RubyGems - krane - Versions diffs - 1.1.0 → 2.0.0 - Mend

krane 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml +4 -4
data/.github/CODEOWNERS +1 -0
data/{ISSUE_TEMPLATE.md → .github/ISSUE_TEMPLATE.md} +0 -0
data/{pull_request_template.md → .github/pull_request_template.md} +0 -0
data/.rubocop-http---shopify-github-io-ruby-style-guide-rubocop-yml +24 -30
data/.rubocop.yml +0 -12
data/.shopify-build/krane.yml +20 -6
data/1.0-Upgrade.md +2 -2
data/CHANGELOG.md +61 -0
data/CONTRIBUTING.md +2 -2
data/README.md +14 -16
data/bin/ci +1 -1
data/bin/test +2 -2
data/dev.yml +1 -1
data/krane.gemspec +7 -5
data/lib/krane/annotation.rb +11 -0
data/lib/krane/cli/deploy_command.rb +3 -4
data/lib/krane/cli/global_deploy_command.rb +3 -3
data/lib/krane/cli/render_command.rb +3 -3
data/lib/krane/cluster_resource_discovery.rb +10 -6
data/lib/krane/concerns/template_reporting.rb +0 -6
data/lib/krane/container_logs.rb +1 -1
data/lib/krane/container_overrides.rb +33 -0
data/lib/krane/deploy_task.rb +16 -13
data/lib/krane/ejson_secret_provisioner.rb +1 -2
data/lib/krane/global_deploy_task.rb +4 -7
data/lib/krane/kubectl.rb +11 -1
data/lib/krane/kubernetes_resource.rb +19 -46
data/lib/krane/kubernetes_resource/custom_resource.rb +2 -2
data/lib/krane/kubernetes_resource/custom_resource_definition.rb +13 -10
data/lib/krane/kubernetes_resource/deployment.rb +5 -7
data/lib/krane/kubernetes_resource/pod.rb +12 -8
data/lib/krane/psych_k8s_compatibility.rb +36 -0
data/lib/krane/render_task.rb +2 -2
data/lib/krane/renderer.rb +2 -0
data/lib/krane/resource_deployer.rb +7 -2
data/lib/krane/resource_watcher.rb +1 -1
data/lib/krane/restart_task.rb +2 -2
data/lib/krane/runner_task.rb +16 -17
data/lib/krane/statsd.rb +2 -2
data/lib/krane/template_sets.rb +1 -1
data/lib/krane/version.rb +1 -1
metadata +27 -17
data/lib/krane/kubernetes_resource/cloudsql.rb +0 -44

data/bin/ci CHANGED

@@ -17,5 +17,5 @@ docker run --rm \
     -e VERBOSE=1 \
     -e PARALLELISM=$PARALLELISM \
     -w /usr/src/app \
-    ruby:2.4 \
+    ruby:"${RUBY_VERSION:-2.5}" \
     bin/test

data/bin/test CHANGED

@@ -41,7 +41,7 @@ bundle exec rake unit_test
 print_header "Run Non-Parallel Integration Tests"
 bundle exec rake serial_integration_test
-print_header "Run Parallel Integration Tests (N=$PARALLELISM)"
-PARALLELIZE_ME=1 N=$PARALLELISM bundle exec rake integration_test
+print_header "Run Parallel Integration Tests (MT_CPU=$PARALLELISM)"
+PARALLELIZE_ME=1 MT_CPU=$PARALLELISM bundle exec rake integration_test
 test $err -eq 0

data/dev.yml CHANGED

@@ -1,7 +1,7 @@
 ---
 name: krane
 up:
-  - ruby: 2.4.6 # Matches gemspec
+  - ruby: 2.5.7 # Matches gemspec
   - bundler
   - homebrew:
     - Caskroom/cask/minikube

data/krane.gemspec CHANGED

@@ -23,17 +23,19 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = %w(lib)
-  spec.required_ruby_version = '>= 2.4.0'
+  spec.metadata['allowed_push_host'] = "https://rubygems.org"
+  spec.required_ruby_version = '>= 2.5.0'
   spec.add_dependency("activesupport", ">= 5.0")
   spec.add_dependency("kubeclient", "~> 4.3")
-  spec.add_dependency("googleauth", "~> 0.8.0")
+  spec.add_dependency("googleauth", "~> 0.8")
   spec.add_dependency("ejson", "~> 1.0")
   spec.add_dependency("colorize", "~> 0.8")
   spec.add_dependency("statsd-instrument", ['>= 2.8', "< 3.1"])
   spec.add_dependency("oj", "~> 3.0")
   spec.add_dependency("concurrent-ruby", "~> 1.1")
   spec.add_dependency("jsonpath", "~> 0.9.6")
-  spec.add_dependency("thor", "~>  0.20.3")
+  spec.add_dependency("thor", ">= 1.0", "< 2.0")
   # Basics
   spec.add_development_dependency("bundler")
@@ -41,7 +43,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("yard")
   # Test framework
-  spec.add_development_dependency("minitest", "~> 5.0")
+  spec.add_development_dependency("minitest", "~> 5.12")
   spec.add_development_dependency("minitest-stub-const", "~> 0.6")
   spec.add_development_dependency("minitest-reporters")
   spec.add_development_dependency("mocha", "~> 1.5")
@@ -54,6 +56,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("byebug")
   spec.add_development_dependency("ruby-prof")
   spec.add_development_dependency("ruby-prof-flamegraph")
-  spec.add_development_dependency("rubocop", "~> 0.76.0")
+  spec.add_development_dependency("rubocop", "~> 0.88.0")
   spec.add_development_dependency("codecov")
 end

data/lib/krane/annotation.rb ADDED

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module Krane
+  module Annotation
+    class << self
+      def for(suffix)
+        "krane.shopify.io/#{suffix}"
+      end
+    end
+  end
+end

data/lib/krane/cli/deploy_command.rb CHANGED

@@ -14,7 +14,7 @@ module Krane
                          aliases: :f, required: false, default: [],
                          desc: "Directories and files that contains the configuration to apply" },
         "stdin" => { type: :boolean, default: false,
-                     desc: "Read resources from stdin" },
+                     desc: "[DEPRECATED] Read resources from stdin" },
         "global-timeout" => { type: :string, banner: "duration", default: DEFAULT_DEPLOY_TIMEOUT,
                               desc: "Max duration to monitor workloads correctly deployed" },
         "protected-namespaces" => { type: :array, banner: "namespace1 namespace2 namespaceN",
@@ -26,7 +26,7 @@ module Krane
         "selector" => { type: :string, banner: "'label=value'",
                         desc: "Select workloads by selector(s)" },
         "verbose-log-prefix" => { type: :boolean, desc: "Add [context][namespace] to the log prefix",
-                                  default: true },
+                                  default: false },
         "verify-result" => { type: :boolean, default: true,
                              desc: "Verify workloads correctly deployed" },
       }
@@ -46,11 +46,10 @@ module Krane
           protected_namespaces = []
         end
-        # never mutate options directly
         filenames = options[:filenames].dup
         filenames << "-" if options[:stdin]
         if filenames.empty?
-          raise Thor::RequiredArgumentMissingError, 'At least one of --filenames or --stdin must be set'
+          raise(Thor::RequiredArgumentMissingError, '--filenames must be set and not empty')
         end
         ::Krane::OptionsHelper.with_processed_template_paths(filenames) do |paths|

data/lib/krane/cli/global_deploy_command.rb CHANGED

@@ -8,7 +8,8 @@ module Krane
         "filenames" => { type: :array, banner: 'config/deploy/production config/deploy/my-extra-resource.yml',
                          aliases: :f, required: false, default: [],
                          desc: "Directories and files that contains the configuration to apply" },
-        "stdin" => { type: :boolean, default: false, desc: "Read resources from stdin" },
+        "stdin" => { type: :boolean, default: false,
+                     desc: "[DEPRECATED] Read resources from stdin" },
         "global-timeout" => { type: :string, banner: "duration", default: DEFAULT_DEPLOY_TIMEOUT,
                               desc: "Max duration to monitor workloads correctly deployed" },
         "verify-result" => { type: :boolean, default: true,
@@ -28,11 +29,10 @@ module Krane
         selector = ::Krane::LabelSelector.parse(options[:selector])
-        # never mutate options directly
         filenames = options[:filenames].dup
         filenames << "-" if options[:stdin]
         if filenames.empty?
-          raise Thor::RequiredArgumentMissingError, 'At least one of --filenames or --stdin must be set'
+          raise(Thor::RequiredArgumentMissingError, '--filenames must be set and not empty')
         end
         ::Krane::OptionsHelper.with_processed_template_paths(filenames) do |paths|

data/lib/krane/cli/render_command.rb CHANGED

@@ -7,7 +7,8 @@ module Krane
         "bindings" => { type: :array, banner: "foo=bar abc=def", desc: 'Bindings for erb' },
         "filenames" => { type: :array, banner: 'config/deploy/production config/deploy/my-extra-resource.yml',
                          required: false, default: [], aliases: 'f', desc: 'Directories and files to render' },
-        "stdin" => { type: :boolean, desc: "Read resources from stdin", default: false },
+        "stdin" => { type: :boolean, default: false,
+                     desc: "[DEPRECATED] Read resources from stdin" },
         "current-sha" => { type: :string, banner: "SHA", desc: "Expose SHA `current_sha` in ERB bindings",
                            lazy_default: '' },
       }
@@ -20,11 +21,10 @@ module Krane
         bindings_parser = ::Krane::BindingsParser.new
         options[:bindings]&.each { |b| bindings_parser.add(b) }
-        # never mutate options directly
         filenames = options[:filenames].dup
         filenames << "-" if options[:stdin]
         if filenames.empty?
-          raise Thor::RequiredArgumentMissingError, 'At least one of --filenames or --stdin must be set'
+          raise(Thor::RequiredArgumentMissingError, '--filenames must be set and not empty')
         end
         ::Krane::OptionsHelper.with_processed_template_paths(filenames, render_erb: true) do |paths|

data/lib/krane/cluster_resource_discovery.rb CHANGED

@@ -37,7 +37,7 @@ module Krane
     def fetch_resources(namespaced: false)
       command = %w(api-resources)
       command << "--namespaced=#{namespaced}"
-      raw, _, st = kubectl.run(*command, output: "wide", attempts: 5,
+      raw, err, st = kubectl.run(*command, output: "wide", attempts: 5,
         use_namespace: false)
       if st.success?
         rows = raw.split("\n")
@@ -59,7 +59,7 @@ module Krane
           resource
         end
       else
-        []
+        raise FatalKubeAPIError, "Error retrieving api-resources: #{err}"
       end
     end
@@ -68,7 +68,7 @@ module Krane
     # kubectl api-versions returns a list of group/version strings e.g. autoscaling/v2beta2
     # A kind may not exist in all versions of the group.
     def fetch_api_versions
-      raw, _, st = kubectl.run("api-versions", attempts: 5, use_namespace: false)
+      raw, err, st = kubectl.run("api-versions", attempts: 5, use_namespace: false)
       # The "core" group is represented by an empty string
       versions = { "" => %w(v1) }
       if st.success?
@@ -78,6 +78,8 @@ module Krane
           versions[group] ||= []
           versions[group] << version
         end
+      else
+        raise FatalKubeAPIError, "Error retrieving api-versions: #{err}"
       end
       versions
     end
@@ -85,7 +87,9 @@ module Krane
     def version_for_kind(versions, kind)
       # Override list for kinds that don't appear in the lastest version of a group
       version_override = { "CronJob" => "v1beta1", "VolumeAttachment" => "v1beta1",
-                           "CSIDriver" => "v1beta1", "Ingress" => "v1beta1", "CSINode" => "v1beta1" }
+                           "CSIDriver" => "v1beta1", "Ingress" => "v1beta1",
+                           "CSINode" => "v1beta1", "Job" => "v1",
+                           "IngressClass" => "v1beta1" }
       pattern = /v(?<major>\d+)(?<pre>alpha|beta)?(?<minor>\d+)?/
       latest = versions.sort_by do |version|
@@ -97,12 +101,12 @@ module Krane
     end
     def fetch_crds
-      raw_json, _, st = kubectl.run("get", "CustomResourceDefinition", output: "json", attempts: 5,
+      raw_json, err, st = kubectl.run("get", "CustomResourceDefinition", output: "json", attempts: 5,
         use_namespace: false)
       if st.success?
         JSON.parse(raw_json)["items"]
       else
-        []
+        raise FatalKubeAPIError, "Error retrieving CustomResourceDefinition: #{err}"
       end
     end

data/lib/krane/concerns/template_reporting.rb CHANGED

@@ -15,12 +15,6 @@ module Krane
       logger.summary.add_paragraph(debug_msg)
     end
-    def record_warnings(logger:, warning:, filename:)
-      warn_msg = "Template warning: #{filename}\n"
-      warn_msg += "> Warning message:\n#{Krane::FormattedLogger.indent_four(warning)}"
-      logger.summary.add_paragraph(ColorizedString.new(warn_msg).yellow)
-    end
     def add_para_from_list(logger:, action:, enum:)
       logger.summary.add_action(action)
       logger.summary.add_paragraph(enum.map { |e| "- #{e}" }.join("\n"))

data/lib/krane/container_logs.rb CHANGED

@@ -3,7 +3,7 @@ module Krane
   class ContainerLogs
     attr_reader :lines, :container_name
-    DEFAULT_LINE_LIMIT = 250
+    DEFAULT_LINE_LIMIT = 25
     def initialize(parent_id:, container_name:, namespace:, context:, logger:)
       @parent_id = parent_id

data/lib/krane/container_overrides.rb ADDED

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module Krane
+  class ContainerOverrides
+    attr_reader :command, :arguments, :env_vars, :image_tag
+    def initialize(command: nil, arguments: nil, env_vars: [], image_tag: nil)
+      @command = command
+      @arguments = arguments
+      @env_vars = env_vars
+      @image_tag = image_tag
+    end
+    def apply!(container)
+      container.command = command if command
+      container.args = arguments if arguments
+      if image_tag
+        image = container.image
+        base_image, _old_tag = image.split(':')
+        new_image = "#{base_image}:#{image_tag}"
+        container.image = new_image
+      end
+      env_args = env_vars.map do |env|
+        key, value = env.split('=', 2)
+        { name: key, value: value }
+      end
+      container.env ||= []
+      container.env = container.env.map(&:to_h) + env_args
+    end
+  end
+end

data/lib/krane/deploy_task.rb CHANGED

@@ -4,13 +4,13 @@ require 'shellwords'
 require 'tempfile'
 require 'fileutils'
+require 'krane/annotation'
 require 'krane/common'
 require 'krane/concurrency'
 require 'krane/resource_cache'
 require 'krane/kubernetes_resource'
 %w(
   custom_resource
-  cloudsql
   config_map
   deployment
   ingress
@@ -57,21 +57,24 @@ module Krane
     )
     def predeploy_sequence
+      default_group = { group: nil }
       before_crs = %w(
         ResourceQuota
         NetworkPolicy
-      )
-      after_crs = %w(
         ConfigMap
         PersistentVolumeClaim
         ServiceAccount
         Role
         RoleBinding
         Secret
+      ).map { |r| [r, default_group] }
+      after_crs = %w(
         Pod
-      )
+      ).map { |r| [r, default_group] }
-      before_crs + cluster_resource_discoverer.crds.select(&:predeployed?).map(&:kind) + after_crs
+      crs = cluster_resource_discoverer.crds.select(&:predeployed?).map { |cr| [cr.kind, { group: cr.group }] }
+      Hash[before_crs + crs + after_crs]
     end
     def prune_whitelist
@@ -117,8 +120,8 @@ module Krane
     # Runs the task, returning a boolean representing success or failure
     #
     # @return [Boolean]
-    def run(*args)
-      run!(*args)
+    def run(**args)
+      run!(**args)
       true
     rescue FatalDeploymentError
       false
@@ -211,7 +214,10 @@ module Krane
     end
     def deploy_has_priority_resources?(resources)
-      resources.any? { |r| predeploy_sequence.include?(r.type) }
+      resources.any? do |r|
+        next unless (pr = predeploy_sequence[r.type])
+        !pr[:group] || pr[:group] == r.group
+      end
     end
     def check_initial_status(resources)
@@ -243,6 +249,8 @@ module Krane
         @logger.info("  - #{secret.id} (from ejson)")
       end
+      StatsD.client.gauge('discover_resources.count', resources.size, tags: statsd_tags)
       resources.sort
     rescue InvalidTemplateError => e
       record_invalid_template(logger: @logger, err: e.message, filename: e.filename,
@@ -275,11 +283,6 @@ module Krane
         r.validate_definition(kubectl, selector: @selector)
       end
-      resources.select(&:has_warnings?).each do |resource|
-        record_warnings(logger: @logger, warning: resource.validation_warning_msg,
-          filename: File.basename(resource.file_path))
-      end
       failed_resources = resources.select(&:validation_failed?)
       if failed_resources.present?

data/lib/krane/ejson_secret_provisioner.rb CHANGED

@@ -12,10 +12,10 @@ module Krane
   end
   class EjsonSecretProvisioner
-    EJSON_SECRET_ANNOTATION = "kubernetes-deploy.shopify.io/ejson-secret"
     EJSON_SECRET_KEY = "kubernetes_secrets"
     EJSON_SECRETS_FILE = "secrets.ejson"
     EJSON_KEYS_SECRET = "ejson-keys"
     delegate :namespace, :context, :logger, to: :@task_config
     def initialize(task_config:, ejson_keys_secret:, ejson_file:, statsd_tags:, selector: nil)
@@ -106,7 +106,6 @@ module Krane
           "name" => secret_name,
           "labels" => labels,
           "namespace" => namespace,
-          "annotations" => { EJSON_SECRET_ANNOTATION => "true" },
         },
         "data" => encoded_data,
       }

data/lib/krane/global_deploy_task.rb CHANGED

@@ -46,8 +46,8 @@ module Krane
     # Runs the task, returning a boolean representing success or failure
     #
     # @return [Boolean]
-    def run(*args)
-      run!(*args)
+    def run(**args)
+      run!(**args)
       true
     rescue FatalDeploymentError
       false
@@ -133,11 +133,6 @@ module Krane
         r.validate_definition(@kubectl, selector: @selector)
       end
-      resources.select(&:has_warnings?).each do |resource|
-        record_warnings(logger: logger, warning: resource.validation_warning_msg,
-          filename: File.basename(resource.file_path))
-      end
       failed_resources = resources.select(&:validation_failed?)
       if failed_resources.present?
         failed_resources.each do |r|
@@ -173,6 +168,8 @@ module Krane
         logger.info("  - #{r.id}")
       end
+      StatsD.client.gauge('discover_resources.count', resources.size, tags: statsd_tags)
       resources.sort
     rescue InvalidTemplateError => e
       record_invalid_template(logger: logger, err: e.message, filename: e.filename, content: e.content)

data/lib/krane/kubectl.rb CHANGED

@@ -6,6 +6,7 @@ module Krane
     ERROR_MATCHERS = {
       not_found: /NotFound/,
       client_timeout: /Client\.Timeout exceeded while awaiting headers/,
+      empty: /\A\z/,
     }
     DEFAULT_TIMEOUT = 15
     MAX_RETRY_DELAY = 16
@@ -34,7 +35,16 @@ module Krane
       (1..attempts).to_a.each do |current_attempt|
         logger.debug("Running command (attempt #{current_attempt}): #{cmd.join(' ')}")
         out, err, st = Open3.capture3(*cmd)
-        logger.debug("Kubectl out: " + out.gsub(/\s+/, ' ')) unless output_is_sensitive
+        # https://github.com/Shopify/krane/issues/395
+        unless out.valid_encoding?
+          out = out.dup.force_encoding(Encoding::UTF_8)
+        end
+        if logger.debug? && !output_is_sensitive
+          # don't do the gsub unless we're going to print this
+          logger.debug("Kubectl out: " + out.gsub(/\s+/, ' '))
+        end
         break if st.success?
         raise(ResourceNotFoundError, err) if err.match(ERROR_MATCHERS[:not_found]) && raise_if_not_found

data/lib/krane/kubernetes_resource.rb CHANGED

@@ -6,9 +6,12 @@ require 'krane/remote_logs'
 require 'krane/duration_parser'
 require 'krane/label_selector'
 require 'krane/rollout_conditions'
+require 'krane/psych_k8s_compatibility'
 module Krane
   class KubernetesResource
+    using PsychK8sCompatibility
     attr_reader :name, :namespace, :context
     attr_writer :type, :deploy_started_at, :global
@@ -16,7 +19,7 @@ module Krane
     TIMEOUT = 5.minutes
     LOG_LINE_COUNT = 250
     SERVER_DRY_RUN_DISABLED_ERROR =
-      /(unknown flag: --server-dry-run)|(doesn't support dry-run)|(dryRun alpha feature is disabled)/
+      /(unknown flag: --server-dry-run)|(does[\s\']n[o|']t support dry[-\s]run)|(dryRun alpha feature is disabled)/
     DISABLE_FETCHING_LOG_INFO = 'DISABLE_FETCHING_LOG_INFO'
     DISABLE_FETCHING_EVENT_INFO = 'DISABLE_FETCHING_EVENT_INFO'
@@ -32,9 +35,7 @@ module Krane
       If you have reason to believe it will succeed, retry the deploy to continue to monitor the rollout.
       MSG
-    TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX = "timeout-override"
-    TIMEOUT_OVERRIDE_ANNOTATION_DEPRECATED = "kubernetes-deploy.shopify.io/#{TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX}"
-    TIMEOUT_OVERRIDE_ANNOTATION = "krane.shopify.io/#{TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX}"
+    TIMEOUT_OVERRIDE_ANNOTATION = "timeout-override"
     LAST_APPLIED_ANNOTATION = "kubectl.kubernetes.io/last-applied-configuration"
     SENSITIVE_TEMPLATE_CONTENT = false
     SERVER_DRY_RUNNABLE = false
@@ -60,8 +61,8 @@ module Krane
       end
       def class_for_kind(kind)
-        if Krane.const_defined?(kind)
-          Krane.const_get(kind)
+        if Krane.const_defined?(kind, false)
+          Krane.const_get(kind, false)
         end
       rescue NameError
         nil
@@ -103,7 +104,7 @@ module Krane
     def timeout_override
       return @timeout_override if defined?(@timeout_override)
-      @timeout_override = DurationParser.new(krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX)).parse!.to_i
+      @timeout_override = DurationParser.new(krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION)).parse!.to_i
     rescue DurationParser::ParsingError
       @timeout_override = nil
     end
@@ -123,7 +124,6 @@ module Krane
       @statsd_report_done = false
       @disappeared = false
       @validation_errors = []
-      @validation_warnings = []
       @instance_data = {}
       @server_dry_run_validated = false
     end
@@ -134,22 +134,12 @@ module Krane
     def validate_definition(kubectl, selector: nil)
       @validation_errors = []
-      @validation_warnings = []
       validate_selector(selector) if selector
       validate_timeout_annotation
-      validate_annotation_version
       validate_spec_with_kubectl(kubectl)
       @validation_errors.present?
     end
-    def validation_warning_msg
-      @validation_warnings.join("\n")
-    end
-    def has_warnings?
-      @validation_warnings.present?
-    end
     def validation_error_msg
       @validation_errors.join("\n")
     end
@@ -228,6 +218,11 @@ module Krane
       @type || self.class.kind
     end
+    def group
+      grouping, version = @definition.dig("apiVersion").split("/")
+      version ? grouping : "core"
+    end
     def kubectl_resource_type
       type
     end
@@ -256,7 +251,7 @@ module Krane
       if cause == :gave_up
         debug_heading = ColorizedString.new("#{id}: GLOBAL WATCH TIMEOUT (#{info_hash[:timeout]} seconds)").yellow
         helpful_info << "If you expected it to take longer than #{info_hash[:timeout]} seconds for your deploy"\
-        " to roll out, increase --max-watch-seconds."
+        " to roll out, increase --global-timeout."
       elsif deploy_failed?
         debug_heading = ColorizedString.new("#{id}: FAILED").red
         helpful_info << failure_message if failure_message.present?
@@ -495,8 +490,8 @@ module Krane
     private
     def validate_timeout_annotation
-      timeout_override_value = krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX)
-      timeout_annotation_key = krane_annotation_key(TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX)
+      timeout_override_value = krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION)
+      timeout_annotation_key = Annotation.for(TIMEOUT_OVERRIDE_ANNOTATION)
       return if timeout_override_value.nil?
       override = DurationParser.new(timeout_override_value).parse!
@@ -509,30 +504,8 @@ module Krane
       @validation_errors << "#{timeout_annotation_key} annotation is invalid: #{e}"
     end
-    def validate_annotation_version
-      return if validation_warning_msg.include?("annotations is deprecated")
-      annotation_keys = @definition.dig("metadata", "annotations")&.keys
-      annotation_keys&.each do |annotation|
-        if annotation.include?("kubernetes-deploy.shopify.io")
-          annotation_prefix = annotation.split('/').first
-          @validation_warnings << "#{annotation_prefix} as a prefix for annotations is deprecated: "\
-            "Use the 'krane.shopify.io' annotation prefix instead"
-          return
-        end
-      end
-    end
     def krane_annotation_value(suffix)
-      @definition.dig("metadata", "annotations", "kubernetes-deploy.shopify.io/#{suffix}") ||
-        @definition.dig("metadata", "annotations", "krane.shopify.io/#{suffix}")
-    end
-    def krane_annotation_key(suffix)
-      if @definition.dig("metadata", "annotations", "kubernetes-deploy.shopify.io/#{suffix}")
-        "kubernetes-deploy.shopify.io/#{suffix}"
-      elsif @definition.dig("metadata", "annotations", "krane.shopify.io/#{suffix}")
-        "krane.shopify.io/#{suffix}"
-      end
+      @definition.dig("metadata", "annotations", Annotation.for(suffix))
     end
     def validate_selector(selector)
@@ -572,7 +545,7 @@ module Krane
     def validate_with_server_side_dry_run(kubectl)
       command = ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
-        retry_whitelist: [:client_timeout], attempts: 3)
+        retry_whitelist: [:client_timeout, :empty], attempts: 3)
     end
     # Local dry run is supported on only create and apply
@@ -582,7 +555,7 @@ module Krane
       verb = deploy_method == :apply ? "apply" : "create"
       command = [verb, "-f", file_path, "--dry-run", "--output=name"]
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
-        retry_whitelist: [:client_timeout], attempts: 3, use_namespace: !global?)
+        retry_whitelist: [:client_timeout, :empty], attempts: 3, use_namespace: !global?)
     end
     def labels