k8s-ruby2 0.10.6

data/lib/k8s/resource.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+require 'recursive-open-struct'
+require 'hashdiff'
+require 'forwardable'
+require 'yaml/safe_load_stream'
+
+module K8s
+  # generic untyped resource
+  class Resource < RecursiveOpenStruct
+    extend Forwardable
+    include Comparable
+
+    using YAMLSafeLoadStream
+    using K8s::Util::HashDeepMerge
+
+    # @param data [String]
+    # @return [self]
+    def self.from_json(data)
+      new(Yajl::Parser.parse(data))
+    end
+
+    # @param filename [String] file path
+    # @return [K8s::Resource]
+    def self.from_file(filename)
+      new(YAML.safe_load(File.read(filename), [], [], true, filename))
+    end
+
+    # @param path [String] file path
+    # @return [Array<K8s::Resource>]
+    def self.from_files(path)
+      stat = File.stat(path)
+
+      if stat.directory?
+        # recurse
+        Dir.glob("#{path}/*.{yml,yaml}").sort.map { |dir| from_files(dir) }.flatten
+      else
+        YAML.safe_load_stream(File.read(path), path).map{ |doc| new(doc) }
+      end
+    end
+
+    # @param hash [Hash]
+    # @param recurse_over_arrays [Boolean]
+    # @param options [Hash] see RecursiveOpenStruct#initialize
+    def initialize(hash, options = {}, **kwargs)
+      options_with_defaults = { recurse_over_arrays: true }.merge(options).merge(kwargs)
+      super(hash, options_with_defaults)
+    end
+
+    # @param options [Hash] see Hash#to_json
+    # @return [String]
+    def to_json(**options)
+      to_hash.to_json(**options)
+    end
+
+    # @param other [K8s::Resource]
+    # @return [Boolean]
+    def <=>(other)
+      to_hash <=> other.to_hash
+    end
+
+    # merge in fields
+    #
+    # @param attrs [Hash, K8s::Resource]
+    # @return [K8s::Resource]
+    def merge(attrs)
+      # deep clone of attrs
+      h = to_hash
+
+      # merge in-place
+      h.deep_merge!(attrs.to_hash, overwrite_arrays: true, merge_nil_values: true)
+
+      self.class.new(h)
+    end
+
+    # @return [String]
+    def checksum
+      @checksum ||= Digest::MD5.hexdigest(Marshal.dump(to_hash))
+    end
+
+    # @param attrs [Hash]
+    # @param config_annotation [String]
+    # @return [Hash]
+    def merge_patch_ops(attrs, config_annotation)
+      Util.json_patch(current_config(config_annotation), stringify_hash(attrs))
+    end
+
+    # Gets the existing resources (on kube api) configuration, an empty hash if not present
+    #
+    # @param config_annotation [String]
+    # @return [Hash]
+    def current_config(config_annotation)
+      current_cfg = metadata.annotations&.dig(config_annotation)
+      return {} unless current_cfg
+
+      current_hash = Yajl::Parser.parse(current_cfg)
+      # kubectl adds empty metadata.namespace, let's fix it
+      current_hash['metadata'].delete('namespace') if current_hash.dig('metadata', 'namespace').to_s.empty?
+
+      current_hash
+    end
+
+    # @param config_annotation [String]
+    # @return [Boolean]
+    def can_patch?(config_annotation)
+      !!metadata.annotations&.dig(config_annotation)
+    end
+
+    # @param hash [Hash]
+    # @return [Hash]
+    def stringify_hash(hash)
+      Yajl::Parser.parse(JSON.dump(hash))
+    end
+  end
+end

data/lib/k8s/resource_client.rb

@@ -0,0 +1,349 @@
+# frozen_string_literal: true
+
+module K8s
+  # Per-APIResource type client.
+  #
+  # Used to get/list/update/patch/delete specific types of resources, optionally in some specific namespace.
+  class ResourceClient
+    # Common helpers used in both class/instance methods
+    module Utils
+      # @param selector [NilClass, String, Hash{String => String}]
+      # @return [NilClass, String]
+      def selector_query(selector)
+        case selector
+        when nil
+          nil
+        when String
+          selector
+        when Hash
+          selector.map{ |k, v| "#{k}=#{v}" }.join ','
+        else
+          fail "Invalid selector type. #{selector.inspect}"
+        end
+      end
+
+      # @param options [Hash]
+      # @return [Hash, NilClass]
+      def make_query(options)
+        query = options.compact
+
+        return nil if query.empty?
+
+        query
+      end
+    end
+
+    include Utils
+    extend Utils
+
+    # Pipeline list requests for multiple resource types.
+    #
+    # Returns flattened array with mixed resource kinds.
+    #
+    # @param resources [Array<K8s::ResourceClient>]
+    # @param transport [K8s::Transport]
+    # @param namespace [String, nil]
+    # @param labelSelector [nil, String, Hash{String => String}]
+    # @param fieldSelector [nil, String, Hash{String => String}]
+    # @param skip_forbidden [Boolean] skip resources that return HTTP 403 errors
+    # @return [Array<K8s::Resource>]
+    def self.list(resources, transport, namespace: nil, labelSelector: nil, fieldSelector: nil, skip_forbidden: false)
+      api_paths = resources.map{ |resource| resource.path(namespace: namespace) }
+      api_lists = transport.gets(
+        *api_paths,
+        response_class: K8s::API::MetaV1::List,
+        query: make_query(
+          'labelSelector' => selector_query(labelSelector),
+          'fieldSelector' => selector_query(fieldSelector)
+        ),
+        skip_forbidden: skip_forbidden
+      )
+
+      resources.zip(api_lists).map { |resource, api_list| api_list ? resource.process_list(api_list) : [] }.flatten
+    end
+
+    # @param transport [K8s::Transport]
+    # @param api_client [K8s::APIClient]
+    # @param api_resource [K8s::API::MetaV1::APIResource]
+    # @param namespace [String]
+    # @param resource_class [Class]
+    def initialize(transport, api_client, api_resource, namespace: nil, resource_class: K8s::Resource)
+      @transport = transport
+      @api_client = api_client
+      @api_resource = api_resource
+      @namespace = namespace
+      @resource_class = resource_class
+
+      if @api_resource.name.include? '/'
+        @resource, @subresource = @api_resource.name.split('/', 2)
+      else
+        @resource = @api_resource.name
+        @subresource = nil
+      end
+
+      fail "Resource #{api_resource.name} is not namespaced" unless api_resource.namespaced || !namespace
+    end
+
+    # @return [String]
+    def api_version
+      @api_client.api_version
+    end
+
+    # @return [String] resource or resource/subresource
+    def name
+      @api_resource.name
+    end
+
+    # @return [String, nil]
+    attr_reader :namespace
+
+    # @return [String]
+    attr_reader :resource
+
+    # @return [Boolean]
+    def subresource?
+      !!@subresource
+    end
+
+    # @return [String, nil]
+    attr_reader :subresource
+
+    # @return [String]
+    def kind
+      @api_resource.kind
+    end
+
+    # @return [class] K8s::Resource
+    attr_reader :resource_class
+
+    # @return [Boolean]
+    def namespaced?
+      !!@api_resource.namespaced
+    end
+
+    # @param name [NilClass, String]
+    # @param subresource [String, NilClass]
+    # @param namespace [String, NilClass]
+    # @return [String]
+    def path(name = nil, subresource: @subresource, namespace: @namespace)
+      namespace_part = namespace ? ['namespaces', namespace] : []
+
+      if name && subresource
+        @api_client.path(*namespace_part, @resource, name, subresource)
+      elsif name
+        @api_client.path(*namespace_part, @resource, name)
+      else
+        @api_client.path(*namespace_part, @resource)
+      end
+    end
+
+    # @return [Bool]
+    def create?
+      @api_resource.verbs.include? 'create'
+    end
+
+    # @param resource [#metadata] with metadata.namespace and metadata.name set
+    # @return [Object] instance of resource_class
+    def create_resource(resource)
+      @transport.request(
+        method: 'POST',
+        path: path(namespace: resource.metadata.namespace),
+        request_object: resource,
+        response_class: @resource_class
+      )
+    end
+
+    # @return [Bool]
+    def get?
+      @api_resource.verbs.include? 'get'
+    end
+
+    # @param name [String]
+    # @param namespace [String, NilClass]
+    # @return [Object] instance of resource_class
+    def get(name, namespace: @namespace)
+      @transport.request(
+        method: 'GET',
+        path: path(name, namespace: namespace),
+        response_class: @resource_class
+      )
+    end
+
+    # @param resource [resource_class]
+    # @return [Object] instance of resource_class
+    def get_resource(resource)
+      @transport.request(
+        method: 'GET',
+        path: path(resource.metadata.name, namespace: resource.metadata.namespace),
+        response_class: @resource_class
+      )
+    end
+
+    # @return [Bool]
+    def list?
+      @api_resource.verbs.include? 'list'
+    end
+
+    # @param list [K8s::API::MetaV1::List]
+    # @return [Array<Object>] array of instances of resource_class
+    def process_list(list)
+      list.items.map { |item|
+        # list items omit kind/apiVersion
+        @resource_class.new(item.merge('apiVersion' => list.apiVersion, 'kind' => @api_resource.kind))
+      }
+    end
+
+    # @param labelSelector [nil, String, Hash{String => String}]
+    # @param fieldSelector [nil, String, Hash{String => String}]
+    # @param namespace [nil, String]
+    # @return [Array<Object>] array of instances of resource_class
+    def list(labelSelector: nil, fieldSelector: nil, namespace: @namespace)
+      list = meta_list(labelSelector: labelSelector, fieldSelector: fieldSelector, namespace: namespace)
+      process_list(list)
+    end
+
+    # @param labelSelector [nil, String, Hash{String => String}]
+    # @param fieldSelector [nil, String, Hash{String => String}]
+    # @param namespace [nil, String]
+    # @return [K8s::API::MetaV1::List]
+    def meta_list(labelSelector: nil, fieldSelector: nil, namespace: @namespace)
+      @transport.request(
+        method: 'GET',
+        path: path(namespace: namespace),
+        response_class: K8s::API::MetaV1::List,
+        query: make_query(
+          'labelSelector' => selector_query(labelSelector),
+          'fieldSelector' => selector_query(fieldSelector)
+        )
+      )
+    end
+
+    # @param labelSelector [nil, String, Hash{String => String}]
+    # @param fieldSelector [nil, String, Hash{String => String}]
+    # @param resourceVersion [nil, String]
+    # @param timeout [nil, Integer]
+    # @yield [K8S::API::MetaV1::WatchEvent]
+    # @raise [Excon::Error]
+    def watch(labelSelector: nil, fieldSelector: nil, resourceVersion: nil, timeout: nil, namespace: @namespace)
+      method = 'GET'
+      path = path(namespace: namespace)
+      parser = Yajl::Parser.new
+      parser.on_parse_complete = lambda do |data|
+        event = K8s::API::MetaV1::WatchEvent.new(data)
+        yield event
+      end
+      @transport.request(
+        method: method,
+        path: path,
+        read_timeout: nil,
+        query: make_query(
+          'labelSelector' => selector_query(labelSelector),
+          'fieldSelector' => selector_query(fieldSelector),
+          'resourceVersion' => resourceVersion,
+          'watch' => '1',
+          'timeoutSeconds' => timeout
+        ),
+        response_block: lambda do |chunk, _, _|
+          parser << chunk
+        end
+      )
+    end
+
+    # @return [Boolean]
+    def update?
+      @api_resource.verbs.include? 'update'
+    end
+
+    # @param resource [#metadata] with metadata.resourceVersion set
+    # @return [Object] instance of resource_class
+    def update_resource(resource)
+      @transport.request(
+        method: 'PUT',
+        path: path(resource.metadata.name, namespace: resource.metadata.namespace),
+        request_object: resource,
+        response_class: @resource_class
+      )
+    end
+
+    # @return [Boolean]
+    def patch?
+      @api_resource.verbs.include? 'patch'
+    end
+
+    # @param name [String]
+    # @param obj [#to_json]
+    # @param namespace [String, nil]
+    # @param strategic_merge [Boolean] use kube Strategic Merge Patch instead of standard Merge Patch (arrays of objects are merged by name)
+    # @return [Object] instance of resource_class
+    def merge_patch(name, obj, namespace: @namespace, strategic_merge: true)
+      @transport.request(
+        method: 'PATCH',
+        path: path(name, namespace: namespace),
+        content_type: strategic_merge ? 'application/strategic-merge-patch+json' : 'application/merge-patch+json',
+        request_object: obj,
+        response_class: @resource_class
+      )
+    end
+
+    # @param name [String]
+    # @param ops [Hash] json-patch operations
+    # @param namespace [String, nil]
+    # @return [Object] instance of resource_class
+    def json_patch(name, ops, namespace: @namespace)
+      @transport.request(
+        method: 'PATCH',
+        path: path(name, namespace: namespace),
+        content_type: 'application/json-patch+json',
+        request_object: ops,
+        response_class: @resource_class
+      )
+    end
+
+    # @return [Boolean]
+    def delete?
+      @api_resource.verbs.include? 'delete'
+    end
+
+    # @param name [String]
+    # @param namespace [String, nil]
+    # @param propagationPolicy [String, nil] The propagationPolicy to use for the API call. Possible values include “Orphan”, “Foreground”, or “Background”
+    # @return [K8s::API::MetaV1::Status]
+    def delete(name, namespace: @namespace, propagationPolicy: nil)
+      @transport.request(
+        method: 'DELETE',
+        path: path(name, namespace: namespace),
+        query: make_query(
+          'propagationPolicy' => propagationPolicy
+        ),
+        response_class: @resource_class # XXX: documented as returning Status
+      )
+    end
+
+    # @param namespace [String, nil]
+    # @param labelSelector [nil, String, Hash{String => String}]
+    # @param fieldSelector [nil, String, Hash{String => String}]
+    # @param propagationPolicy [String, nil]
+    # @return [Array<Object>] array of instances of resource_class
+    def delete_collection(namespace: @namespace, labelSelector: nil, fieldSelector: nil, propagationPolicy: nil)
+      list = @transport.request(
+        method: 'DELETE',
+        path: path(namespace: namespace),
+        query: make_query(
+          'labelSelector' => selector_query(labelSelector),
+          'fieldSelector' => selector_query(fieldSelector),
+          'propagationPolicy' => propagationPolicy
+        ),
+        response_class: K8s::API::MetaV1::List # XXX: documented as returning Status
+      )
+      process_list(list)
+    end
+
+    # @param resource [resource_class] with metadata
+    # @param options [Hash]
+    # @see #delete for possible options
+    # @return [K8s::API::MetaV1::Status]
+    def delete_resource(resource, **options)
+      delete(resource.metadata.name, namespace: resource.metadata.namespace, **options)
+    end
+  end
+end

data/lib/k8s/ruby/version.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module K8s
+  class Ruby
+    # Updated on releases using semver.
+    VERSION = "0.10.6"
+  end
+end

data/lib/k8s/stack.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module K8s
+  # Usage: customize the LABEL and CHECKSUM_ANNOTATION
+  class Stack
+    include Logging
+
+    # Label used to identify resources belonging to this stack
+    LABEL = 'k8s.kontena.io/stack'
+
+    # Annotation used to identify resource versions
+    CHECKSUM_ANNOTATION = 'k8s.kontena.io/stack-checksum'
+
+    # Annotation used to identify last applied configuration
+    LAST_CONFIG_ANNOTATION = 'kubectl.kubernetes.io/last-applied-configuration'
+
+    # List of apiVersion:kind combinations to skip for stack prune
+    # These would lead to stack prune misbehaving if not skipped.
+    PRUNE_IGNORE = [
+      'v1:ComponentStatus', # apiserver ignores GET /v1/componentstatuses?labelSelector=... and returns all resources
+      'v1:Endpoints' # inherits stack label from service, but not checksum annotation
+    ].freeze
+
+    # @param name [String] unique name for stack
+    # @param path [String] load resources from YAML files
+    # @param options [Hash] see Stack#initialize
+    # @return [K8s::Stack]
+    def self.load(name, path, **options)
+      resources = K8s::Resource.from_files(path)
+      new(name, resources, **options)
+    end
+
+    # @param name [String] unique name for stack
+    # @param path [String] load resources from YAML files
+    # @param client [K8s::Client] apply using client
+    # @param prune [Boolean] delete old resources
+    # @param options [Hash] see Stack#initialize
+    # @return [K8s::Stack]
+    def self.apply(name, path, client, prune: true, **options)
+      load(name, path, **options).apply(client, prune: prune)
+    end
+
+    # Remove any installed stack resources.
+    #
+    # @param name [String] unique name for stack
+    # @param client [K8s::Client] apply using client
+    def self.delete(name, client, **options)
+      new(name, **options).delete(client)
+    end
+
+    attr_reader :name, :resources
+
+    # @param name [String]
+    # @param resources [Array<K8s::Resource>]
+    # @param debug [Boolean]
+    # @param label [String]
+    # @param checksum_annotation [String]
+    # @param last_config_annotation [String]
+    def initialize(name, resources = [], debug: false, label: self.class::LABEL, checksum_annotation: self.class::CHECKSUM_ANNOTATION, last_configuration_annotation: self.class::LAST_CONFIG_ANNOTATION)
+      @name = name
+      @resources = resources
+      @keep_resources = {}
+      @label = label
+      @checksum_annotation = checksum_annotation
+      @last_config_annotation = last_configuration_annotation
+
+      logger! progname: name, debug: debug
+    end
+
+    # @param resource [K8s::Resource] to apply
+    # @param base_resource [K8s::Resource] DEPRECATED
+    # @return [K8s::Resource]
+    # rubocop:disable Lint/UnusedMethodArgument
+    def prepare_resource(resource, base_resource: nil)
+      # TODO: base_resource is not used anymore, kept for backwards compatibility for a while
+
+      # calculate checksum  only from the "local" source
+      checksum = resource.checksum
+
+      # add stack metadata
+      resource.merge(
+        metadata: {
+          labels: { @label => name },
+          annotations: {
+            @checksum_annotation => checksum,
+            @last_config_annotation => Util.recursive_compact(resource.to_h).to_json
+          }
+        }
+      )
+    end
+    # rubocop:enable Lint/UnusedMethodArgument
+
+    # @param client [K8s::Client]
+    # @return [Array<K8s::Resource>]
+    def apply(client, prune: true, patch: true)
+      server_resources = client.get_resources(resources)
+
+      resources.zip(server_resources).map do |resource, server_resource|
+        if !server_resource
+          logger.info "Create resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} with checksum=#{resource.checksum}"
+          keep_resource! client.create_resource(prepare_resource(resource))
+        elsif server_resource.metadata.annotations&.dig(@checksum_annotation) != resource.checksum
+          logger.info "Update resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} with checksum=#{resource.checksum}"
+          r = prepare_resource(resource)
+          if patch && server_resource.can_patch?(@last_config_annotation)
+            # Patch: apply changes to specific fields only
+            keep_resource! client.patch_resource(server_resource, server_resource.merge_patch_ops(r.to_hash, @last_config_annotation))
+          else
+            # Replace (PUT): replace complete object
+            keep_resource! client.update_resource(server_resource.merge(prepare_resource(resource)))
+          end
+        else
+          logger.info "Keep resource #{server_resource.apiVersion}:#{server_resource.kind}/#{server_resource.metadata.name} in namespace #{server_resource.metadata.namespace} with checksum=#{server_resource.metadata.annotations[@checksum_annotation]}"
+          keep_resource! server_resource
+        end
+      end
+
+      prune(client, keep_resources: true) if prune
+    end
+
+    # key MUST NOT include resource.apiVersion: the same kind can be aliased in different APIs
+    # @param resource [K8s::Resource]
+    # @return [K8s::Resource]
+    def keep_resource!(resource)
+      @keep_resources["#{resource.kind}:#{resource.metadata.name}@#{resource.metadata.namespace}"] = resource.metadata.annotations[@checksum_annotation]
+    end
+
+    # @param resource [K8s::Resource]
+    # @return [Boolean]
+    def keep_resource?(resource)
+      keep_annotation = @keep_resources["#{resource.kind}:#{resource.metadata.name}@#{resource.metadata.namespace}"]
+      return false unless keep_annotation
+
+      keep_annotation == resource.metadata&.annotations.dig(@checksum_annotation)
+    end
+
+    # Delete all stack resources that were not applied
+    # @param client [K8s::Client]
+    # @param keep_resources [NilClass, Boolean]
+    # @param skip_forbidden [Boolean]
+    def prune(client, keep_resources:, skip_forbidden: true)
+      # using skip_forbidden: assume we can't create resource types that we are forbidden to list, so we don't need to prune them either
+      client.list_resources(labelSelector: { @label => name }, skip_forbidden: skip_forbidden).sort do |a, b|
+        # Sort resources so that namespaced objects are deleted first
+        if a.metadata.namespace == b.metadata.namespace
+          0
+        elsif a.metadata.namespace.nil? && !b.metadata.namespace.nil?
+          1
+        else
+          -1
+        end
+      end.each do |resource|
+        next if PRUNE_IGNORE.include? "#{resource.apiVersion}:#{resource.kind}"
+
+        resource_label = resource.metadata.labels ? resource.metadata.labels[@label] : nil
+        resource_checksum = resource.metadata.annotations ? resource.metadata.annotations[@checksum_annotation] : nil
+
+        logger.debug { "List resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} with checksum=#{resource_checksum}" }
+
+        if resource_label != name
+          # apiserver did not respect labelSelector
+        elsif resource.metadata&.ownerReferences && !resource.metadata.ownerReferences.empty?
+          logger.info "Server resource #{resource.apiVersion}:#{resource.apiKind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace} has ownerReferences and will be kept"
+        elsif keep_resources && keep_resource?(resource)
+          # resource is up-to-date
+        else
+          logger.info "Delete resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace}"
+          begin
+            client.delete_resource(resource, propagationPolicy: 'Background')
+          rescue K8s::Error::NotFound => e
+            # assume aliased objects in multiple API groups, like for Deployments
+            # alternatively, a custom resource whose definition was already deleted earlier
+            logger.debug { "Ignoring #{e} : #{e.message}" }
+          end
+        end
+      end
+    end
+
+    # Delete all stack resources
+    # @param client [K8s::Client]
+    def delete(client)
+      prune(client, keep_resources: false)
+    end
+  end
+end