd279061c2a8de3df4a3c70b6d5a12a7e309005f8e8d52a7faedc3
7
+ data.tar.gz: 726e3d78b75c447e222a4c36fb12e3cb9937a4be31a03341246154c58d5d4edb9224f8a1c07017da959381219341834da4ae2081f56fe772951a8b240fed5b1e
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- configgin (0.19.6)
4
+ configgin (0.20.0)
5
5
  bosh-template (~> 2.0)
6
6
  deep_merge (~> 1.1)
7
7
  kubeclient (~> 4.3)
data/lib/configgin.rb CHANGED
@@ -67,17 +67,16 @@ class Configgin
67
67
  end
68
68
  end
69
69
 
70
- # Write exported properties to secret and potentially restart affected pods.
70
+ # Write exported properties to secret and update annotations on importing stateful sets.
71
71
  def export_job_properties(jobs)
72
- # co-located containers don't get to export properties
72
+ # Co-located containers don't get to export properties.
73
73
  return unless instance_group == ENV["KUBERNETES_CONTAINER_NAME"]
74
- # jobs don't export properties
74
+ # Jobs (errands) don't export properties.
75
75
  return unless self_pod['metadata']['ownerReferences'][0]['kind'] == "StatefulSet"
76
76
 
77
77
  sts = kube_client_stateful_set.get_stateful_set(instance_group, kube_namespace)
78
78
 
79
79
  # Make sure the secret attached to the stateful set exists.
80
- # XXX This should probably be done by fissile via the helm chart.
81
80
  secret = Kubeclient::Resource.new
82
81
  secret.metadata = {
83
82
  name: sts.metadata.name,
@@ -100,22 +99,22 @@ class Configgin
100
99
  secret = kube_client.get_secret(instance_group, kube_namespace)
101
100
  secret.data ||= {}
102
101
 
102
+ # version tag changes whenever the chart version or the secrets generation changes
103
103
  version_tag = ENV["CONFIGGIN_VERSION_TAG"]
104
104
  new_tag = !secret.data[version_tag]
105
105
  secret.data = {version_tag => ""} if new_tag # make sure old properties are deleted during upgrade
106
106
 
107
107
  digests = {}
108
108
  jobs.each do |name, job|
109
- digests[name] = property_digest(job.exported_properties)
110
109
  secret.data["skiff-exported-properties-#{name}"] = Base64.encode64(job.exported_properties.to_json)
111
-
112
- encoded_digest = Base64.encode64(digests[name])
110
+ digests[name] = property_digest(job.exported_properties)
113
111
 
114
112
  # Record initial digest values whenever the tag changes, in which case the pod startup
115
113
  # order is already controlled by the "CONFIGGIN_IMPORT_#{role}" references to the new
116
114
  # tags in the corresponding secrets. There is no annotation when importing this set of
117
115
  # initial values because the helm chart doesn't include any annotations, and we don't
118
116
  # want to trigger a pod restart by adding them.
117
+ encoded_digest = Base64.encode64(digests[name])
119
118
  if new_tag
120
119
  secret.data["skiff-initial-digest-#{name}"] = encoded_digest
121
120
  end
@@ -123,12 +122,11 @@ class Configgin
123
122
  digests[name] = nil
124
123
  end
125
124
  end
126
-
127
125
  kube_client.update_secret(secret)
128
126
 
129
- # Some pods might have depended on the properties exported by this pod; given
130
- # the annotations expected on the pods (keyed by the instance group name),
131
- # patch the StatefulSets such that they will be restarted.
127
+ # Some pods might depend on the properties exported by this pod; add annotations
128
+ # to the template spec of the stateful sets so that the pods will be restarted if
129
+ # the exported values have changed from the initial values.
132
130
  expected_annotations(@job_configs, digests).each_pair do |instance_group_name, digests|
133
131
  # Avoid restarting our own pod
134
132
  next if instance_group_name == instance_group
@@ -143,16 +141,17 @@ class Configgin
143
141
  response = {}
144
142
  end
145
143
  if response['reason'] == 'NotFound'
146
- # The StatefulSet can be missing if we're configured to not have an
147
- # optional instance group.
144
+ # The StatefulSet can be missing if we're configured to not have an optional instance group.
148
145
  warn "Skipping patch of non-existant StatefulSet #{instance_group_name}"
149
146
  next
150
147
  end
151
- warn "Error patching #{instance_group_name}: #{response.to_json}"
148
+ warn "Error fetching stateful set #{instance_group_name}: #{response.to_json}"
152
149
  raise
153
150
  end
154
151
  end
155
152
 
153
+ # Update annotations to match digests for current property values. The stateful set will
154
+ # only restarts pods when the checksum of the pod spec changes, so no-op "updates" are ok.
156
155
  annotations = {}
157
156
  sts.spec.template.metadata.annotations.each_pair do |key, value|
158
157
  annotations[key] = value
@@ -166,7 +165,6 @@ class Configgin
166
165
  { spec: { template: { metadata: { annotations: annotations } } } },
167
166
  kube_namespace
168
167
  )
169
- warn "Patched StatefulSet #{instance_group_name} for new exported digests"
170
168
  end
171
169
  end
172
170
 
@@ -192,7 +190,7 @@ class Configgin
192
190
  end
193
191
 
194
192
  def kube_token
195
- @kube_token ||= File.read("#{SVC_ACC_PATH}/token")
193
+ @kube_token ||= ENV['CONFIGGIN_SA_TOKEN'] || File.read("#{SVC_ACC_PATH}/token")
196
194
  end
197
195
 
198
196
  private
@@ -1,3 +1,3 @@
1
1
  class Configgin
2
- VERSION = '0.19.6'.freeze
2
+ VERSION = '0.20.0'.freeze
3
3
  end
@@ -80,7 +80,12 @@ class KubeLinkSpecs
80
80
  # This is done using the CONFIGGIN_IMPORT_ROLE environment variables referencing the version
81
81
  # tag in the corresponding secret.
82
82
  secret = client.get_secret(role_name, namespace)
83
- JSON.parse(Base64.decode64(secret.data["skiff-exported-properties-#{job_name}"]))
83
+ begin
84
+ JSON.parse(Base64.decode64(secret.data["skiff-exported-properties-#{job_name}"]))
85
+ rescue
86
+ puts "Role #{role_name} is missing skiff-exported-properties-#{job_name}"
87
+ fail
88
+ end
84
89
  end
85
90
 
86
91
  def get_pod_instance_info(role_name, pod, job, pods_per_image)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: configgin
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.19.6
4
+ version: 0.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - SUSE
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-26 00:00:00.000000000 Z
11
+ date: 2019-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler