kitchen-kubernetes 1.0.0

data/Rakefile

@@ -0,0 +1,17 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'bundler/gem_tasks'

data/kitchen-kubernetes.gemspec

@@ -0,0 +1,50 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'kitchen-kubernetes/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'kitchen-kubernetes'
+  spec.version       = KitchenKubernetes::VERSION
+  spec.authors       = ['Noah Kantrowitz']
+  spec.email         = ['noah@coderanger.net']
+  spec.description   = %q{A Kubernetes Driver for Test Kitchen}
+  spec.summary       = spec.description
+  spec.homepage      = 'https://github.com/coderanger/kitchen-kubernetes'
+  spec.license       = 'Apache 2.0'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = []
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'test-kitchen', '~> 1.18'
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+
+  # Unit testing gems.
+  spec.add_development_dependency 'rspec', '~> 3.2'
+  spec.add_development_dependency 'rspec-its', '~> 1.2'
+  spec.add_development_dependency 'fuubar', '~> 2.0'
+  spec.add_development_dependency 'simplecov', '~> 0.9'
+  spec.add_development_dependency 'codecov', '~> 0.0', '>= 0.0.2'
+
+  # Integration testing.
+  spec.add_development_dependency 'kitchen-inspec', '~> 0.20'
+end

data/lib/kitchen-kubernetes/helper.rb

@@ -0,0 +1,45 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+module KitchenKubernetes
+  # Utility mixin for other classes in this plugin.
+  #
+  # @since 1.0
+  # @api private
+  module Helper
+    # Because plugins and connections have different APIs.
+    def kube_options
+      if defined?(config)
+        config
+      elsif defined?(options)
+        options
+      else
+        raise "Something went wrong, please file a bug"
+      end
+    end
+
+    def kubectl_command(*cmd)
+      out = [kube_options[:kubectl_command]]
+      if kube_options[:context]
+        out << '--context'
+        out << kube_options[:context]
+      end
+      out.concat(cmd)
+      out
+    end
+  end
+end

data/lib/kitchen-kubernetes/version.rb

@@ -0,0 +1,20 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+module KitchenKubernetes
+  VERSION = "1.0.0"
+end

data/lib/kitchen/driver/kubernetes.rb

@@ -0,0 +1,216 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'erb'
+require 'json'
+
+require 'kitchen/driver/base'
+require 'kitchen/provisioner/chef_base'
+require 'kitchen/shell_out'
+require 'kitchen/verifier/busser'
+
+require 'kitchen/transport/kubernetes'
+require 'kitchen-kubernetes/helper'
+
+
+module Kitchen
+  module Driver
+
+    # Kubernetes driver for Kitchen.
+    #
+    # @author Noah Kantrowitz <noah@coderanger>
+    # @since 1.0
+    # @see Kitchen::Transport::Kubernetes
+    class Kubernetes < Kitchen::Driver::Base
+      include ShellOut
+      include KitchenKubernetes::Helper
+
+      default_config :cache_path, '/data/chef/%{chef_version}'
+      default_config :chef_image, 'chef/chef'
+      default_config :chef_version, 'latest'
+      default_config :context, nil
+      default_config :image_pull_policy, nil
+      default_config :image_pull_secrets, nil
+      default_config :init_system, nil
+      default_config :kubectl_command, 'kubectl'
+      default_config :pod_template, File.expand_path('../pod.yaml.erb', __FILE__)
+      default_config :rsync_command, 'rsync'
+      default_config :rsync_image, 'kitchenkubernetes/rsync:3.1.2-r5'
+      default_config :rsync_rsh, "#{RbConfig.ruby} -e \"exec('kubectl', 'exec', '--stdin', '--container=rsync', ARGV[0], '--', *ARGV[1..-1])\""
+
+      default_config :cache_volume do |driver|
+        if driver[:cache_path]
+          path = driver[:cache_path] % {chef_version: driver[:chef_version]}
+          {hostPath: {path: path, type: 'DirectoryOrCreate'}}
+        else
+          {emptyDir: {}}
+        end
+      end
+
+      default_config :image do |driver|
+        driver.default_image
+      end
+
+      default_config :pod_name do |driver|
+        # Borrowed from kitchen-rackspace.
+        [
+          driver.instance.name.gsub(/\W/, ''),
+          (Etc.getlogin || 'nologin').gsub(/\W/, ''),
+          Socket.gethostname.gsub(/\W/, '')[0..20],
+          Array.new(8) { rand(36).to_s(36) }.join
+        ].join('-')
+      end
+
+      # Don't expand path on commands that don't look like a path, otherwise
+      # it turns kubectl in to /path/to/cookbook/kubectl.
+      expand_path_for :kubectl_command do |driver|
+        driver[:kubectl_command] =~ %r{/|\\}
+      end
+      expand_path_for :pod_template
+      expand_path_for :rsync_command do |driver|
+        driver[:rsync_command] =~ %r{/|\\}
+      end
+
+      # Work out the default primary container image to use for this instance.
+      # Can be overridden by subclasses. Must return a string compatible with
+      # a Kubernetes container image specification.
+      #
+      # @return [String]
+      def default_image
+        if instance.platform.name =~ /^(.*)-([^-]*)$/
+          "#{$1}:#{$2}"
+        else
+          instance.platform.name
+        end
+      end
+
+      # Muck with some other plugins to make the UX easier. Haxxxx.
+      #
+      # @api private
+      def finalize_config!(instance)
+        super.tap do
+          # Force the use of the Kubernetes transport since it isn't much use
+          # without that.
+          instance.transport = Kitchen::Transport::Kubernetes.new(config)
+          # Leave room for the possibility of other provisioners in the future,
+          # but force some options we need.
+          if instance.provisioner.is_a?(Kitchen::Provisioner::ChefBase)
+            instance.provisioner.send(:config).update(
+              require_chef_omnibus: false,
+              product_name: nil,
+              chef_omnibus_root: '/opt/chef',
+              sudo: false,
+            )
+          end
+          # Ditto to the above, other verifiers will need their own hacks, but
+          # this is a start at least.
+          if instance.verifier.is_a?(Kitchen::Verifier::Busser)
+            instance.verifier.send(:config).update(
+              root_path: '/tmp/kitchen/verifier',
+              sudo: false,
+            )
+          elsif defined?(Kitchen::Verifier::Inspec) && instance.verifier.is_a?(Kitchen::Verifier::Inspec)
+            # Monkeypatch kitchen-inspec to use my copy of the kubernetes train transport.
+            # Pending https://github.com/chef/train/pull/205 and https://github.com/chef/kitchen-inspec/pull/148
+            # or https://github.com/chef/kitchen-inspec/pull/149.
+            require 'kitchen/verifier/train_kubernetes_hack'
+            _config = config # Because closure madness.
+            old_runner_options = instance.verifier.method(:runner_options)
+            instance.verifier.send(:define_singleton_method, :runner_options) do |transport, state = {}, platform = nil, suite = nil|
+              if transport.is_a?(Kitchen::Transport::Kubernetes)
+                # Initiate 1337 ha><0rz.
+                {
+                  "backend" => "kubernetes_hack",
+                  "logger" => logger,
+                  "pod" => state[:pod_id],
+                  "container" => "default",
+                  "kubectl_path" => _config[:kubectl_path],
+                  "context" => _config[:context],
+                }.tap do |runner_options|
+                  # Copied directly from kitchen-inspec because there is no way not to. Sigh.
+                  runner_options["color"] = (config[:color].nil? ? true : config[:color])
+                  runner_options["format"] = config[:format] unless config[:format].nil?
+                  runner_options["output"] = config[:output] % { platform: platform, suite: suite } unless config[:output].nil?
+                  runner_options["profiles_path"] = config[:profiles_path] unless config[:profiles_path].nil?
+                  runner_options[:controls] = config[:controls]
+                end
+              else
+                old_runner_options.call(transport, state, platform, suite)
+              end
+            end
+          end
+        end
+      end
+
+      # (see Base#create)
+      def create(state)
+        # Already created, we're good.
+        return if state[:pod_id]
+        # Lock in our name with randomness and whatever.
+        pod_id = config[:pod_name]
+        # Render the pod YAML and feed it to kubectl.
+        tpl = ERB.new(IO.read(config[:pod_template]), 0, '-')
+        tpl.filename = config[:pod_template]
+        pod_yaml = tpl.result(binding)
+        debug("Creating pod with YAML:\n#{pod_yaml}\n")
+        run_command(kubectl_command('create', '--filename', '-'), input: pod_yaml)
+        # Wait until the pod reaches Running status.
+        status = nil
+        start_time = Time.now
+        while status != 'Running'
+          if Time.now - start_time > 20
+            # More than 20 seconds, start giving user feedback. 20 second threshold
+            # was 100% pulled from my ass based on how long it takes to launch
+            # on my local minikube, may need changing for reality.
+            info("Waiting for pod #{pod_id} to be running, currently #{status}")
+          end
+          sleep(1)
+          # Can't use run_command here because error! is unwanted and logging is a bit much.
+          status_cmd = Mixlib::ShellOut.new(kubectl_command('get', 'pod', pod_id, '--output=json'))
+          status_cmd.run_command
+          unless status_cmd.error? || status_cmd.stdout.empty?
+            status = JSON.parse(status_cmd.stdout)['status']['phase']
+          end
+        end
+        # Save the pod ID.
+        state[:pod_id] = pod_id
+      rescue Exception => ex
+        # If something goes wrong, try to clean up.
+        if pod_id
+          begin
+            debug("Failure during create, trying to clean up pod #{pod_id}")
+            run_command(kubectl_command('delete', 'pod', pod_id, '--now'))
+          rescue ShellCommandFailed => cleanup_ex
+            # Welp, we tried.
+            debug("Cleanup failed, continuing anyway: #{cleanup_ex}")
+          end
+        end
+        raise ex
+      end
+
+      # (see Base#destroy)
+      def destroy(state)
+        return unless state[:pod_id]
+        run_command(kubectl_command('delete', 'pod', state[:pod_id], '--now'))
+        # Explicitly not waiting for the delete to finish, if k8s has problems
+        # with deletes in the future, I can add a wait here.
+      rescue ShellCommandFailed => ex
+        raise unless ex.to_s.include?('(NotFound)')
+      end
+
+    end
+  end
+end

data/lib/kitchen/driver/pod.yaml.erb

@@ -0,0 +1,96 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: <%= pod_id %>
+  labels:
+    heritage: kitchen-kubernetes
+  annotations:
+    coderanger.net/kitchen-instance: <%= instance.name %>
+    coderanger.net/kitchen-platform: <%= instance.platform.name %>
+    coderanger.net/kitchen-created-by: <%= Etc.getlogin || 'unknown' %>
+    coderanger.net/kitchen-created-on: <%= Socket.gethostname %>
+spec:
+  initContainers:
+  - name: chef
+    image: <%= config[:chef_image] %>:<%= config[:chef_version] %>
+    <%- if config[:chef_version] == 'latest' -%>
+    command: ["/bin/cp", "-a", "-u", "/opt/chef", "/mnt"]
+    <%- else -%>
+    command: ["/bin/sh", "-c", "if [ ! -d /mnt/chef/bin ]; then cp -a /opt/chef /mnt; fi"]
+    <%- end -%>
+    volumeMounts:
+    - mountPath: /mnt/chef
+      name: chef
+  containers:
+  - name: default
+    image: <%= config[:image] %>
+    <%- if config[:image_pull_policy] %>
+    imagePullPolicy: <%= config[:image_pull_policy] %>
+    <%- end -%>
+    <%- if config[:init_system] == 'systemd' -%>
+    env:
+    - name: container
+      value: docker
+    command: ["/sbin/init"]
+    <%- else -%>
+    command: ["/bin/sh", "-c", "trap 'exit 0' TERM; sleep 2147483647 & wait"]
+    <%- end -%>
+    volumeMounts:
+    - mountPath: /opt/chef
+      name: chef
+    - mountPath: /tmp/kitchen
+      name: kitchen
+    <%- if config[:init_system] == 'systemd' -%>
+    - mountPath: /tmp
+      name: systemd-tmp
+    - mountPath: /run
+      name: systemd-run
+    - mountPath: /run/lock
+      name: systemd-lock
+    - mountPath: /sys/fs/cgroup
+      name: systemd-cgroup
+      readOnly: true
+    <%- end -%>
+  - name: rsync
+    image: <%= config[:rsync_image] %>
+    volumeMounts:
+    - mountPath: /tmp/kitchen
+      name: kitchen
+  volumes:
+  - <%= {name: 'chef'}.merge(config[:cache_volume]).to_json %>
+  - name: kitchen
+    emptyDir: {}
+  <%- if config[:init_system] == 'systemd' -%>
+  - name: systemd-tmp
+    emptyDir:
+      medium: Memory
+  - name: systemd-run
+    emptyDir:
+      medium:
+  - name: systemd-lock
+    emptyDir:
+      medium: Memory
+  - name: systemd-cgroup
+    hostPath:
+      path: /sys/fs/cgroup
+      type: Directory
+  <%- end -%>
+  <%- if config[:image_pull_secrets] -%>
+  imagePullSecrets: <%= Array(config[:image_pull_secrets]).map {|n| {name: n} }.to_json %>
+  <%- end -%>