krane 2.0.0 → 2.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57338bf07bebe1b05ce6701e0c89f2c91db5bd083818b35bd9f307aa669de5ba
-  data.tar.gz: 94850854c314bb1f05bbc43baa2759dc10e53ee9845c8f3d9b0d33e1a2d7dfd6
+  metadata.gz: 7ae8bb4b0c7f920136990847601e19c7767075a89ead99781213feaf309d623d
+  data.tar.gz: 90ad58122ca788ebd4010e62e624c0d73a0c153e48c942673e244e7fbb4ccb32
 SHA512:
-  metadata.gz: a0414c56878acd433ef3fabf36dd71920ab887adef61ce6b88c3a9dd298fedfb98c8cea39f0a2dfee1d789144ee3b175274e5ecccfd9ff08aad97322cc709463
-  data.tar.gz: 4f12d3be973fafb33dbbeb5f1f036afc6aa0cd5013b28a063c957befe34a0b65247e1a6b2390de49b52f5f6a9285de2206d5bbda819549a1a82e70e426c61a39
+  metadata.gz: 7e09bdb58b4bca4380b77bb10589a2e5b57aa31e9d8838c4b6efc68ccbf58b5af84c360a1a2710564164e4d6f19419cd38d7b3952559c56d5f7dc026d432a194
+  data.tar.gz: 659649bf0d0cfbe04d3fad0f32f3a05cc6ed9e117ca0755bf808d898b60dbf0d5be88cad609de1589cd93eb2b808e6cc9994a73f7b21267920b679b71afd138e

data/.buildkite/pipeline.nightly.yml

@@ -13,31 +13,3 @@ steps:
     env:
       LOGGING_LEVEL: 4
       KUBERNETES_VERSION: v1.15-latest
-  - name: 'Run Test Suite (:kubernetes: 1.14-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.14-latest
-  - name: 'Run Test Suite (:kubernetes: 1.13-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.13-latest
-  - name: 'Run Test Suite (:kubernetes: 1.12-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.12-latest
-  - name: 'Run Test Suite (:kubernetes: 1.11-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.11-latest

data/.rubocop-http---shopify-github-io-ruby-style-guide-rubocop-yml

@@ -195,6 +195,7 @@ Style/FrozenStringLiteralComment:
   SupportedStyles:
     - always
     - never
+  SafeAutoCorrect: true
 
 Style/GlobalVars:
   AllowedVariables: []
@@ -264,7 +265,7 @@ Style/MethodCallWithArgsParentheses:
   - raise
   - puts
   Exclude:
-  - Gemfile
+  - '**/Gemfile'
 
 Style/MethodDefParentheses:
   EnforcedStyle: require_parentheses
@@ -675,7 +676,7 @@ Style/LineEndConcatenation:
 Style/MethodCallWithoutArgsParentheses:
   Enabled: true
 
-Style/MethodMissingSuper:
+Lint/MissingSuper:
   Enabled: true
 
 Style/MissingRespondToMissing:
@@ -965,7 +966,7 @@ Lint/UselessAccessModifier:
 Lint/UselessAssignment:
   Enabled: true
 
-Lint/UselessComparison:
+Lint/BinaryOperatorWithIdenticalOperands:
   Enabled: true
 
 Lint/UselessElseWithoutRescue:

data/.shopify-build/krane.yml

@@ -1,6 +1,6 @@
 containers:
   default:
-    docker: circleci/ruby:2.5.7
+    docker: circleci/ruby:2.6.6
 
 steps:
   - label: Lint
@@ -8,61 +8,47 @@ steps:
     run:
       - bundle: ~
       - bundle exec rubocop
-  - label: 'Run Test Suite (:kubernetes: 1.18-latest :ruby: 2.7)'
+  - label: 'Run Test Suite (:kubernetes: 1.20-latest :ruby: 3.0)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.18-latest
-      RUBY_VERSION: "2.7"
-  - label: 'Run Test Suite (:kubernetes: 1.17-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.17-latest
-  - label: 'Run Test Suite (:kubernetes: 1.16.12)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: "4"
-      # Flip this back to v1.16-latest when 1.16.14 comes out (see #733)
-      KUBERNETES_VERSION: v1.16.12
-  - label: 'Run Test Suite (:kubernetes: 1.15-latest)'
+      KUBERNETES_VERSION: v1.20-latest
+      RUBY_VERSION: "3.0"
+  - label: 'Run Test Suite (:kubernetes: 1.19-latest :ruby: 2.7)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.15-latest
-  - label: 'Run Test Suite (:kubernetes: 1.14-latest)'
+      KUBERNETES_VERSION: v1.19-latest
+      RUBY_VERSION: "2.7"
+  - label: 'Run Test Suite (:kubernetes: 1.18-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.14-latest
-  - label: 'Run Test Suite (:kubernetes: 1.13-latest)'
+      KUBERNETES_VERSION: v1.18-latest
+  - label: 'Run Test Suite (:kubernetes: 1.17-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.13-latest
-  - label: 'Run Test Suite (:kubernetes: 1.12-latest)'
+      KUBERNETES_VERSION: v1.17-latest
+  - label: 'Run Test Suite (:kubernetes: 1.16-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.12-latest
-  - label: 'Run Test Suite (:kubernetes: 1.11-latest)'
+      KUBERNETES_VERSION: v1.16-latest
+  - label: 'Run Test Suite (:kubernetes: 1.15-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.11-latest
+      KUBERNETES_VERSION: v1.15-latest

data/CHANGELOG.md

@@ -1,5 +1,40 @@
 ## next
 
+## 2.1.4
+
+*Enhancements*
+- Attempt to batch run server-side apply in validation phase instead of dry-running each resource individually [#781](https://github.com/Shopify/krane/pull/781).
+- Evaluate progress condition only after progress deadline seconds have passed since deploy invocation [#765](https://github.com/Shopify/krane/pull/765).
+
+*Other*
+- Dropped support for Ruby 2.5 due to EoL. [#782](https://github.com/Shopify/krane/pull/782).
+- Only patch JSON when run as CLI, not as library [#779](https://github.com/Shopify/krane/pull/779).
+
+## 2.1.3
+
+- Add version exception for ServiceNetworkEndpointGroup (GKE resource) [#768](https://github.com/Shopify/krane/pull/768)
+- Kubernetes 1.14 and lower is no longer officially supported as of this version ([#766](https://github.com/Shopify/krane/pull/766))
+
+## 2.1.2
+
+- Add version exception for FrontendConfig (GKE resource) [#761](https://github.com/Shopify/krane/pull/761)
+
+## 2.1.1
+
+*Bug Fixes*
+- Fix the way environment variables are passed into the EJSON decryption invocation [#759](https://github.com/Shopify/krane/pull/759)
+
+## 2.1.0
+
+*Features*
+- _(experimental)_ Override deploy method via annotation. This feature is considered alpha and should not be considered stable [#753](https://github.com/Shopify/krane/pull/753)
+
+*Enhancements*
+- Increased the number of attempts on kubectl commands during Initializing deploy phase [#749](https://github.com/Shopify/krane/pull/749)
+- Increased attempts on kubectl apply command during deploy [#751](https://github.com/Shopify/krane/pull/751)
+- Whitelist context deadline error during kubctl dry run [#754](https://github.com/Shopify/krane/pull/754)
+- Allow specifying a kubeconfig per task in the internal API [#746](https://github.com/Shopify/krane/pull/746)
+
 ## 2.0.0
 
 *Breaking Changes*

data/README.md

@@ -1,4 +1,4 @@
-# krane [![Build status](https://badge.buildkite.com/35c56e797c3bbd6ba50053aefdded0715898cd8e8c86f7e462.svg?branch=master)](https://buildkite.com/shopify/krane) [![codecov](https://codecov.io/gh/Shopify/kubernetes-deploy/branch/master/graph/badge.svg)](https://codecov.io/gh/Shopify/kubernetes-deploy)
+# krane [![Build status](https://badge.buildkite.com/35c56e797c3bbd6ba50053aefdded0715898cd8e8c86f7e462.svg?branch=master)](https://buildkite.com/shopify/krane)
 
 > This project used to be called `kubernetes-deploy`. Check out our [migration guide](https://github.com/Shopify/krane/blob/master/1.0-Upgrade.md) for more information including details about breaking changes.
 
@@ -73,8 +73,8 @@ If you need the ability to render dynamic values in templates before deploying,
 
 ## Prerequisites
 
-* Ruby 2.5+
-* Your cluster must be running Kubernetes v1.11.0 or higher<sup>1</sup>
+* Ruby 2.6+
+* Your cluster must be running Kubernetes v1.15.0 or higher<sup>1</sup>
 
 <sup>1</sup> We run integration tests against these Kubernetes versions. You can find our
 official compatibility chart below.
@@ -90,7 +90,7 @@ official compatibility chart below.
 
 ## Installation
 
-1. [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-via-curl) (requires v1.11.0 or higher) and make sure it is available in your $PATH
+1. [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-via-curl) (requires v1.15.0 or higher) and make sure it is available in your $PATH
 2. Set up your [kubeconfig file](https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/) for access to your cluster(s).
 3. `gem install krane`
 
@@ -159,6 +159,11 @@ before the deployment is considered successful.
   - _Default_: `true`
   - `true`: The custom resource will be deployed in the pre-deploy phase.
   - All other values: The custom resource will be deployed in the main deployment phase.
+- `krane.shopify.io/deploy-method-override`: Cause a resource to be deployed by the specified `kubectl` command, instead of the default `apply`.
+  - _Compatibility_: Cannot be used for `PodDisruptionBudget`, since it always uses `create/replace-force`
+  - _Accepted values_: `create`, `replace`, and `replace-force`
+  - _Warning_: Resources whose deploy method is overridden are no longer subject to pruning on deploy.
+  - This feature is _experimental_ and may be removed at any time.
 
 
 ### Running tasks at the beginning of a deploy
@@ -488,7 +493,7 @@ resource to restart.
 
 ## Prerequisites
 
-* You've already deployed a [`PodTemplate`](https://v1-10.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#podtemplate-v1-core) object with field `template` containing a `Pod` specification that does not include the `apiVersion` or `kind` parameters. An example is provided in this repo in `test/fixtures/hello-cloud/template-runner.yml`.
+* You've already deployed a [`PodTemplate`](https://v1-15.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#podtemplate-v1-core) object with field `template` containing a `Pod` specification that does not include the `apiVersion` or `kind` parameters. An example is provided in this repo in `test/fixtures/hello-cloud/template-runner.yml`.
 * The `Pod` specification in that template has a container named `task-runner`.
 
 Based on this specification `krane run` will create a new pod with the entrypoint of the `task-runner ` container overridden with the supplied arguments.

data/bin/ci

@@ -12,10 +12,9 @@ docker run --rm \
     -v "$PWD":/usr/src/app \
     -v "/usr/bin/kubectl":"/usr/bin/kubectl" \
     -e CI=1 \
-    -e CODECOV_TOKEN=$CODECOV_TOKEN \
     -e COVERAGE=1 \
     -e VERBOSE=1 \
     -e PARALLELISM=$PARALLELISM \
     -w /usr/src/app \
-    ruby:"${RUBY_VERSION:-2.5}" \
+    ruby:"${RUBY_VERSION:-2.6.6}" \
     bin/test

data/bin/setup

@@ -9,8 +9,8 @@ if [ ! -x "$(which minikube)" ]; then
 fi
 
 if [ ! -x "$(which kubectl)" ]; then
-  echo -e "\n\033[0;33mPlease install kubectl version 1.11.0 or higher:\nhttps://kubernetes.io/docs/user-guide/prereqs/\033[0m"
+  echo -e "\n\033[0;33mPlease install kubectl version 1.15.0 or higher:\nhttps://kubernetes.io/docs/user-guide/prereqs/\033[0m"
 else
   KUBECTL_VERSION=$(kubectl version --short --client | grep -oe "v[[:digit:]\.]\+")
-  echo -e "\n\033[0;32mKubectl version $KUBECTL_VERSION is already installed. This gem requires version v1.11.0 or greater.\033[0m"
+  echo -e "\n\033[0;32mKubectl version $KUBECTL_VERSION is already installed. This gem requires version v1.15.0 or greater.\033[0m"
 fi

data/dev.yml

@@ -1,10 +1,11 @@
 ---
 name: krane
 up:
-  - ruby: 2.5.7 # Matches gemspec
+  - ruby: 2.6.6 # Matches gemspec
   - bundler
   - homebrew:
-    - Caskroom/cask/minikube
+    - homebrew/cask/minikube
+    - hyperkit
   - custom:
       name: Install the minikube fork of driver-hyperkit
       met?: command -v docker-machine-driver-hyperkit
@@ -12,7 +13,7 @@ up:
   - custom:
       name: Minikube Cluster
       met?: test $(minikube status | grep Running | wc -l) -ge 2 && $(minikube status | grep -q 'Configured')
-      meet: minikube start --kubernetes-version=v1.11.10 --vm-driver=hyperkit
+      meet: minikube start --kubernetes-version=v1.15.12 --vm-driver=hyperkit
       down: minikube stop
 commands:
   reset-minikube: minikube delete && rm -rf ~/.minikube

data/krane.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
 
   spec.metadata['allowed_push_host'] = "https://rubygems.org"
 
-  spec.required_ruby_version = '>= 2.5.0'
+  spec.required_ruby_version = '>= 2.6.0'
   spec.add_dependency("activesupport", ">= 5.0")
   spec.add_dependency("kubeclient", "~> 4.3")
   spec.add_dependency("googleauth", "~> 0.8")
@@ -56,6 +56,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("byebug")
   spec.add_development_dependency("ruby-prof")
   spec.add_development_dependency("ruby-prof-flamegraph")
-  spec.add_development_dependency("rubocop", "~> 0.88.0")
-  spec.add_development_dependency("codecov")
+  spec.add_development_dependency("rubocop", "~> 0.89.1")
+  spec.add_development_dependency("simplecov")
 end

data/lib/krane/cli/krane.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-
 require 'krane'
+require 'krane/oj'
 require 'thor'
 require 'krane/cli/version_command'
 require 'krane/cli/restart_command'

data/lib/krane/cluster_resource_discovery.rb

@@ -23,9 +23,7 @@ module Krane
       fetch_resources(namespaced: namespaced).uniq { |r| r['kind'] }.map do |resource|
         next unless resource['verbs'].one? { |v| v == "delete" }
         next if black_list.include?(resource['kind'])
-        group_versions = api_versions[resource['apigroup'].to_s]
-        version = version_for_kind(group_versions, resource['kind'])
-        [resource['apigroup'], version, resource['kind']].compact.join("/")
+        gvk_string(api_versions, resource)
       end.compact
     end
 
@@ -89,7 +87,10 @@ module Krane
       version_override = { "CronJob" => "v1beta1", "VolumeAttachment" => "v1beta1",
                            "CSIDriver" => "v1beta1", "Ingress" => "v1beta1",
                            "CSINode" => "v1beta1", "Job" => "v1",
-                           "IngressClass" => "v1beta1" }
+                           "IngressClass" => "v1beta1", "FrontendConfig" => "v1beta1",
+                           "ServiceNetworkEndpointGroup" => "v1beta1",
+                           "EnvoyFilter" => "v1alpha3",
+                           "TCPIngress" => "v1beta1" }
 
       pattern = /v(?<major>\d+)(?<pre>alpha|beta)?(?<minor>\d+)?/
       latest = versions.sort_by do |version|
@@ -100,6 +101,23 @@ module Krane
       version_override.fetch(kind, latest)
     end
 
+    def gvk_string(api_versions, resource)
+      apiversion = resource['apiversion'].to_s
+
+      ## In kubectl 1.20 APIGroups was replaced by APIVersions
+      if apiversion.empty?
+        apigroup = resource['apigroup'].to_s
+        group_versions = api_versions[apigroup]
+
+        version = version_for_kind(group_versions, resource['kind'])
+        apigroup = 'core' if apigroup.empty?
+        apiversion = "#{apigroup}/#{version}"
+      end
+
+      apiversion = "core/#{apiversion}" unless apiversion.include?("/")
+      [apiversion, resource['kind']].compact.join("/")
+    end
+
     def fetch_crds
       raw_json, err, st = kubectl.run("get", "CustomResourceDefinition", output: "json", attempts: 5,
         use_namespace: false)

data/lib/krane/common.rb

@@ -11,7 +11,6 @@ require 'active_support/core_ext/array/conversions'
 require 'colorized_string'
 
 require 'krane/version'
-require 'krane/oj'
 require 'krane/errors'
 require 'krane/formatted_logger'
 require 'krane/statsd'
@@ -19,5 +18,5 @@ require 'krane/task_config'
 require 'krane/task_config_validator'
 
 module Krane
-  MIN_KUBE_VERSION = '1.11.0'
+  MIN_KUBE_VERSION = '1.15.0'
 end

data/lib/krane/deploy_task.rb

@@ -85,6 +85,10 @@ module Krane
       kubectl.server_version
     end
 
+    attr_reader :task_config
+
+    delegate :kubeclient_builder, to: :task_config
+
     # Initializes the deploy task
     #
     # @param namespace [String] Kubernetes namespace (*required*)
@@ -101,10 +105,10 @@ module Krane
     # @param render_erb [Boolean] Enable ERB rendering
     def initialize(namespace:, context:, current_sha: nil, logger: nil, kubectl_instance: nil, bindings: {},
       global_timeout: nil, selector: nil, filenames: [], protected_namespaces: nil,
-      render_erb: false)
+      render_erb: false, kubeconfig: nil)
       @logger = logger || Krane::FormattedLogger.build(namespace, context)
       @template_sets = TemplateSets.from_dirs_and_files(paths: filenames, logger: @logger, render_erb: render_erb)
-      @task_config = Krane::TaskConfig.new(context, namespace, @logger)
+      @task_config = Krane::TaskConfig.new(context, namespace, @logger, kubeconfig)
       @bindings = bindings
       @namespace = namespace
       @namespace_tags = []
@@ -190,10 +194,6 @@ module Krane
         selector: @selector, statsd_tags: statsd_tags, current_sha: @current_sha)
     end
 
-    def kubeclient_builder
-      @kubeclient_builder ||= KubeclientBuilder.new
-    end
-
     def cluster_resource_discoverer
       @cluster_resource_discoverer ||= ClusterResourceDiscovery.new(
         task_config: @task_config,
@@ -279,13 +279,17 @@ module Krane
 
     def validate_resources(resources)
       validate_globals(resources)
+      batch_dry_run_success = validate_dry_run(resources)
       Krane::Concurrency.split_across_threads(resources) do |r|
-        r.validate_definition(kubectl, selector: @selector)
+        # No need to pass in kubectl (and do per-resource dry run apply) if batch dry run succeeded
+        if batch_dry_run_success
+          r.validate_definition(kubectl: nil, selector: @selector, dry_run: false)
+        else
+          r.validate_definition(kubectl: kubectl, selector: @selector, dry_run: true)
+        end
       end
-
       failed_resources = resources.select(&:validation_failed?)
       if failed_resources.present?
-
         failed_resources.each do |r|
           content = File.read(r.file_path) if File.file?(r.file_path) && !r.sensitive_template_content?
           record_invalid_template(logger: @logger, err: r.validation_error_msg,
@@ -308,6 +312,10 @@ module Krane
         "Use GlobalDeployTask instead."
     end
 
+    def validate_dry_run(resources)
+      resource_deployer.dry_run(resources)
+    end
+
     def namespace_definition
       @namespace_definition ||= begin
         definition, _err, st = kubectl.run("get", "namespace", @namespace, use_namespace: false,

data/lib/krane/ejson_secret_provisioner.rb

@@ -53,7 +53,7 @@ module Krane
         secrets.map do |secret_name, secret_spec|
           validate_secret_spec(secret_name, secret_spec)
           resource = generate_secret_resource(secret_name, secret_spec["_type"], secret_spec["data"])
-          resource.validate_definition(@kubectl)
+          resource.validate_definition(kubectl: @kubectl)
           if resource.validation_failed?
             raise EjsonSecretError, "Resulting resource Secret/#{secret_name} failed validation"
           end
@@ -133,7 +133,7 @@ module Krane
     end
 
     def decrypt_ejson(key_dir)
-      out, err, st = Open3.capture3("EJSON_KEYDIR=#{key_dir} ejson decrypt #{@ejson_file}")
+      out, err, st = Open3.capture3({ 'EJSON_KEYDIR' => key_dir.to_s }, 'ejson', 'decrypt', @ejson_file.to_s)
       unless st.success?
         # older ejson versions dump some errors to STDOUT
         msg = err.presence || out

data/lib/krane/global_deploy_task.rb

@@ -25,7 +25,8 @@ module Krane
   class GlobalDeployTask
     extend Krane::StatsD::MeasureMethods
     include TemplateReporting
-    delegate :context, :logger, :global_kinds, to: :@task_config
+    delegate :context, :logger, :global_kinds, :kubeclient_builder, to: :@task_config
+    attr_reader :task_config
 
     # Initializes the deploy task
     #
@@ -33,10 +34,10 @@ module Krane
     # @param global_timeout [Integer] Timeout in seconds
     # @param selector [Hash] Selector(s) parsed by Krane::LabelSelector (*required*)
     # @param filenames [Array<String>] An array of filenames and/or directories containing templates (*required*)
-    def initialize(context:, global_timeout: nil, selector: nil, filenames: [], logger: nil)
+    def initialize(context:, global_timeout: nil, selector: nil, filenames: [], logger: nil, kubeconfig: nil)
       template_paths = filenames.map { |path| File.expand_path(path) }
 
-      @task_config = TaskConfig.new(context, nil, logger)
+      @task_config = TaskConfig.new(context, nil, logger, kubeconfig)
       @template_sets = TemplateSets.from_dirs_and_files(paths: template_paths,
         logger: @task_config.logger, render_erb: false)
       @global_timeout = global_timeout
@@ -130,7 +131,7 @@ module Krane
       validate_globals(resources)
 
       Concurrency.split_across_threads(resources) do |r|
-        r.validate_definition(@kubectl, selector: @selector)
+        r.validate_definition(kubectl: @kubectl, selector: @selector)
       end
 
       failed_resources = resources.select(&:validation_failed?)
@@ -189,10 +190,6 @@ module Krane
       @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
     end
 
-    def kubeclient_builder
-      @kubeclient_builder ||= KubeclientBuilder.new
-    end
-
     def prune_whitelist
       cluster_resource_discoverer.prunable_resources(namespaced: false)
     end

data/lib/krane/kubeclient_builder.rb

@@ -10,8 +10,10 @@ module Krane
       end
     end
 
-    def initialize(kubeconfig: ENV["KUBECONFIG"])
-      files = kubeconfig || "#{Dir.home}/.kube/config"
+    attr_reader :kubeconfig_files
+
+    def initialize(kubeconfig: nil)
+      files = kubeconfig || ENV["KUBECONFIG"] || "#{Dir.home}/.kube/config"
       # Split the list by colon for Linux and Mac, and semicolon for Windows.
       @kubeconfig_files = files.split(/[:;]/).map!(&:strip).reject(&:empty?)
     end

data/lib/krane/kubectl.rb

@@ -7,6 +7,7 @@ module Krane
       not_found: /NotFound/,
       client_timeout: /Client\.Timeout exceeded while awaiting headers/,
       empty: /\A\z/,
+      context_deadline: /context deadline exceeded/,
     }
     DEFAULT_TIMEOUT = 15
     MAX_RETRY_DELAY = 16
@@ -14,7 +15,7 @@ module Krane
 
     class ResourceNotFoundError < StandardError; end
 
-    delegate :namespace, :context, :logger, to: :@task_config
+    delegate :namespace, :context, :logger, :kubeconfig, to: :@task_config
 
     def initialize(task_config:, log_failure_by_default:, default_timeout: DEFAULT_TIMEOUT,
       output_is_sensitive_default: false)
@@ -34,7 +35,8 @@ module Krane
 
       (1..attempts).to_a.each do |current_attempt|
         logger.debug("Running command (attempt #{current_attempt}): #{cmd.join(' ')}")
-        out, err, st = Open3.capture3(*cmd)
+        env = { 'KUBECONFIG' => kubeconfig }
+        out, err, st = Open3.capture3(env, *cmd)
 
         # https://github.com/Shopify/krane/issues/395
         unless out.valid_encoding?
@@ -62,7 +64,8 @@ module Krane
         else
           logger.debug("Kubectl err: #{output_is_sensitive ? '<suppressed sensitive output>' : err}")
         end
-        StatsD.client.increment('kubectl.error', 1, tags: { context: context, namespace: namespace, cmd: cmd[1] })
+        StatsD.client.increment('kubectl.error', 1, tags: { context: context, namespace: namespace, cmd: cmd[1],
+                                                            max_attempt: attempts, current_attempt: current_attempt })
 
         break unless retriable_err?(err, retry_whitelist) && current_attempt < attempts
         sleep(retry_delay(current_attempt))
@@ -79,7 +82,7 @@ module Krane
     def version_info
       @version_info ||=
         begin
-          response, _, status = run("version", use_namespace: false, log_failure: true)
+          response, _, status = run("version", use_namespace: false, log_failure: true, attempts: 2)
           raise KubectlError, "Could not retrieve kubectl version info" unless status.success?
           extract_version_info_from_kubectl_response(response)
         end
@@ -97,6 +100,14 @@ module Krane
       server_version >= Gem::Version.new(SERVER_DRY_RUN_MIN_VERSION)
     end
 
+    def dry_run_flag
+      if server_version >= Gem::Version.new("1.18")
+        "--dry-run=server"
+      else
+        "--server-dry-run"
+      end
+    end
+
     private
 
     def build_command_from_options(args, use_namespace, use_context, output)

data/lib/krane/kubernetes_resource.rb

@@ -35,6 +35,8 @@ module Krane
       If you have reason to believe it will succeed, retry the deploy to continue to monitor the rollout.
       MSG
 
+    ALLOWED_DEPLOY_METHOD_OVERRIDES = %w(create replace replace-force)
+    DEPLOY_METHOD_OVERRIDE_ANNOTATION = "deploy-method-override"
     TIMEOUT_OVERRIDE_ANNOTATION = "timeout-override"
     LAST_APPLIED_ANNOTATION = "kubectl.kubernetes.io/last-applied-configuration"
     SENSITIVE_TEMPLATE_CONTENT = false
@@ -132,11 +134,12 @@ module Krane
       Kubeclient::Resource.new(@definition)
     end
 
-    def validate_definition(kubectl, selector: nil)
+    def validate_definition(kubectl:, selector: nil, dry_run: true)
       @validation_errors = []
       validate_selector(selector) if selector
       validate_timeout_annotation
-      validate_spec_with_kubectl(kubectl)
+      validate_deploy_method_override_annotation
+      validate_spec_with_kubectl(kubectl) if dry_run
       @validation_errors.present?
     end
 
@@ -237,10 +240,14 @@ module Krane
       if @definition.dig("metadata", "name").blank? && uses_generate_name?
         :create
       else
-        :apply
+        deploy_method_override || :apply
       end
     end
 
+    def deploy_method_override
+      krane_annotation_value(DEPLOY_METHOD_OVERRIDE_ANNOTATION)&.to_sym
+    end
+
     def sync_debug_info(kubectl)
       @debug_events = fetch_events(kubectl) unless ENV[DISABLE_FETCHING_EVENT_INFO]
       @debug_logs = fetch_debug_logs if print_debug_logs? && !ENV[DISABLE_FETCHING_LOG_INFO]
@@ -504,6 +511,16 @@ module Krane
       @validation_errors << "#{timeout_annotation_key} annotation is invalid: #{e}"
     end
 
+    def validate_deploy_method_override_annotation
+      deploy_method_override_value = krane_annotation_value(DEPLOY_METHOD_OVERRIDE_ANNOTATION)
+      deploy_method_override_annotation_key = Annotation.for(DEPLOY_METHOD_OVERRIDE_ANNOTATION)
+      return unless deploy_method_override_value
+      unless ALLOWED_DEPLOY_METHOD_OVERRIDES.include?(deploy_method_override_value)
+        @validation_errors << "#{deploy_method_override_annotation_key} is invalid: Accepted values are: " \
+          "#{ALLOWED_DEPLOY_METHOD_OVERRIDES.join(', ')} but got #{deploy_method_override_value}"
+      end
+    end
+
     def krane_annotation_value(suffix)
       @definition.dig("metadata", "annotations", Annotation.for(suffix))
     end
@@ -543,9 +560,14 @@ module Krane
 
     # Server side dry run is only supported on apply
     def validate_with_server_side_dry_run(kubectl)
-      command = ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
+      command = if kubectl.server_version >= Gem::Version.new('1.18')
+        ["apply", "-f", file_path, "--dry-run=server", "--output=name"]
+      else
+        ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
+      end
+
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
-        retry_whitelist: [:client_timeout, :empty], attempts: 3)
+        retry_whitelist: [:client_timeout, :empty, :context_deadline], attempts: 3)
     end
 
     # Local dry run is supported on only create and apply
@@ -555,7 +577,7 @@ module Krane
       verb = deploy_method == :apply ? "apply" : "create"
       command = [verb, "-f", file_path, "--dry-run", "--output=name"]
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
-        retry_whitelist: [:client_timeout, :empty], attempts: 3, use_namespace: !global?)
+        retry_whitelist: [:client_timeout, :empty, :context_deadline], attempts: 3, use_namespace: !global?)
     end
 
     def labels

data/lib/krane/kubernetes_resource/deployment.rb

@@ -155,6 +155,8 @@ module Krane
 
     def deploy_failing_to_progress?
       return false unless progress_condition.present?
+      # Ensure at least progress_deadline wall clock time has passed before before examining progress_condition
+      return false if deploy_started? && Time.now.utc - @deploy_started_at < progress_deadline
 
       # This assumes that when the controller bumps the observed generation, it also updates/clears all the status
       # conditions. Specifically, it assumes the progress condition is immediately set to True if a rollout is starting.

data/lib/krane/kubernetes_resource/persistent_volume_claim.rb

@@ -63,6 +63,7 @@ module Krane
       attr_reader :name
 
       def initialize(definition)
+        super(definition: definition, namespace: nil, context: nil, logger: nil)
         @definition = definition
         @name = definition.dig("metadata", "name").to_s
       end

data/lib/krane/resource_deployer.rb

@@ -20,6 +20,13 @@ module Krane
       @statsd_tags = statsd_tags
     end
 
+    def dry_run(resources)
+      apply_all(resources, true, dry_run: true)
+      true
+    rescue FatalDeploymentError
+      false
+    end
+
     def deploy!(resources, verify_result, prune)
       if verify_result
         deploy_all_resources(resources, prune: prune, verify: true)
@@ -95,11 +102,10 @@ module Krane
       applyables, individuals = resources.partition { |r| r.deploy_method == :apply }
       # Prunable resources should also applied so that they can  be pruned
       pruneable_types = @prune_whitelist.map { |t| t.split("/").last }
-      applyables += individuals.select { |r| pruneable_types.include?(r.type) }
+      applyables += individuals.select { |r| pruneable_types.include?(r.type) && !r.deploy_method_override }
 
       individuals.each do |individual_resource|
         individual_resource.deploy_started_at = Time.now.utc
-
         case individual_resource.deploy_method
         when :create
           err, status = create_resource(individual_resource)
@@ -129,17 +135,17 @@ module Krane
       end
     end
 
-    def apply_all(resources, prune)
+    def apply_all(resources, prune, dry_run: false)
       return unless resources.present?
-      command = %w(apply)
+      start = Time.now.utc
 
+      command = %w(apply)
       Dir.mktmpdir do |tmp_dir|
         resources.each do |r|
           FileUtils.symlink(r.file_path, tmp_dir)
-          r.deploy_started_at = Time.now.utc
+          r.deploy_started_at = Time.now.utc unless dry_run
         end
         command.push("-f", tmp_dir)
-
         if prune && @prune_whitelist.present?
           command.push("--prune")
           if @selector
@@ -150,20 +156,22 @@ module Krane
           @prune_whitelist.each { |type| command.push("--prune-whitelist=#{type}") }
         end
 
+        command.push(kubectl.dry_run_flag) if dry_run
         output_is_sensitive = resources.any?(&:sensitive_template_content?)
         global_mode = resources.all?(&:global?)
         out, err, st = kubectl.run(*command, log_failure: false, output_is_sensitive: output_is_sensitive,
-          use_namespace: !global_mode)
+          attempts: 2, use_namespace: !global_mode)
 
+        tags = statsd_tags + (dry_run ? ['dry_run:true'] : ['dry_run:false'])
+        Krane::StatsD.client.distribution('apply_all.duration', Krane::StatsD.duration(start), tags: tags)
         if st.success?
           log_pruning(out) if prune
         else
-          record_apply_failure(err, resources: resources)
+          record_apply_failure(err, resources: resources) unless dry_run
           raise FatalDeploymentError, "Command failed: #{Shellwords.join(command)}"
         end
       end
     end
-    measure_method(:apply_all)
 
     def log_pruning(kubectl_output)
       pruned = kubectl_output.scan(/^(.*) pruned$/)

data/lib/krane/restart_task.rb

@@ -22,15 +22,19 @@ module Krane
     HTTP_OK_RANGE = 200..299
     ANNOTATION = "shipit.shopify.io/restart"
 
+    attr_reader :task_config
+
+    delegate :kubeclient_builder, to: :task_config
+
     # Initializes the restart task
     #
     # @param context [String] Kubernetes context / cluster (*required*)
     # @param namespace [String] Kubernetes namespace (*required*)
     # @param logger [Object] Logger object (defaults to an instance of Krane::FormattedLogger)
     # @param global_timeout [Integer] Timeout in seconds
-    def initialize(context:, namespace:, logger: nil, global_timeout: nil)
+    def initialize(context:, namespace:, logger: nil, global_timeout: nil, kubeconfig: nil)
       @logger = logger || Krane::FormattedLogger.build(namespace, context)
-      @task_config = Krane::TaskConfig.new(context, namespace, @logger)
+      @task_config = Krane::TaskConfig.new(context, namespace, @logger, kubeconfig)
       @context = context
       @namespace = namespace
       @global_timeout = global_timeout
@@ -220,9 +224,5 @@ module Krane
     def v1beta1_kubeclient
       @v1beta1_kubeclient ||= kubeclient_builder.build_v1beta1_kubeclient(@context)
     end
-
-    def kubeclient_builder
-      @kubeclient_builder ||= KubeclientBuilder.new
-    end
   end
 end

data/lib/krane/runner_task.rb

@@ -16,7 +16,9 @@ module Krane
   class RunnerTask
     class TaskTemplateMissingError < TaskConfigurationError; end
 
-    attr_reader :pod_name
+    attr_reader :pod_name, :task_config
+
+    delegate :kubeclient_builder, to: :task_config
 
     # Initializes the runner task
     #
@@ -24,9 +26,9 @@ module Krane
     # @param context [String] Kubernetes context / cluster (*required*)
     # @param logger [Object] Logger object (defaults to an instance of Krane::FormattedLogger)
     # @param global_timeout [Integer] Timeout in seconds
-    def initialize(namespace:, context:, logger: nil, global_timeout: nil)
+    def initialize(namespace:, context:, logger: nil, global_timeout: nil, kubeconfig: nil)
       @logger = logger || Krane::FormattedLogger.build(namespace, context)
-      @task_config = Krane::TaskConfig.new(context, namespace, @logger)
+      @task_config = Krane::TaskConfig.new(context, namespace, @logger, kubeconfig)
       @namespace = namespace
       @context = context
       @global_timeout = global_timeout
@@ -116,7 +118,7 @@ module Krane
     end
 
     def validate_pod(pod)
-      pod.validate_definition(kubectl)
+      pod.validate_definition(kubectl: kubectl)
     end
 
     def watch_pod(pod)
@@ -200,10 +202,6 @@ module Krane
       @kubeclient ||= kubeclient_builder.build_v1_kubeclient(@context)
     end
 
-    def kubeclient_builder
-      @kubeclient_builder ||= KubeclientBuilder.new
-    end
-
     def statsd_tags(status)
       %W(namespace:#{@namespace} context:#{@context} status:#{status})
     end

data/lib/krane/task_config.rb

@@ -4,12 +4,13 @@ require 'krane/cluster_resource_discovery'
 
 module Krane
   class TaskConfig
-    attr_reader :context, :namespace, :logger
+    attr_reader :context, :namespace, :logger, :kubeconfig
 
-    def initialize(context, namespace, logger = nil)
+    def initialize(context, namespace, logger = nil, kubeconfig = nil)
       @context = context
       @namespace = namespace
       @logger = logger || FormattedLogger.build(@namespace, @context)
+      @kubeconfig = kubeconfig || ENV['KUBECONFIG']
     end
 
     def global_kinds
@@ -18,5 +19,9 @@ module Krane
         cluster_resource_discoverer.fetch_resources(namespaced: false).map { |g| g["kind"] }
       end
     end
+
+    def kubeclient_builder
+      @kubeclient_builder ||= KubeclientBuilder.new(kubeconfig: kubeconfig)
+    end
   end
 end

data/lib/krane/task_config_validator.rb

@@ -45,7 +45,7 @@ module Krane
       end
 
       _, err, st = @kubectl.run("config", "get-contexts", context, "-o", "name",
-        use_namespace: false, use_context: false, log_failure: false)
+        use_namespace: false, use_context: false, log_failure: false, attempts: 2)
 
       unless st.success?
         @errors << if err.match("error: context #{context} not found")
@@ -58,7 +58,7 @@ module Krane
 
     def validate_context_reachable
       _, err, st = @kubectl.run("get", "namespaces", "-o", "name",
-        use_namespace: false, log_failure: false)
+        use_namespace: false, log_failure: false, attempts: 2)
 
       unless st.success?
         @errors << "Something went wrong connecting to #{context}. #{err} "
@@ -71,7 +71,7 @@ module Krane
       end
 
       _, err, st = @kubectl.run("get", "namespace", "-o", "name", namespace,
-        use_namespace: false, log_failure: false)
+        use_namespace: false, log_failure: false, attempts: 3)
 
       unless st.success?
         @errors << if err.match("Error from server [(]NotFound[)]: namespace")

data/lib/krane/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Krane
-  VERSION = "2.0.0"
+  VERSION = "2.1.4"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: krane
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.4
 platform: ruby
 authors:
 - Katrina Verey
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-08-26 00:00:00.000000000 Z
+date: 2021-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -366,16 +366,16 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 0.89.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 0.89.1
 - !ruby/object:Gem::Dependency
-  name: codecov
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -511,7 +511,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="