k8s-client 0.1.0

data/lib/k8s/stack.rb

@@ -0,0 +1,137 @@
+require 'securerandom'
+
+module K8s
+  # Usage: customize the LABEL and CHECKSUM_ANNOTATION
+  class Stack
+    include Logging
+
+    LABEL = 'k8s.kontena.io/stack'
+    CHECKSUM_ANNOTATION = 'k8s.kontena.io/stack-checksum'
+    PRUNE_IGNORE = [
+      'v1:ComponentStatus', # apiserver ignores GET /v1/componentstatuses?labelSelector=... and returns all resources
+      'v1:Endpoints', # inherits stack label from service, but not checksum annotation
+    ]
+
+    # @param name [String] unique name for stack
+    # @param path [String] load resources from YAML files
+    # @return [K8s::Stack]
+    def self.load(name, path, **options)
+      resources = K8s::Resource.from_files(path)
+      new(name, resources, **options)
+    end
+
+    # @param name [String] unique name for stack
+    # @param path [String] load resources from YAML files
+    # @param client [K8s::Client] apply using client
+    # @param prune [Boolean] delete old resources
+    def self.apply(name, path, client, prune: true, **options)
+      load(name, path, **options).apply(client, prune: prune)
+    end
+
+    # Remove any installed stack resources.
+    #
+    # @param name [String] unique name for stack
+    # @param client [K8s::Client] apply using client
+    def self.delete(name, client, **options)
+      new(name, **options).delete(client)
+    end
+
+    attr_reader :name, :resources
+
+    def initialize(name, resources = [], debug: false, label: LABEL, checksum_annotation: CHECKSUM_ANNOTATION)
+      @name = name
+      @resources = resources
+      @keep_resources = {}
+      @label = label
+      @checksum_annotation = checksum_annotation
+
+      logger! progname: name, debug: debug
+    end
+
+    def checksum
+      @checksum ||= SecureRandom.hex(16)
+    end
+
+    # @param resource [K8s::Resource] to apply
+    # @param base_resource [K8s::Resource] preserve existing attributes from base resource
+    # @return [K8s::Resource]
+    def prepare_resource(resource, base_resource: nil)
+      if base_resource
+        resource = base_resource.merge(resource)
+      end
+
+      # add stack metadata
+      resource.merge(metadata: {
+        labels: { @label => name },
+        annotations: { @checksum_annotation => checksum },
+      })
+    end
+
+    # @return [Array<K8s::Resource>]
+    def apply(client, prune: true)
+      server_resources = client.get_resources(resources)
+
+      resources.zip(server_resources).map do |resource, server_resource|
+        if server_resource
+          # keep server checksum for comparison
+          # NOTE: this will not compare equal for resources with arrays containing hashes with default values applied by the server
+          #       however, that will just cause extra PUTs, so it doesn't have any functional effects
+          compare_resource = server_resource.merge(resource).merge(metadata: {
+            labels: { @label => name },
+          })
+        end
+
+        if !server_resource
+          logger.info "Create resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} with checksum=#{checksum}"
+          keep_resource! client.create_resource(prepare_resource(resource))
+        elsif server_resource != compare_resource
+          logger.info "Update resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} with checksum=#{checksum}"
+          keep_resource! client.update_resource(prepare_resource(resource, base_resource: server_resource))
+        else
+          logger.info "Keep resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} with checksum=#{compare_resource.metadata.annotations[@checksum_annotation]}"
+          keep_resource! compare_resource
+        end
+      end
+
+      prune(client, keep_resources: true) if prune
+    end
+
+    # key MUST NOT include resource.apiVersion: the same kind can be aliased in different APIs
+    def keep_resource!(resource)
+      @keep_resources["#{resource.kind}:#{resource.metadata.name}@#{resource.metadata.namespace}"] = resource.metadata.annotations[@checksum_annotation]
+    end
+    def keep_resource?(resource)
+      @keep_resources["#{resource.kind}:#{resource.metadata.name}@#{resource.metadata.namespace}"] == resource.metadata.annotations[@checksum_annotation]
+    end
+
+    # Delete all stack resources that were not applied
+    def prune(client, keep_resources: )
+      client.list_resources(labelSelector: {@label => name}).each do |resource|
+        next if PRUNE_IGNORE.include? "#{resource.apiVersion}:#{resource.kind}"
+
+        resource_label = resource.metadata.labels ? resource.metadata.labels[@label] : nil
+        resource_checksum = resource.metadata.annotations ? resource.metadata.annotations[@checksum_annotation] : nil
+
+        logger.debug { "List resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} with checksum=#{resource_checksum}" }
+
+        if resource_label != name
+          # apiserver did not respect labelSelector
+        elsif keep_resources && keep_resource?(resource)
+          # resource is up-to-date
+        else
+          logger.info "Delete resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace}"
+          begin
+            client.delete_resource(resource)
+          rescue K8s::Error::NotFound
+            # assume aliased objects in multiple API groups, like for Deployments
+          end
+        end
+      end
+    end
+
+    # Delete all stack resources
+    def delete(client)
+      prune(client, keep_resources: false)
+    end
+  end
+end

data/lib/k8s/transport.rb

@@ -0,0 +1,251 @@
+require 'excon'
+require 'json'
+
+module K8s
+  class Transport
+    include Logging
+
+    quiet! # do not log warnings by default
+
+    EXCON_MIDDLEWARES = [
+      # XXX: necessary? redirected requests omit authz headers?
+      Excon::Middleware::RedirectFollower,
+    ] + Excon.defaults[:middlewares]
+
+    REQUEST_HEADERS = {
+      'Accept' => 'application/json',
+    }
+
+    # Construct transport from kubeconfig
+    #
+    # @param config [Phraos::Kube::Config]
+    # @return [K8s::Transport]
+    def self.config(config)
+      options = {}
+
+      if config.cluster.insecure_skip_tls_verify
+        logger.debug "Using config with .cluster.insecure_skip_tls_verify"
+
+        options[:ssl_verify_peer] = false
+      end
+
+      if path = config.cluster.certificate_authority
+        logger.debug "Using config with .cluster.certificate_authority"
+
+        options[:ssl_ca_file] = path
+      end
+
+      if data = config.cluster.certificate_authority_data
+        logger.debug "Using config with .cluster.certificate_authority_data"
+
+        ssl_cert_store = options[:ssl_cert_store] = OpenSSL::X509::Store.new
+        ssl_cert_store.add_cert(OpenSSL::X509::Certificate.new(Base64.decode64(data)))
+      end
+
+      if (cert = config.user.client_certificate) && (key = config.user.client_key)
+        logger.debug "Using config with .user.client_certificate/client_key"
+
+        options[:client_cert] = cert
+        options[:client_key] = key
+      end
+
+      if (cert_data = config.user.client_certificate_data) && (key_data = config.user.client_key_data)
+        logger.debug "Using config with .user.client_certificate_data/client_key_data"
+
+        options[:client_cert_data] = Base64.decode64(cert_data)
+        options[:client_key_data] = Base64.decode64(key_data)
+      end
+
+      logger.info "Using config with server=#{config.cluster.server}"
+
+      new(config.cluster.server, **options)
+    end
+
+    # In-cluster config within a kube pod, using the kubernetes service envs and serviceaccount secrets
+    #
+    # @return [K8s::Transport]
+    def self.in_cluster_config
+      host = ENV['KUBERNETES_SERVICE_HOST']
+      port = ENV['KUBERNETES_SERVICE_PORT_HTTPS']
+
+      new("https://#{host}:#{port}",
+        ssl_verify_peer: true,
+        ssl_ca_file: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
+        auth_token: File.read('/var/run/secrets/kubernetes.io/serviceaccount/token'),
+      )
+    end
+
+    attr_reader :server, :options
+
+    # @param server [String] URL with protocol://host:port - any /path is ignored
+    def initialize(server, auth_token: nil, **options)
+      @server = server
+      @auth_token = auth_token
+      @options = options
+
+      logger! progname: @server
+    end
+
+    # @return [Excon::Connection]
+    def excon
+      @excon ||= Excon.new(@server,
+        persistent: true,
+        middlewares: EXCON_MIDDLEWARES,
+        headers: REQUEST_HEADERS,
+        **@options
+      )
+    end
+
+    # @return [String]
+    def path(*path)
+      File.join('/', *path)
+    end
+
+    # @return [Hash]
+    def request_options(request_object: nil, **options)
+      options[:headers] ||= {}
+
+      if @auth_token
+        options[:headers]['Authorization'] = "Bearer #{@auth_token}"
+      end
+
+      if request_object
+        options[:headers]['Content-Type'] = 'application/json'
+        options[:body] = request_object.to_json
+      end
+
+      options
+    end
+
+    def format_request(options)
+      method = options[:method]
+      path = options[:path]
+      body = nil
+
+      if options[:query]
+        path += Excon::Utils.query_string(options)
+      end
+      if obj = options[:request_object]
+        body = "<#{obj.class.name}>"
+      end
+
+      [method, path, body].compact.join " "
+    end
+
+    # @raise [K8s::Error]
+    # @raise [Excon::Error] TODO: wrap
+    # @return [response_class, Hash]
+    def parse_response(response, request_options, response_class: nil)
+      method = request_options[:method]
+      path = request_options[:path]
+      content_type, = response.headers['Content-Type'].split(';')
+
+      case content_type
+      when 'application/json'
+        response_data = JSON.parse(response.body)
+
+      when 'text/plain'
+        response_data = response.body # XXX: broken if status 2xx
+      else
+        raise K8s::Error::API.new(method, path, response.status, "Invalid response Content-Type: #{response.headers['Content-Type']}")
+      end
+
+      if response.status.between? 200, 299
+        unless response_data.is_a? Hash
+          raise K8s::Error::API.new(method, path, response.status, "Invalid JSON response: #{response_data.inspect}")
+        end
+
+        if response_class
+          return response_class.from_json(response_data)
+        else
+          return response_data # Hash
+        end
+      else
+        error_class = K8s::Error::HTTP_STATUS_ERRORS[response.status] || K8s::Error::API
+
+        if response_data.is_a?(Hash) && response_data['kind'] == 'Status'
+          status = K8s::API::MetaV1::Status.new(response_data)
+
+          raise error_class.new(method, path, response.status, response.reason_phrase, status)
+        else
+          raise error_class.new(method, path, response.status, response.reason_phrase)
+        end
+      end
+    end
+
+    def request(response_class: nil, **options)
+      excon_options = request_options(**options)
+
+      start = Time.now
+      response = excon.request(**excon_options)
+      t = Time.now - start
+
+      obj = parse_response(response, options,
+        response_class: response_class,
+      )
+    rescue K8s::Error::API => exc
+      logger.warn { "#{format_request(options)} => HTTP #{exc.code} #{exc.reason} in #{'%.3f' % t}s"}
+      logger.debug { "Request: #{excon_options[:body]}"} if excon_options[:body]
+      logger.debug { "Response: #{response.body}"}
+      raise
+    else
+      logger.info { "#{format_request(options)} => HTTP #{response.status}: <#{obj.class}> in #{'%.3f' % t}s"}
+      logger.debug { "Request: #{excon_options[:body]}"} if excon_options[:body]
+      logger.debug { "Response: #{response.body}"}
+      return obj
+    end
+
+    # @param options [Array<Hash>]
+    # @param skip_missing [Boolean] return nil for 404
+    # @return [Array<response_class, Hash, nil>]
+    def requests(*options, response_class: nil, skip_missing: false)
+      return [] if options.empty? # excon chokes
+
+      start = Time.now
+      responses = excon.requests(
+        options.map{|options| request_options(**options)}
+      )
+      t = Time.now - start
+
+      objects = responses.zip(options).map{|response, request_options|
+        begin
+          parse_response(response, request_options,
+            response_class: request_options[:response_class] || response_class,
+          )
+        rescue K8s::Error::NotFound
+          if skip_missing
+            nil
+          else
+            raise
+          end
+        end
+      }
+    rescue K8s::Error => exc
+      logger.warn { "[#{options.map{|o| format_request(o)}.join ', '}] => HTTP #{exc.code} #{exc.reason} in #{'%.3f' % t}s"}
+      raise
+    else
+      logger.info { "[#{options.map{|o| format_request(o)}.join ', '}] => HTTP [#{responses.map{|r| r.status}.join ', '}] in #{'%.3f' % t}s" }
+      return objects
+    end
+
+    # @param *path [String]
+    def get(*path, **options)
+      request(
+        method: 'GET',
+        path: self.path(*path),
+        **options,
+      )
+    end
+
+    # @param *paths [String]
+    def gets(*paths, response_class: nil, **options)
+      requests(*paths.map{|path| {
+          method: 'GET',
+          path: self.path(path),
+          **options,
+        } },
+        response_class: response_class,
+      )
+    end
+  end
+end

metadata

@@ -0,0 +1,186 @@
+--- !ruby/object:Gem::Specification
+name: k8s-client
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Kontena, Inc.
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-08-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: excon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.62.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.62.0
+- !ruby/object:Gem::Dependency
+  name: dry-struct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: deep_merge
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+- !ruby/object:Gem::Dependency
+  name: recursive-open-struct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.4.2
+description: 
+email:
+- info@kontena.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Dockerfile
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/k8s-client
+- docker-compose.yaml
+- k8s-client.gemspec
+- lib/k8s-client.rb
+- lib/k8s/api.rb
+- lib/k8s/api/metav1.rb
+- lib/k8s/api/metav1/api_group.rb
+- lib/k8s/api/metav1/api_resource.rb
+- lib/k8s/api/metav1/list.rb
+- lib/k8s/api/metav1/object.rb
+- lib/k8s/api/metav1/status.rb
+- lib/k8s/api/version.rb
+- lib/k8s/api_client.rb
+- lib/k8s/client.rb
+- lib/k8s/client/version.rb
+- lib/k8s/config.rb
+- lib/k8s/error.rb
+- lib/k8s/logging.rb
+- lib/k8s/resource.rb
+- lib/k8s/resource_client.rb
+- lib/k8s/stack.rb
+- lib/k8s/transport.rb
+homepage: https://github.com/kontena/k8s-client
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: Kubernetes client library
+test_files: []