kamal 2.0.0.alpha → 2.0.0.beta1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kamal
 version: !ruby/object:Gem::Version
-  version: 2.0.0.alpha
+  version: 2.0.0.beta1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-01 00:00:00.000000000 Z
+date: 2024-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -78,14 +78,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -218,25 +218,25 @@ files:
 - lib/kamal/cli/base.rb
 - lib/kamal/cli/build.rb
 - lib/kamal/cli/build/clone.rb
-- lib/kamal/cli/env.rb
 - lib/kamal/cli/healthcheck/barrier.rb
 - lib/kamal/cli/healthcheck/error.rb
 - lib/kamal/cli/healthcheck/poller.rb
 - lib/kamal/cli/lock.rb
 - lib/kamal/cli/main.rb
+- lib/kamal/cli/proxy.rb
 - lib/kamal/cli/prune.rb
 - lib/kamal/cli/registry.rb
+- lib/kamal/cli/secrets.rb
 - lib/kamal/cli/server.rb
 - lib/kamal/cli/templates/deploy.yml
 - lib/kamal/cli/templates/sample_hooks/docker-setup.sample
 - lib/kamal/cli/templates/sample_hooks/post-deploy.sample
-- lib/kamal/cli/templates/sample_hooks/post-traefik-reboot.sample
+- lib/kamal/cli/templates/sample_hooks/post-proxy-reboot.sample
 - lib/kamal/cli/templates/sample_hooks/pre-build.sample
 - lib/kamal/cli/templates/sample_hooks/pre-connect.sample
 - lib/kamal/cli/templates/sample_hooks/pre-deploy.sample
-- lib/kamal/cli/templates/sample_hooks/pre-traefik-reboot.sample
-- lib/kamal/cli/templates/template.env
-- lib/kamal/cli/traefik.rb
+- lib/kamal/cli/templates/sample_hooks/pre-proxy-reboot.sample
+- lib/kamal/cli/templates/secrets
 - lib/kamal/commander.rb
 - lib/kamal/commander/specifics.rb
 - lib/kamal/commands.rb
@@ -244,10 +244,10 @@ files:
 - lib/kamal/commands/app.rb
 - lib/kamal/commands/app/assets.rb
 - lib/kamal/commands/app/containers.rb
-- lib/kamal/commands/app/cord.rb
 - lib/kamal/commands/app/execution.rb
 - lib/kamal/commands/app/images.rb
 - lib/kamal/commands/app/logging.rb
+- lib/kamal/commands/app/proxy.rb
 - lib/kamal/commands/auditor.rb
 - lib/kamal/commands/base.rb
 - lib/kamal/commands/builder.rb
@@ -259,10 +259,10 @@ files:
 - lib/kamal/commands/docker.rb
 - lib/kamal/commands/hook.rb
 - lib/kamal/commands/lock.rb
+- lib/kamal/commands/proxy.rb
 - lib/kamal/commands/prune.rb
 - lib/kamal/commands/registry.rb
 - lib/kamal/commands/server.rb
-- lib/kamal/commands/traefik.rb
 - lib/kamal/configuration.rb
 - lib/kamal/configuration/accessory.rb
 - lib/kamal/configuration/alias.rb
@@ -274,24 +274,22 @@ files:
 - lib/kamal/configuration/docs/builder.yml
 - lib/kamal/configuration/docs/configuration.yml
 - lib/kamal/configuration/docs/env.yml
-- lib/kamal/configuration/docs/healthcheck.yml
 - lib/kamal/configuration/docs/logging.yml
+- lib/kamal/configuration/docs/proxy.yml
 - lib/kamal/configuration/docs/registry.yml
 - lib/kamal/configuration/docs/role.yml
 - lib/kamal/configuration/docs/servers.yml
 - lib/kamal/configuration/docs/ssh.yml
 - lib/kamal/configuration/docs/sshkit.yml
-- lib/kamal/configuration/docs/traefik.yml
 - lib/kamal/configuration/env.rb
 - lib/kamal/configuration/env/tag.rb
-- lib/kamal/configuration/healthcheck.rb
 - lib/kamal/configuration/logging.rb
+- lib/kamal/configuration/proxy.rb
 - lib/kamal/configuration/registry.rb
 - lib/kamal/configuration/role.rb
 - lib/kamal/configuration/servers.rb
 - lib/kamal/configuration/ssh.rb
 - lib/kamal/configuration/sshkit.rb
-- lib/kamal/configuration/traefik.rb
 - lib/kamal/configuration/validation.rb
 - lib/kamal/configuration/validator.rb
 - lib/kamal/configuration/validator/accessory.rb
@@ -299,12 +297,21 @@ files:
 - lib/kamal/configuration/validator/builder.rb
 - lib/kamal/configuration/validator/configuration.rb
 - lib/kamal/configuration/validator/env.rb
+- lib/kamal/configuration/validator/proxy.rb
 - lib/kamal/configuration/validator/registry.rb
 - lib/kamal/configuration/validator/role.rb
 - lib/kamal/configuration/validator/servers.rb
 - lib/kamal/configuration/volume.rb
 - lib/kamal/env_file.rb
 - lib/kamal/git.rb
+- lib/kamal/secrets.rb
+- lib/kamal/secrets/adapters.rb
+- lib/kamal/secrets/adapters/base.rb
+- lib/kamal/secrets/adapters/bitwarden.rb
+- lib/kamal/secrets/adapters/last_pass.rb
+- lib/kamal/secrets/adapters/one_password.rb
+- lib/kamal/secrets/adapters/test.rb
+- lib/kamal/secrets/dotenv/inline_command_substitution.rb
 - lib/kamal/sshkit_with_ext.rb
 - lib/kamal/tags.rb
 - lib/kamal/utils.rb
@@ -329,7 +336,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.17
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Deploy web apps in containers to servers running Docker with zero downtime.

data/lib/kamal/cli/env.rb

@@ -1,54 +0,0 @@
-require "tempfile"
-
-class Kamal::Cli::Env < Kamal::Cli::Base
-  desc "push", "Push the env file to the remote hosts"
-  def push
-    with_lock do
-      on(KAMAL.hosts) do
-        execute *KAMAL.auditor.record("Pushed env files"), verbosity: :debug
-
-        KAMAL.roles_on(host).each do |role|
-          execute *KAMAL.app(role: role, host: host).make_env_directory
-          upload! role.env(host).secrets_io, role.env(host).secrets_file, mode: 400
-        end
-      end
-
-      on(KAMAL.traefik_hosts) do
-        execute *KAMAL.traefik.make_env_directory
-        upload! KAMAL.traefik.env.secrets_io, KAMAL.traefik.env.secrets_file, mode: 400
-      end
-
-      on(KAMAL.accessory_hosts) do
-        KAMAL.accessories_on(host).each do |accessory|
-          accessory_config = KAMAL.config.accessory(accessory)
-          execute *KAMAL.accessory(accessory).make_env_directory
-          upload! accessory_config.env.secrets_io, accessory_config.env.secrets_file, mode: 400
-        end
-      end
-    end
-  end
-
-  desc "delete", "Delete the env file from the remote hosts"
-  def delete
-    with_lock do
-      on(KAMAL.hosts) do
-        execute *KAMAL.auditor.record("Deleted env files"), verbosity: :debug
-
-        KAMAL.roles_on(host).each do |role|
-          execute *KAMAL.app(role: role, host: host).remove_env_file
-        end
-      end
-
-      on(KAMAL.traefik_hosts) do
-        execute *KAMAL.traefik.remove_env_file
-      end
-
-      on(KAMAL.accessory_hosts) do
-        KAMAL.accessories_on(host).each do |accessory|
-          accessory_config = KAMAL.config.accessory(accessory)
-          execute *KAMAL.accessory(accessory).remove_env_file
-        end
-      end
-    end
-  end
-end

data/lib/kamal/cli/templates/sample_hooks/post-traefik-reboot.sample

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-echo "Rebooted Traefik on $KAMAL_HOSTS"

data/lib/kamal/cli/templates/template.env

@@ -1,2 +0,0 @@
-KAMAL_REGISTRY_PASSWORD=change-this
-RAILS_MASTER_KEY=another-env

data/lib/kamal/cli/traefik.rb

@@ -1,122 +0,0 @@
-class Kamal::Cli::Traefik < Kamal::Cli::Base
-  desc "boot", "Boot Traefik on servers"
-  def boot
-    with_lock do
-      on(KAMAL.traefik_hosts) do
-        execute *KAMAL.registry.login
-        execute *KAMAL.traefik.start_or_run
-      end
-    end
-  end
-
-  desc "reboot", "Reboot Traefik on servers (stop container, remove container, start new container)"
-  option :rolling, type: :boolean, default: false, desc: "Reboot traefik on hosts in sequence, rather than in parallel"
-  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
-  def reboot
-    confirming "This will cause a brief outage on each host. Are you sure?" do
-      with_lock do
-        host_groups = options[:rolling] ? KAMAL.traefik_hosts : [ KAMAL.traefik_hosts ]
-        host_groups.each do |hosts|
-          host_list = Array(hosts).join(",")
-          run_hook "pre-traefik-reboot", hosts: host_list
-          on(hosts) do
-            execute *KAMAL.auditor.record("Rebooted traefik"), verbosity: :debug
-            execute *KAMAL.registry.login
-            execute *KAMAL.traefik.stop, raise_on_non_zero_exit: false
-            execute *KAMAL.traefik.remove_container
-            execute *KAMAL.traefik.run
-          end
-          run_hook "post-traefik-reboot", hosts: host_list
-        end
-      end
-    end
-  end
-
-  desc "start", "Start existing Traefik container on servers"
-  def start
-    with_lock do
-      on(KAMAL.traefik_hosts) do
-        execute *KAMAL.auditor.record("Started traefik"), verbosity: :debug
-        execute *KAMAL.traefik.start
-      end
-    end
-  end
-
-  desc "stop", "Stop existing Traefik container on servers"
-  def stop
-    with_lock do
-      on(KAMAL.traefik_hosts) do
-        execute *KAMAL.auditor.record("Stopped traefik"), verbosity: :debug
-        execute *KAMAL.traefik.stop, raise_on_non_zero_exit: false
-      end
-    end
-  end
-
-  desc "restart", "Restart existing Traefik container on servers"
-  def restart
-    with_lock do
-      stop
-      start
-    end
-  end
-
-  desc "details", "Show details about Traefik container from servers"
-  def details
-    on(KAMAL.traefik_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.traefik.info), type: "Traefik" }
-  end
-
-  desc "logs", "Show log lines from Traefik on servers"
-  option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
-  option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
-  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
-  option :grep_options, aliases: "-o", desc: "Additional options supplied to grep"
-  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
-  def logs
-    grep = options[:grep]
-    grep_options = options[:grep_options]
-
-    if options[:follow]
-      run_locally do
-        info "Following logs on #{KAMAL.primary_host}..."
-        info KAMAL.traefik.follow_logs(host: KAMAL.primary_host, grep: grep, grep_options: grep_options)
-        exec KAMAL.traefik.follow_logs(host: KAMAL.primary_host, grep: grep, grep_options: grep_options)
-      end
-    else
-      since = options[:since]
-      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
-
-      on(KAMAL.traefik_hosts) do |host|
-        puts_by_host host, capture(*KAMAL.traefik.logs(since: since, lines: lines, grep: grep, grep_options: grep_options)), type: "Traefik"
-      end
-    end
-  end
-
-  desc "remove", "Remove Traefik container and image from servers"
-  def remove
-    with_lock do
-      stop
-      remove_container
-      remove_image
-    end
-  end
-
-  desc "remove_container", "Remove Traefik container from servers", hide: true
-  def remove_container
-    with_lock do
-      on(KAMAL.traefik_hosts) do
-        execute *KAMAL.auditor.record("Removed traefik container"), verbosity: :debug
-        execute *KAMAL.traefik.remove_container
-      end
-    end
-  end
-
-  desc "remove_image", "Remove Traefik image from servers", hide: true
-  def remove_image
-    with_lock do
-      on(KAMAL.traefik_hosts) do
-        execute *KAMAL.auditor.record("Removed traefik image"), verbosity: :debug
-        execute *KAMAL.traefik.remove_image
-      end
-    end
-  end
-end

data/lib/kamal/commands/app/cord.rb

@@ -1,22 +0,0 @@
-module Kamal::Commands::App::Cord
-  def cord(version:)
-    pipe \
-      docker(:inspect, "-f '{{ range .Mounts }}{{printf \"%s %s\\n\" .Source .Destination}}{{ end }}'", container_name(version)),
-      [ :awk, "'$2 == \"#{role.cord_volume.container_path}\" {print $1}'" ]
-  end
-
-  def tie_cord(cord)
-    create_empty_file(cord)
-  end
-
-  def cut_cord(cord)
-    remove_directory(cord)
-  end
-
-  private
-    def create_empty_file(file)
-      chain \
-        make_directory_for(file),
-        [ :touch, file ]
-    end
-end

data/lib/kamal/commands/traefik.rb

@@ -1,85 +0,0 @@
-class Kamal::Commands::Traefik < Kamal::Commands::Base
-  delegate :argumentize, :optionize, to: Kamal::Utils
-  delegate :port, :publish?, :labels, :env, :image, :options, :args, to: :"config.traefik"
-
-  def run
-    docker :run, "--name traefik",
-      "--detach",
-      "--restart", "unless-stopped",
-      *publish_args,
-      "--volume", "/var/run/docker.sock:/var/run/docker.sock",
-      *env_args,
-      *config.logging_args,
-      *label_args,
-      *docker_options_args,
-      image,
-      "--providers.docker",
-      *cmd_option_args
-  end
-
-  def start
-    docker :container, :start, "traefik"
-  end
-
-  def stop
-    docker :container, :stop, "traefik"
-  end
-
-  def start_or_run
-    any start, run
-  end
-
-  def info
-    docker :ps, "--filter", "name=^traefik$"
-  end
-
-  def logs(since: nil, lines: nil, grep: nil, grep_options: nil)
-    pipe \
-      docker(:logs, "traefik", (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
-      ("grep '#{grep}'#{" #{grep_options}" if grep_options}" if grep)
-  end
-
-  def follow_logs(host:, grep: nil, grep_options: nil)
-    run_over_ssh pipe(
-      docker(:logs, "traefik", "--timestamps", "--tail", "10", "--follow", "2>&1"),
-      (%(grep "#{grep}"#{" #{grep_options}" if grep_options}) if grep)
-    ).join(" "), host: host
-  end
-
-  def remove_container
-    docker :container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
-  end
-
-  def remove_image
-    docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
-  end
-
-  def make_env_directory
-    make_directory(env.secrets_directory)
-  end
-
-  def remove_env_file
-    [ :rm, "-f", env.secrets_file ]
-  end
-
-  private
-    def publish_args
-      argumentize "--publish", port if publish?
-    end
-
-    def label_args
-      argumentize "--label", labels
-    end
-
-    def env_args
-      env.args
-    end
-
-    def docker_options_args
-      optionize(options)
-    end
-
-    def cmd_option_args
-      optionize args, with: "="
-    end
-end

data/lib/kamal/configuration/docs/healthcheck.yml

@@ -1,59 +0,0 @@
-# Healthcheck configuration
-#
-# On roles that are running Traefik, Kamal will supply a default healthcheck to `docker run`.
-# For other roles, by default no healthcheck is supplied.
-#
-# If no healthcheck is supplied and the image does not define one, they we wait for the container
-# to reach a running state and then pause for the readiness delay.
-#
-# The default healthcheck is `curl -f http://localhost:<port>/<path>`, so it assumes that `curl`
-# is available within the container.
-
-# Healthcheck options
-#
-# These go under the `healthcheck` key in the root or role configuration.
-healthcheck:
-
-  # Command
-  #
-  # The command to run, defaults to `curl -f http://localhost:<port>/<path>` on roles running Traefik
-  cmd: "curl -f http://localhost"
-
-  # Interval
-  #
-  # The Docker healthcheck interval, defaults to `1s`
-  interval: 10s
-
-  # Max attempts
-  #
-  # The maximum number of times we poll the container to see if it is healthy, defaults to `7`
-  # Each check is separated by an increasing interval starting with 1 second.
-  max_attempts: 3
-
-  # Port
-  #
-  # The port to use in the healthcheck, defaults to `3000`
-  port: "80"
-
-  # Path
-  #
-  # The path to use in the healthcheck, defaults to `/up`
-  path: /health
-
-  # Cords for zero-downtime deployments
-  #
-  # The cord file is used for zero-downtime deployments. The healthcheck is augmented with a check
-  # for the existance of the file. This allows us to delete the file and force the container to
-  # become unhealthy, causing Traefik to stop routing traffic to it.
-  #
-  # Kamal mounts a volume at this location and creates the file before starting the container.
-  # You can set the value to `false` to disable the cord file, but this loses the zero-downtime
-  # guarantee.
-  #
-  # The default value is `/tmp/kamal-cord`
-  cord: /cord
-
-  # Log lines
-  #
-  # Number of lines to log from the container when the healthcheck fails, defaults to `50`
-  log_lines: 100

data/lib/kamal/configuration/docs/traefik.yml

@@ -1,62 +0,0 @@
-# Traefik
-#
-# Traefik is a reverse proxy, used by Kamal for zero-downtime deployments.
-#
-# We start an instance on the hosts in it's own container.
-#
-# During a deployment:
-# 1. We start a new container which Traefik automatically detects due to the labels we have applied
-# 2. Traefik starts routing traffic to the new container
-# 3. We force the old container to fail it's healthcheck, causing Traefik to stop routing traffic to it
-# 4. We stop the old container
-
-# Traefik settings
-#
-# Traekik is configured in the root configuration under `traefik`.
-traefik:
-
-  # Image
-  #
-  # The Traefik image to use, defaults to `traefik:v2.10`
-  image: traefik:v2.9
-
-  # Host port
-  #
-  # The host port to publish the Traefik container on, defaults to `80`
-  host_port: "8080"
-
-  # Disabling publishing
-  #
-  # To avoid publishing the Traefik container, set this to `false`
-  publish: false
-
-  # Labels
-  #
-  # Additional labels to apply to the Traefik container
-  labels:
-    traefik.http.routers.catchall.entryPoints: http
-    traefik.http.routers.catchall.rule: PathPrefix(`/`)
-    traefik.http.routers.catchall.service: unavailable
-    traefik.http.routers.catchall.priority: "1"
-    traefik.http.services.unavailable.loadbalancer.server.port: "0"
-
-  # Arguments
-  #
-  # Additional arguments to pass to the Traefik container
-  args:
-    entryPoints.http.address: ":80"
-    entryPoints.http.forwardedHeaders.insecure: true
-    accesslog: true
-    accesslog.format: json
-
-  # Options
-  #
-  # Additional options to pass to `docker run`
-  options:
-    cpus: 2
-
-  # Environment variables
-  #
-  # See kamal docs env
-  env:
-    ...

data/lib/kamal/configuration/healthcheck.rb

@@ -1,63 +0,0 @@
-class Kamal::Configuration::Healthcheck
-  include Kamal::Configuration::Validation
-
-  attr_reader :healthcheck_config
-
-  def initialize(healthcheck_config:, context: "healthcheck")
-    @healthcheck_config = healthcheck_config || {}
-    validate! @healthcheck_config, context: context
-  end
-
-  def merge(other)
-    self.class.new healthcheck_config: healthcheck_config.deep_merge(other.healthcheck_config)
-  end
-
-  def cmd
-    healthcheck_config.fetch("cmd", http_health_check)
-  end
-
-  def port
-    healthcheck_config.fetch("port", 3000)
-  end
-
-  def path
-    healthcheck_config.fetch("path", "/up")
-  end
-
-  def max_attempts
-    healthcheck_config.fetch("max_attempts", 7)
-  end
-
-  def interval
-    healthcheck_config.fetch("interval", "1s")
-  end
-
-  def cord
-    healthcheck_config.fetch("cord", "/tmp/kamal-cord")
-  end
-
-  def log_lines
-    healthcheck_config.fetch("log_lines", 50)
-  end
-
-  def set_port_or_path?
-    healthcheck_config["port"].present? || healthcheck_config["path"].present?
-  end
-
-  def to_h
-    {
-      "cmd" => cmd,
-      "interval" => interval,
-      "max_attempts" => max_attempts,
-      "port" => port,
-      "path" => path,
-      "cord" => cord,
-      "log_lines" => log_lines
-    }
-  end
-
-  private
-    def http_health_check
-      "curl -f #{URI.join("http://localhost:#{port}", path)} || exit 1" if path.present? || port.present?
-    end
-end

data/lib/kamal/configuration/traefik.rb

@@ -1,60 +0,0 @@
-class Kamal::Configuration::Traefik
-  DEFAULT_IMAGE = "traefik:v2.10"
-  CONTAINER_PORT = 80
-  DEFAULT_ARGS = {
-    "log.level" => "DEBUG"
-  }
-  DEFAULT_LABELS = {
-    # These ensure we serve a 502 rather than a 404 if no containers are available
-    "traefik.http.routers.catchall.entryPoints" => "http",
-    "traefik.http.routers.catchall.rule" => "PathPrefix(`/`)",
-    "traefik.http.routers.catchall.service" => "unavailable",
-    "traefik.http.routers.catchall.priority" => 1,
-    "traefik.http.services.unavailable.loadbalancer.server.port" => "0"
-  }
-
-  include Kamal::Configuration::Validation
-
-  attr_reader :config, :traefik_config
-
-  def initialize(config:)
-    @config = config
-    @traefik_config = config.raw_config.traefik || {}
-    validate! traefik_config
-  end
-
-  def publish?
-    traefik_config["publish"] != false
-  end
-
-  def labels
-    DEFAULT_LABELS.merge(traefik_config["labels"] || {})
-  end
-
-  def env
-    Kamal::Configuration::Env.new \
-      config: traefik_config.fetch("env", {}),
-      secrets_file: File.join(config.host_env_directory, "traefik", "traefik.env"),
-      context: "traefik/env"
-  end
-
-  def host_port
-    traefik_config.fetch("host_port", CONTAINER_PORT)
-  end
-
-  def options
-    traefik_config.fetch("options", {})
-  end
-
-  def port
-    "#{host_port}:#{CONTAINER_PORT}"
-  end
-
-  def args
-    DEFAULT_ARGS.merge(traefik_config.fetch("args", {}))
-  end
-
-  def image
-    traefik_config.fetch("image", DEFAULT_IMAGE)
-  end
-end