RubyGems - krane - Versions diffs - 1.1.0 → 2.0.0 - Mend

krane 1.1.0 → 2.0.0

Files changed (44) hide show

checksums.yaml +4 -4
data/.github/CODEOWNERS +1 -0
data/{ISSUE_TEMPLATE.md → .github/ISSUE_TEMPLATE.md} +0 -0
data/{pull_request_template.md → .github/pull_request_template.md} +0 -0
data/.rubocop-http---shopify-github-io-ruby-style-guide-rubocop-yml +24 -30
data/.rubocop.yml +0 -12
data/.shopify-build/krane.yml +20 -6
data/1.0-Upgrade.md +2 -2
data/CHANGELOG.md +61 -0
data/CONTRIBUTING.md +2 -2
data/README.md +14 -16
data/bin/ci +1 -1
data/bin/test +2 -2
data/dev.yml +1 -1
data/krane.gemspec +7 -5
data/lib/krane/annotation.rb +11 -0
data/lib/krane/cli/deploy_command.rb +3 -4
data/lib/krane/cli/global_deploy_command.rb +3 -3
data/lib/krane/cli/render_command.rb +3 -3
data/lib/krane/cluster_resource_discovery.rb +10 -6
data/lib/krane/concerns/template_reporting.rb +0 -6
data/lib/krane/container_logs.rb +1 -1
data/lib/krane/container_overrides.rb +33 -0
data/lib/krane/deploy_task.rb +16 -13
data/lib/krane/ejson_secret_provisioner.rb +1 -2
data/lib/krane/global_deploy_task.rb +4 -7
data/lib/krane/kubectl.rb +11 -1
data/lib/krane/kubernetes_resource.rb +19 -46
data/lib/krane/kubernetes_resource/custom_resource.rb +2 -2
data/lib/krane/kubernetes_resource/custom_resource_definition.rb +13 -10
data/lib/krane/kubernetes_resource/deployment.rb +5 -7
data/lib/krane/kubernetes_resource/pod.rb +12 -8
data/lib/krane/psych_k8s_compatibility.rb +36 -0
data/lib/krane/render_task.rb +2 -2
data/lib/krane/renderer.rb +2 -0
data/lib/krane/resource_deployer.rb +7 -2
data/lib/krane/resource_watcher.rb +1 -1
data/lib/krane/restart_task.rb +2 -2
data/lib/krane/runner_task.rb +16 -17
data/lib/krane/statsd.rb +2 -2
data/lib/krane/template_sets.rb +1 -1
data/lib/krane/version.rb +1 -1
metadata +27 -17
data/lib/krane/kubernetes_resource/cloudsql.rb +0 -44

data/bin/ci CHANGED

@@ -17,5 +17,5 @@ docker run --rm \
     -e VERBOSE=1 \
     -e PARALLELISM=$PARALLELISM \
     -w /usr/src/app \
-    ruby:2.4 \
+    ruby:"${RUBY_VERSION:-2.5}" \
     bin/test

data/bin/test CHANGED

@@ -41,7 +41,7 @@ bundle exec rake unit_test
 print_header "Run Non-Parallel Integration Tests"
 bundle exec rake serial_integration_test
-print_header "Run Parallel Integration Tests (N=$PARALLELISM)"
-PARALLELIZE_ME=1 N=$PARALLELISM bundle exec rake integration_test
+print_header "Run Parallel Integration Tests (MT_CPU=$PARALLELISM)"
+PARALLELIZE_ME=1 MT_CPU=$PARALLELISM bundle exec rake integration_test
 test $err -eq 0

data/dev.yml CHANGED

@@ -1,7 +1,7 @@
 ---
 name: krane
 up:
-  - ruby: 2.4.6 # Matches gemspec
+  - ruby: 2.5.7 # Matches gemspec
   - bundler
   - homebrew:
     - Caskroom/cask/minikube

data/krane.gemspec CHANGED

@@ -23,17 +23,19 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = %w(lib)
-  spec.required_ruby_version = '>= 2.4.0'
+  spec.metadata['allowed_push_host'] = "https://rubygems.org"
+  spec.required_ruby_version = '>= 2.5.0'
   spec.add_dependency("activesupport", ">= 5.0")
   spec.add_dependency("kubeclient", "~> 4.3")
-  spec.add_dependency("googleauth", "~> 0.8.0")
+  spec.add_dependency("googleauth", "~> 0.8")
   spec.add_dependency("ejson", "~> 1.0")
   spec.add_dependency("colorize", "~> 0.8")
   spec.add_dependency("statsd-instrument", ['>= 2.8', "< 3.1"])
   spec.add_dependency("oj", "~> 3.0")
   spec.add_dependency("concurrent-ruby", "~> 1.1")
   spec.add_dependency("jsonpath", "~> 0.9.6")
-  spec.add_dependency("thor", "~>  0.20.3")
+  spec.add_dependency("thor", ">= 1.0", "< 2.0")
   # Basics
   spec.add_development_dependency("bundler")
@@ -41,7 +43,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("yard")
   # Test framework
-  spec.add_development_dependency("minitest", "~> 5.0")
+  spec.add_development_dependency("minitest", "~> 5.12")
   spec.add_development_dependency("minitest-stub-const", "~> 0.6")
   spec.add_development_dependency("minitest-reporters")
   spec.add_development_dependency("mocha", "~> 1.5")
@@ -54,6 +56,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("byebug")
   spec.add_development_dependency("ruby-prof")
   spec.add_development_dependency("ruby-prof-flamegraph")
-  spec.add_development_dependency("rubocop", "~> 0.76.0")
+  spec.add_development_dependency("rubocop", "~> 0.88.0")
   spec.add_development_dependency("codecov")
 end

data/lib/krane/annotation.rb ADDED

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module Krane
+  module Annotation
+    class << self
+      def for(suffix)
+        "krane.shopify.io/#{suffix}"
+      end
+    end
+  end
+end

data/lib/krane/cli/deploy_command.rb CHANGED

@@ -14,7 +14,7 @@ module Krane
                          aliases: :f, required: false, default: [],
                          desc: "Directories and files that contains the configuration to apply" },
         "stdin" => { type: :boolean, default: false,
-                     desc: "Read resources from stdin" },
+                     desc: "[DEPRECATED] Read resources from stdin" },
         "global-timeout" => { type: :string, banner: "duration", default: DEFAULT_DEPLOY_TIMEOUT,
                               desc: "Max duration to monitor workloads correctly deployed" },
         "protected-namespaces" => { type: :array, banner: "namespace1 namespace2 namespaceN",
@@ -26,7 +26,7 @@ module Krane
         "selector" => { type: :string, banner: "'label=value'",
                         desc: "Select workloads by selector(s)" },
         "verbose-log-prefix" => { type: :boolean, desc: "Add [context][namespace] to the log prefix",
-                                  default: true },
+                                  default: false },
         "verify-result" => { type: :boolean, default: true,
                              desc: "Verify workloads correctly deployed" },
       }
@@ -46,11 +46,10 @@ module Krane
           protected_namespaces = []
         end
-        # never mutate options directly
         filenames = options[:filenames].dup
         filenames << "-" if options[:stdin]
         if filenames.empty?
-          raise Thor::RequiredArgumentMissingError, 'At least one of --filenames or --stdin must be set'
+          raise(Thor::RequiredArgumentMissingError, '--filenames must be set and not empty')
         end
         ::Krane::OptionsHelper.with_processed_template_paths(filenames) do |paths|

data/lib/krane/cli/global_deploy_command.rb CHANGED

@@ -8,7 +8,8 @@ module Krane
         "filenames" => { type: :array, banner: 'config/deploy/production config/deploy/my-extra-resource.yml',
                          aliases: :f, required: false, default: [],
                          desc: "Directories and files that contains the configuration to apply" },
-        "stdin" => { type: :boolean, default: false, desc: "Read resources from stdin" },
+        "stdin" => { type: :boolean, default: false,
+                     desc: "[DEPRECATED] Read resources from stdin" },
         "global-timeout" => { type: :string, banner: "duration", default: DEFAULT_DEPLOY_TIMEOUT,
                               desc: "Max duration to monitor workloads correctly deployed" },
         "verify-result" => { type: :boolean, default: true,
@@ -28,11 +29,10 @@ module Krane
         selector = ::Krane::LabelSelector.parse(options[:selector])
-        # never mutate options directly
         filenames = options[:filenames].dup
         filenames << "-" if options[:stdin]
         if filenames.empty?
-          raise Thor::RequiredArgumentMissingError, 'At least one of --filenames or --stdin must be set'
+          raise(Thor::RequiredArgumentMissingError, '--filenames must be set and not empty')
         end
         ::Krane::OptionsHelper.with_processed_template_paths(filenames) do |paths|

data/lib/krane/cli/render_command.rb CHANGED

@@ -7,7 +7,8 @@ module Krane
         "bindings" => { type: :array, banner: "foo=bar abc=def", desc: 'Bindings for erb' },
         "filenames" => { type: :array, banner: 'config/deploy/production config/deploy/my-extra-resource.yml',
                          required: false, default: [], aliases: 'f', desc: 'Directories and files to render' },
-        "stdin" => { type: :boolean, desc: "Read resources from stdin", default: false },
+        "stdin" => { type: :boolean, default: false,
+                     desc: "[DEPRECATED] Read resources from stdin" },
         "current-sha" => { type: :string, banner: "SHA", desc: "Expose SHA `current_sha` in ERB bindings",
                            lazy_default: '' },
       }
@@ -20,11 +21,10 @@ module Krane
         bindings_parser = ::Krane::BindingsParser.new
         options[:bindings]&.each { |b| bindings_parser.add(b) }
-        # never mutate options directly
         filenames = options[:filenames].dup
         filenames << "-" if options[:stdin]
         if filenames.empty?
-          raise Thor::RequiredArgumentMissingError, 'At least one of --filenames or --stdin must be set'
+          raise(Thor::RequiredArgumentMissingError, '--filenames must be set and not empty')
         end
         ::Krane::OptionsHelper.with_processed_template_paths(filenames, render_erb: true) do |paths|

data/lib/krane/cluster_resource_discovery.rb CHANGED

@@ -37,7 +37,7 @@ module Krane
     def fetch_resources(namespaced: false)
       command = %w(api-resources)
       command << "--namespaced=#{namespaced}"
-      raw, _, st = kubectl.run(*command, output: "wide", attempts: 5,
+      raw, err, st = kubectl.run(*command, output: "wide", attempts: 5,
         use_namespace: false)
       if st.success?
         rows = raw.split("\n")
@@ -59,7 +59,7 @@ module Krane
           resource
         end
       else
-        []
+        raise FatalKubeAPIError, "Error retrieving api-resources: #{err}"
       end
     end
@@ -68,7 +68,7 @@ module Krane
     # kubectl api-versions returns a list of group/version strings e.g. autoscaling/v2beta2
     # A kind may not exist in all versions of the group.
     def fetch_api_versions
-      raw, _, st = kubectl.run("api-versions", attempts: 5, use_namespace: false)
+      raw, err, st = kubectl.run("api-versions", attempts: 5, use_namespace: false)
       # The "core" group is represented by an empty string
       versions = { "" => %w(v1) }
       if st.success?
@@ -78,6 +78,8 @@ module Krane
           versions[group] ||= []
           versions[group] << version
         end
+      else
+        raise FatalKubeAPIError, "Error retrieving api-versions: #{err}"
       end
       versions
     end
@@ -85,7 +87,9 @@ module Krane
     def version_for_kind(versions, kind)
       # Override list for kinds that don't appear in the lastest version of a group
       version_override = { "CronJob" => "v1beta1", "VolumeAttachment" => "v1beta1",
-                           "CSIDriver" => "v1beta1", "Ingress" => "v1beta1", "CSINode" => "v1beta1" }
+                           "CSIDriver" => "v1beta1", "Ingress" => "v1beta1",
+                           "CSINode" => "v1beta1", "Job" => "v1",
+                           "IngressClass" => "v1beta1" }
       pattern = /v(?<major>\d+)(?<pre>alpha|beta)?(?<minor>\d+)?/
       latest = versions.sort_by do |version|
@@ -97,12 +101,12 @@ module Krane
     end
     def fetch_crds
-      raw_json, _, st = kubectl.run("get", "CustomResourceDefinition", output: "json", attempts: 5,
+      raw_json, err, st = kubectl.run("get", "CustomResourceDefinition", output: "json", attempts: 5,
         use_namespace: false)
       if st.success?
         JSON.parse(raw_json)["items"]
       else
-        []
+        raise FatalKubeAPIError, "Error retrieving CustomResourceDefinition: #{err}"
       end
     end

data/lib/krane/concerns/template_reporting.rb CHANGED

@@ -15,12 +15,6 @@ module Krane
       logger.summary.add_paragraph(debug_msg)
     end
-    def record_warnings(logger:, warning:, filename:)
-      warn_msg = "Template warning: #{filename}\n"
-      warn_msg += "> Warning message:\n#{Krane::FormattedLogger.indent_four(warning)}"
-      logger.summary.add_paragraph(ColorizedString.new(warn_msg).yellow)
-    end
     def add_para_from_list(logger:, action:, enum:)
       logger.summary.add_action(action)
       logger.summary.add_paragraph(enum.map { |e| "- #{e}" }.join("\n"))

data/lib/krane/container_logs.rb CHANGED

@@ -3,7 +3,7 @@ module Krane
   class ContainerLogs
     attr_reader :lines, :container_name
-    DEFAULT_LINE_LIMIT = 250
+    DEFAULT_LINE_LIMIT = 25
     def initialize(parent_id:, container_name:, namespace:, context:, logger:)
       @parent_id = parent_id

data/lib/krane/container_overrides.rb ADDED

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module Krane
+  class ContainerOverrides
+    attr_reader :command, :arguments, :env_vars, :image_tag
+    def initialize(command: nil, arguments: nil, env_vars: [], image_tag: nil)
+      @command = command
+      @arguments = arguments
+      @env_vars = env_vars
+      @image_tag = image_tag
+    end
+    def apply!(container)
+      container.command = command if command
+      container.args = arguments if arguments
+      if image_tag
+        image = container.image
+        base_image, _old_tag = image.split(':')
+        new_image = "#{base_image}:#{image_tag}"
+        container.image = new_image
+      end
+      env_args = env_vars.map do |env|
+        key, value = env.split('=', 2)
+        { name: key, value: value }
+      end
+      container.env ||= []
+      container.env = container.env.map(&:to_h) + env_args
+    end
+  end
+end

data/lib/krane/deploy_task.rb CHANGED

@@ -4,13 +4,13 @@ require 'shellwords'
 require 'tempfile'
 require 'fileutils'
+require 'krane/annotation'
 require 'krane/common'
 require 'krane/concurrency'
 require 'krane/resource_cache'
 require 'krane/kubernetes_resource'
 %w(
   custom_resource
-  cloudsql
   config_map
   deployment
   ingress
@@ -57,21 +57,24 @@ module Krane
     )
     def predeploy_sequence
+      default_group = { group: nil }
       before_crs = %w(
         ResourceQuota
         NetworkPolicy
-      )
-      after_crs = %w(
         ConfigMap
         PersistentVolumeClaim
         ServiceAccount
         Role
         RoleBinding
         Secret
+      ).map { |r| [r, default_group] }
+      after_crs = %w(
         Pod
-      )
+      ).map { |r| [r, default_group] }
-      before_crs + cluster_resource_discoverer.crds.select(&:predeployed?).map(&:kind) + after_crs
+      crs = cluster_resource_discoverer.crds.select(&:predeployed?).map { |cr| [cr.kind, { group: cr.group }] }
+      Hash[before_crs + crs + after_crs]
     end
     def prune_whitelist
@@ -117,8 +120,8 @@ module Krane
     # Runs the task, returning a boolean representing success or failure
     #
     # @return [Boolean]
-    def run(*args)
-      run!(*args)
+    def run(**args)
+      run!(**args)
       true
     rescue FatalDeploymentError
       false
@@ -211,7 +214,10 @@ module Krane
     end
     def deploy_has_priority_resources?(resources)
-      resources.any? { |r| predeploy_sequence.include?(r.type) }
+      resources.any? do |r|
+        next unless (pr = predeploy_sequence[r.type])
+        !pr[:group] || pr[:group] == r.group
+      end
     end
     def check_initial_status(resources)
@@ -243,6 +249,8 @@ module Krane
         @logger.info("  - #{secret.id} (from ejson)")
       end
+      StatsD.client.gauge('discover_resources.count', resources.size, tags: statsd_tags)
       resources.sort
     rescue InvalidTemplateError => e
       record_invalid_template(logger: @logger, err: e.message, filename: e.filename,
@@ -275,11 +283,6 @@ module Krane
         r.validate_definition(kubectl, selector: @selector)
       end
-      resources.select(&:has_warnings?).each do |resource|
-        record_warnings(logger: @logger, warning: resource.validation_warning_msg,
-          filename: File.basename(resource.file_path))
-      end
       failed_resources = resources.select(&:validation_failed?)
       if failed_resources.present?

data/lib/krane/ejson_secret_provisioner.rb CHANGED

@@ -12,10 +12,10 @@ module Krane
   end
   class EjsonSecretProvisioner
-    EJSON_SECRET_ANNOTATION = "kubernetes-deploy.shopify.io/ejson-secret"
     EJSON_SECRET_KEY = "kubernetes_secrets"
     EJSON_SECRETS_FILE = "secrets.ejson"
     EJSON_KEYS_SECRET = "ejson-keys"
     delegate :namespace, :context, :logger, to: :@task_config
     def initialize(task_config:, ejson_keys_secret:, ejson_file:, statsd_tags:, selector: nil)
@@ -106,7 +106,6 @@ module Krane
           "name" => secret_name,
           "labels" => labels,
           "namespace" => namespace,
-          "annotations" => { EJSON_SECRET_ANNOTATION => "true" },
         },
         "data" => encoded_data,
       }

data/lib/krane/global_deploy_task.rb CHANGED

@@ -46,8 +46,8 @@ module Krane
     # Runs the task, returning a boolean representing success or failure
     #
     # @return [Boolean]
-    def run(*args)
-      run!(*args)
+    def run(**args)
+      run!(**args)
       true
     rescue FatalDeploymentError
       false
@@ -133,11 +133,6 @@ module Krane
         r.validate_definition(@kubectl, selector: @selector)
       end
-      resources.select(&:has_warnings?).each do |resource|
-        record_warnings(logger: logger, warning: resource.validation_warning_msg,
-          filename: File.basename(resource.file_path))
-      end
       failed_resources = resources.select(&:validation_failed?)
       if failed_resources.present?
         failed_resources.each do |r|
@@ -173,6 +168,8 @@ module Krane
         logger.info("  - #{r.id}")
       end
+      StatsD.client.gauge('discover_resources.count', resources.size, tags: statsd_tags)
       resources.sort
     rescue InvalidTemplateError => e
       record_invalid_template(logger: logger, err: e.message, filename: e.filename, content: e.content)

data/lib/krane/kubectl.rb CHANGED

@@ -6,6 +6,7 @@ module Krane
     ERROR_MATCHERS = {
       not_found: /NotFound/,
       client_timeout: /Client\.Timeout exceeded while awaiting headers/,
+      empty: /\A\z/,
     }
     DEFAULT_TIMEOUT = 15
     MAX_RETRY_DELAY = 16
@@ -34,7 +35,16 @@ module Krane
       (1..attempts).to_a.each do |current_attempt|
         logger.debug("Running command (attempt #{current_attempt}): #{cmd.join(' ')}")
         out, err, st = Open3.capture3(*cmd)
-        logger.debug("Kubectl out: " + out.gsub(/\s+/, ' ')) unless output_is_sensitive
+        # https://github.com/Shopify/krane/issues/395
+        unless out.valid_encoding?
+          out = out.dup.force_encoding(Encoding::UTF_8)
+        end
+        if logger.debug? && !output_is_sensitive
+          # don't do the gsub unless we're going to print this
+          logger.debug("Kubectl out: " + out.gsub(/\s+/, ' '))
+        end
         break if st.success?
         raise(ResourceNotFoundError, err) if err.match(ERROR_MATCHERS[:not_found]) && raise_if_not_found

data/lib/krane/kubernetes_resource.rb CHANGED

@@ -6,9 +6,12 @@ require 'krane/remote_logs'
 require 'krane/duration_parser'
 require 'krane/label_selector'
 require 'krane/rollout_conditions'
+require 'krane/psych_k8s_compatibility'
 module Krane
   class KubernetesResource
+    using PsychK8sCompatibility
     attr_reader :name, :namespace, :context
     attr_writer :type, :deploy_started_at, :global
@@ -16,7 +19,7 @@ module Krane
     TIMEOUT = 5.minutes
     LOG_LINE_COUNT = 250
     SERVER_DRY_RUN_DISABLED_ERROR =
-      /(unknown flag: --server-dry-run)|(doesn't support dry-run)|(dryRun alpha feature is disabled)/
+      /(unknown flag: --server-dry-run)|(does[\s\']n[o|']t support dry[-\s]run)|(dryRun alpha feature is disabled)/
     DISABLE_FETCHING_LOG_INFO = 'DISABLE_FETCHING_LOG_INFO'
     DISABLE_FETCHING_EVENT_INFO = 'DISABLE_FETCHING_EVENT_INFO'
@@ -32,9 +35,7 @@ module Krane
       If you have reason to believe it will succeed, retry the deploy to continue to monitor the rollout.
       MSG
-    TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX = "timeout-override"
-    TIMEOUT_OVERRIDE_ANNOTATION_DEPRECATED = "kubernetes-deploy.shopify.io/#{TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX}"
-    TIMEOUT_OVERRIDE_ANNOTATION = "krane.shopify.io/#{TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX}"
+    TIMEOUT_OVERRIDE_ANNOTATION = "timeout-override"
     LAST_APPLIED_ANNOTATION = "kubectl.kubernetes.io/last-applied-configuration"
     SENSITIVE_TEMPLATE_CONTENT = false
     SERVER_DRY_RUNNABLE = false
@@ -60,8 +61,8 @@ module Krane
       end
       def class_for_kind(kind)
-        if Krane.const_defined?(kind)
-          Krane.const_get(kind)
+        if Krane.const_defined?(kind, false)
+          Krane.const_get(kind, false)
         end
       rescue NameError
         nil
@@ -103,7 +104,7 @@ module Krane
     def timeout_override
       return @timeout_override if defined?(@timeout_override)
-      @timeout_override = DurationParser.new(krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX)).parse!.to_i
+      @timeout_override = DurationParser.new(krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION)).parse!.to_i
     rescue DurationParser::ParsingError
       @timeout_override = nil
     end
@@ -123,7 +124,6 @@ module Krane
       @statsd_report_done = false
       @disappeared = false
       @validation_errors = []
-      @validation_warnings = []
       @instance_data = {}
       @server_dry_run_validated = false
     end
@@ -134,22 +134,12 @@ module Krane
     def validate_definition(kubectl, selector: nil)
       @validation_errors = []
-      @validation_warnings = []
       validate_selector(selector) if selector
       validate_timeout_annotation
-      validate_annotation_version
       validate_spec_with_kubectl(kubectl)
       @validation_errors.present?
     end
-    def validation_warning_msg
-      @validation_warnings.join("\n")
-    end
-    def has_warnings?
-      @validation_warnings.present?
-    end
     def validation_error_msg
       @validation_errors.join("\n")
     end
@@ -228,6 +218,11 @@ module Krane
       @type || self.class.kind
     end
+    def group
+      grouping, version = @definition.dig("apiVersion").split("/")
+      version ? grouping : "core"
+    end
     def kubectl_resource_type
       type
     end
@@ -256,7 +251,7 @@ module Krane
       if cause == :gave_up
         debug_heading = ColorizedString.new("#{id}: GLOBAL WATCH TIMEOUT (#{info_hash[:timeout]} seconds)").yellow
         helpful_info << "If you expected it to take longer than #{info_hash[:timeout]} seconds for your deploy"\
-        " to roll out, increase --max-watch-seconds."
+        " to roll out, increase --global-timeout."
       elsif deploy_failed?
         debug_heading = ColorizedString.new("#{id}: FAILED").red
         helpful_info << failure_message if failure_message.present?
@@ -495,8 +490,8 @@ module Krane
     private
     def validate_timeout_annotation
-      timeout_override_value = krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX)
-      timeout_annotation_key = krane_annotation_key(TIMEOUT_OVERRIDE_ANNOTATION_SUFFIX)
+      timeout_override_value = krane_annotation_value(TIMEOUT_OVERRIDE_ANNOTATION)
+      timeout_annotation_key = Annotation.for(TIMEOUT_OVERRIDE_ANNOTATION)
       return if timeout_override_value.nil?
       override = DurationParser.new(timeout_override_value).parse!
@@ -509,30 +504,8 @@ module Krane
       @validation_errors << "#{timeout_annotation_key} annotation is invalid: #{e}"
     end
-    def validate_annotation_version
-      return if validation_warning_msg.include?("annotations is deprecated")
-      annotation_keys = @definition.dig("metadata", "annotations")&.keys
-      annotation_keys&.each do |annotation|
-        if annotation.include?("kubernetes-deploy.shopify.io")
-          annotation_prefix = annotation.split('/').first
-          @validation_warnings << "#{annotation_prefix} as a prefix for annotations is deprecated: "\
-            "Use the 'krane.shopify.io' annotation prefix instead"
-          return
-        end
-      end
-    end
     def krane_annotation_value(suffix)
-      @definition.dig("metadata", "annotations", "kubernetes-deploy.shopify.io/#{suffix}") ||
-        @definition.dig("metadata", "annotations", "krane.shopify.io/#{suffix}")
-    end
-    def krane_annotation_key(suffix)
-      if @definition.dig("metadata", "annotations", "kubernetes-deploy.shopify.io/#{suffix}")
-        "kubernetes-deploy.shopify.io/#{suffix}"
-      elsif @definition.dig("metadata", "annotations", "krane.shopify.io/#{suffix}")
-        "krane.shopify.io/#{suffix}"
-      end
+      @definition.dig("metadata", "annotations", Annotation.for(suffix))
     end
     def validate_selector(selector)
@@ -572,7 +545,7 @@ module Krane
     def validate_with_server_side_dry_run(kubectl)
       command = ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
-        retry_whitelist: [:client_timeout], attempts: 3)
+        retry_whitelist: [:client_timeout, :empty], attempts: 3)
     end
     # Local dry run is supported on only create and apply
@@ -582,7 +555,7 @@ module Krane
       verb = deploy_method == :apply ? "apply" : "create"
       command = [verb, "-f", file_path, "--dry-run", "--output=name"]
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
-        retry_whitelist: [:client_timeout], attempts: 3, use_namespace: !global?)
+        retry_whitelist: [:client_timeout, :empty], attempts: 3, use_namespace: !global?)
     end
     def labels