krane 2.1.1 → 2.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5cbad8d48ae06d3286c19cd193ef7208c04c74ee72b3519a82a25605d9c4e86
-  data.tar.gz: 2eded80d29111517ca964fe81033d6c3e3667b8704e9c37de3e293fe06fab987
+  metadata.gz: d496112ecd7ff05ab81ab6cad622632a7d169b38d1ad0340c5dc2088aa061677
+  data.tar.gz: 16c47fa820e244a7d42080e3fdf81065eda9167dda898e12412ab5c72d5bd4be
 SHA512:
-  metadata.gz: bf04a253ca03e3b3741e7c57dfd3967f54ccfc22b1094da4e9ca854e8211ce0f2fff4c1bc8ed56fef3c4fb7aefe63dd7a53c601e374ebdeaaf6274749722c7ec
-  data.tar.gz: db700598c8ec1e634c3c0db7802a6822668651355a2c3c509c1a4ff6dd54947b1999e36ee60404c62b397ffd58287eca93f272497ecfb7114082cdb029410595
+  metadata.gz: 97eeceba4a6f132ec19bd40bfdcf9fb7ad94f0a791f784d6b3ec0e01eb78eddca2e6d5e6809fc2feb15d6f5a4aba9c7eee295e4660998d595d267700566d7ad5
+  data.tar.gz: 1c364bd503c83eb902e548d68d06aed5235e1ef33c8e72e3fe2fd90871da76d8580be288b822ac768fb75a1dd7ed0c1c801634a0d7068a18d74b8263670b0f7c

data/.buildkite/pipeline.nightly.yml

@@ -13,31 +13,3 @@ steps:
     env:
       LOGGING_LEVEL: 4
       KUBERNETES_VERSION: v1.15-latest
-  - name: 'Run Test Suite (:kubernetes: 1.14-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.14-latest
-  - name: 'Run Test Suite (:kubernetes: 1.13-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.13-latest
-  - name: 'Run Test Suite (:kubernetes: 1.12-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.12-latest
-  - name: 'Run Test Suite (:kubernetes: 1.11-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: 4
-      KUBERNETES_VERSION: v1.11-latest

data/.rubocop-http---shopify-github-io-ruby-style-guide-rubocop-yml

@@ -195,6 +195,7 @@ Style/FrozenStringLiteralComment:
   SupportedStyles:
     - always
     - never
+  SafeAutoCorrect: true
 
 Style/GlobalVars:
   AllowedVariables: []

data/.shopify-build/krane.yml

@@ -1,6 +1,6 @@
 containers:
   default:
-    docker: circleci/ruby:2.5.7
+    docker: circleci/ruby:2.6.6
 
 steps:
   - label: Lint
@@ -8,61 +8,47 @@ steps:
     run:
       - bundle: ~
       - bundle exec rubocop
-  - label: 'Run Test Suite (:kubernetes: 1.18-latest :ruby: 2.7)'
+  - label: 'Run Test Suite (:kubernetes: 1.20-latest :ruby: 3.0)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.18-latest
-      RUBY_VERSION: "2.7"
-  - label: 'Run Test Suite (:kubernetes: 1.17-latest)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.17-latest
-  - label: 'Run Test Suite (:kubernetes: 1.16.12)'
-    command: bin/ci
-    agents:
-      queue: k8s-ci
-    env:
-      LOGGING_LEVEL: "4"
-      # Flip this back to v1.16-latest when 1.16.14 comes out (see #733)
-      KUBERNETES_VERSION: v1.16.12
-  - label: 'Run Test Suite (:kubernetes: 1.15-latest)'
+      KUBERNETES_VERSION: v1.20-latest
+      RUBY_VERSION: "3.0"
+  - label: 'Run Test Suite (:kubernetes: 1.19-latest :ruby: 2.7)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.15-latest
-  - label: 'Run Test Suite (:kubernetes: 1.14-latest)'
+      KUBERNETES_VERSION: v1.19-latest
+      RUBY_VERSION: "2.7"
+  - label: 'Run Test Suite (:kubernetes: 1.18-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.14-latest
-  - label: 'Run Test Suite (:kubernetes: 1.13-latest)'
+      KUBERNETES_VERSION: v1.18-latest
+  - label: 'Run Test Suite (:kubernetes: 1.17-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.13-latest
-  - label: 'Run Test Suite (:kubernetes: 1.12-latest)'
+      KUBERNETES_VERSION: v1.17-latest
+  - label: 'Run Test Suite (:kubernetes: 1.16-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.12-latest
-  - label: 'Run Test Suite (:kubernetes: 1.11-latest)'
+      KUBERNETES_VERSION: v1.16-latest
+  - label: 'Run Test Suite (:kubernetes: 1.15-latest)'
     command: bin/ci
     agents:
       queue: k8s-ci
     env:
       LOGGING_LEVEL: "4"
-      KUBERNETES_VERSION: v1.11-latest
+      KUBERNETES_VERSION: v1.15-latest

data/CHANGELOG.md

@@ -1,5 +1,34 @@
 ## next
 
+*Enhancements*
+- Remove the need for a hard coded GVK overide list via improvements to cluster discovery [#778](https://github.com/Shopify/krane/pull/778)
+
+*Bug Fixes*
+- Remove resources that are targeted by side-effect-inducing mutating admission webhooks from the serverside dry run batch [#798](https://github.com/Shopify/krane/pull/798)
+
+## 2.1.5
+
+- Fix bug where the wrong dry-run flag is used for kubectl if client version is below 1.18 AND server version is 1.18+ [#793](https://github.com/Shopify/krane/pull/793).
+
+## 2.1.4
+
+*Enhancements*
+- Attempt to batch run server-side apply in validation phase instead of dry-running each resource individually [#781](https://github.com/Shopify/krane/pull/781).
+- Evaluate progress condition only after progress deadline seconds have passed since deploy invocation [#765](https://github.com/Shopify/krane/pull/765).
+
+*Other*
+- Dropped support for Ruby 2.5 due to EoL. [#782](https://github.com/Shopify/krane/pull/782).
+- Only patch JSON when run as CLI, not as library [#779](https://github.com/Shopify/krane/pull/779).
+
+## 2.1.3
+
+- Add version exception for ServiceNetworkEndpointGroup (GKE resource) [#768](https://github.com/Shopify/krane/pull/768)
+- Kubernetes 1.14 and lower is no longer officially supported as of this version ([#766](https://github.com/Shopify/krane/pull/766))
+
+## 2.1.2
+
+- Add version exception for FrontendConfig (GKE resource) [#761](https://github.com/Shopify/krane/pull/761)
+
 ## 2.1.1
 
 *Bug Fixes*

data/README.md

@@ -1,4 +1,4 @@
-# krane [![Build status](https://badge.buildkite.com/35c56e797c3bbd6ba50053aefdded0715898cd8e8c86f7e462.svg?branch=master)](https://buildkite.com/shopify/krane) [![codecov](https://codecov.io/gh/Shopify/kubernetes-deploy/branch/master/graph/badge.svg)](https://codecov.io/gh/Shopify/kubernetes-deploy)
+# krane [![Build status](https://badge.buildkite.com/35c56e797c3bbd6ba50053aefdded0715898cd8e8c86f7e462.svg?branch=master)](https://buildkite.com/shopify/krane)
 
 > This project used to be called `kubernetes-deploy`. Check out our [migration guide](https://github.com/Shopify/krane/blob/master/1.0-Upgrade.md) for more information including details about breaking changes.
 
@@ -73,8 +73,8 @@ If you need the ability to render dynamic values in templates before deploying,
 
 ## Prerequisites
 
-* Ruby 2.5+
-* Your cluster must be running Kubernetes v1.11.0 or higher<sup>1</sup>
+* Ruby 2.6+
+* Your cluster must be running Kubernetes v1.15.0 or higher<sup>1</sup>
 
 <sup>1</sup> We run integration tests against these Kubernetes versions. You can find our
 official compatibility chart below.
@@ -90,7 +90,7 @@ official compatibility chart below.
 
 ## Installation
 
-1. [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-via-curl) (requires v1.11.0 or higher) and make sure it is available in your $PATH
+1. [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-via-curl) (requires v1.15.0 or higher) and make sure it is available in your $PATH
 2. Set up your [kubeconfig file](https://kubernetes.io/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/) for access to your cluster(s).
 3. `gem install krane`
 
@@ -493,7 +493,7 @@ resource to restart.
 
 ## Prerequisites
 
-* You've already deployed a [`PodTemplate`](https://v1-10.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#podtemplate-v1-core) object with field `template` containing a `Pod` specification that does not include the `apiVersion` or `kind` parameters. An example is provided in this repo in `test/fixtures/hello-cloud/template-runner.yml`.
+* You've already deployed a [`PodTemplate`](https://v1-15.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#podtemplate-v1-core) object with field `template` containing a `Pod` specification that does not include the `apiVersion` or `kind` parameters. An example is provided in this repo in `test/fixtures/hello-cloud/template-runner.yml`.
 * The `Pod` specification in that template has a container named `task-runner`.
 
 Based on this specification `krane run` will create a new pod with the entrypoint of the `task-runner ` container overridden with the supplied arguments.

data/bin/ci

@@ -12,10 +12,9 @@ docker run --rm \
     -v "$PWD":/usr/src/app \
     -v "/usr/bin/kubectl":"/usr/bin/kubectl" \
     -e CI=1 \
-    -e CODECOV_TOKEN=$CODECOV_TOKEN \
     -e COVERAGE=1 \
     -e VERBOSE=1 \
     -e PARALLELISM=$PARALLELISM \
     -w /usr/src/app \
-    ruby:"${RUBY_VERSION:-2.5}" \
+    ruby:"${RUBY_VERSION:-2.6.6}" \
     bin/test

data/bin/setup

@@ -9,8 +9,8 @@ if [ ! -x "$(which minikube)" ]; then
 fi
 
 if [ ! -x "$(which kubectl)" ]; then
-  echo -e "\n\033[0;33mPlease install kubectl version 1.11.0 or higher:\nhttps://kubernetes.io/docs/user-guide/prereqs/\033[0m"
+  echo -e "\n\033[0;33mPlease install kubectl version 1.15.0 or higher:\nhttps://kubernetes.io/docs/user-guide/prereqs/\033[0m"
 else
   KUBECTL_VERSION=$(kubectl version --short --client | grep -oe "v[[:digit:]\.]\+")
-  echo -e "\n\033[0;32mKubectl version $KUBECTL_VERSION is already installed. This gem requires version v1.11.0 or greater.\033[0m"
+  echo -e "\n\033[0;32mKubectl version $KUBECTL_VERSION is already installed. This gem requires version v1.15.0 or greater.\033[0m"
 fi

data/dev.yml

@@ -1,7 +1,7 @@
 ---
 name: krane
 up:
-  - ruby: 2.5.7 # Matches gemspec
+  - ruby: 2.6.6 # Matches gemspec
   - bundler
   - homebrew:
     - homebrew/cask/minikube
@@ -13,7 +13,7 @@ up:
   - custom:
       name: Minikube Cluster
       met?: test $(minikube status | grep Running | wc -l) -ge 2 && $(minikube status | grep -q 'Configured')
-      meet: minikube start --kubernetes-version=v1.11.10 --vm-driver=hyperkit
+      meet: minikube start --kubernetes-version=v1.15.12 --vm-driver=hyperkit
       down: minikube stop
 commands:
   reset-minikube: minikube delete && rm -rf ~/.minikube

data/krane.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
 
   spec.metadata['allowed_push_host'] = "https://rubygems.org"
 
-  spec.required_ruby_version = '>= 2.5.0'
+  spec.required_ruby_version = '>= 2.6.0'
   spec.add_dependency("activesupport", ">= 5.0")
   spec.add_dependency("kubeclient", "~> 4.3")
   spec.add_dependency("googleauth", "~> 0.8")
@@ -57,5 +57,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("ruby-prof")
   spec.add_development_dependency("ruby-prof-flamegraph")
   spec.add_development_dependency("rubocop", "~> 0.89.1")
-  spec.add_development_dependency("codecov")
+  spec.add_development_dependency("simplecov")
 end

data/lib/krane/cli/krane.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-
 require 'krane'
+require 'krane/oj'
 require 'thor'
 require 'krane/cli/version_command'
 require 'krane/cli/restart_command'

data/lib/krane/cluster_resource_discovery.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'concurrent'
 
 module Krane
   class ClusterResourceDiscovery
@@ -7,6 +8,7 @@ module Krane
     def initialize(task_config:, namespace_tags: [])
       @task_config = task_config
       @namespace_tags = namespace_tags
+      @api_path_cache = {}
     end
 
     def crds
@@ -18,86 +20,74 @@ module Krane
 
     def prunable_resources(namespaced:)
       black_list = %w(Namespace Node ControllerRevision)
-      api_versions = fetch_api_versions
-
-      fetch_resources(namespaced: namespaced).uniq { |r| r['kind'] }.map do |resource|
-        next unless resource['verbs'].one? { |v| v == "delete" }
-        next if black_list.include?(resource['kind'])
-        group_versions = api_versions[resource['apigroup'].to_s]
-        version = version_for_kind(group_versions, resource['kind'])
-        [resource['apigroup'], version, resource['kind']].compact.join("/")
+      fetch_resources(namespaced: namespaced).map do |resource|
+        next unless resource["verbs"].one? { |v| v == "delete" }
+        next if black_list.include?(resource["kind"])
+        [resource["apigroup"], resource["version"], resource["kind"]].compact.join("/")
       end.compact
     end
 
-    # kubectl api-resources -o wide returns 5 columns
-    # NAME SHORTNAMES APIGROUP NAMESPACED KIND VERBS
-    # SHORTNAMES and APIGROUP may be blank
-    # VERBS is an array
-    # serviceaccounts sa <blank> true ServiceAccount [create delete deletecollection get list patch update watch]
     def fetch_resources(namespaced: false)
-      command = %w(api-resources)
-      command << "--namespaced=#{namespaced}"
-      raw, err, st = kubectl.run(*command, output: "wide", attempts: 5,
-        use_namespace: false)
+      responses = Concurrent::Hash.new
+      Krane::Concurrency.split_across_threads(api_paths) do |path|
+        responses[path] = fetch_api_path(path)["resources"] || []
+      end
+      responses.flat_map do |path, resources|
+        resources.map { |r| resource_hash(path, namespaced, r) }
+      end.compact.uniq { |r| r["kind"] }
+    end
+
+    def fetch_mutating_webhook_configurations
+      command = %w(get mutatingwebhookconfigurations)
+      raw_json, err, st = kubectl.run(*command, output: "json", attempts: 5, use_namespace: false)
       if st.success?
-        rows = raw.split("\n")
-        header = rows[0]
-        resources = rows[1..-1]
-        full_width_field_names = header.downcase.scan(/[a-z]+[\W]*/)
-        cursor = 0
-        fields = full_width_field_names.each_with_object({}) do |name, hash|
-          start = cursor
-          cursor = start + name.length
-          # Last field should consume the remainder of the line
-          cursor = 0 if full_width_field_names.last == name.strip
-          hash[name.strip] = [start, cursor - 1]
-        end
-        resources.map do |resource|
-          resource = fields.map { |k, (s, e)| [k.strip, resource[s..e].strip] }.to_h
-          # Manually parse verbs: "[get list]" into %w(get list)
-          resource["verbs"] = resource["verbs"][1..-2].split
-          resource
+        JSON.parse(raw_json)["items"].map do |definition|
+          Krane::MutatingWebhookConfiguration.new(namespace: namespace, context: context, logger: logger,
+            definition: definition, statsd_tags: @namespace_tags)
         end
       else
-        raise FatalKubeAPIError, "Error retrieving api-resources: #{err}"
+        raise FatalKubeAPIError, "Error retrieving mutatingwebhookconfigurations: #{err}"
       end
     end
 
     private
 
-    # kubectl api-versions returns a list of group/version strings e.g. autoscaling/v2beta2
-    # A kind may not exist in all versions of the group.
-    def fetch_api_versions
-      raw, err, st = kubectl.run("api-versions", attempts: 5, use_namespace: false)
-      # The "core" group is represented by an empty string
-      versions = { "" => %w(v1) }
-      if st.success?
-        rows = raw.split("\n")
-        rows.each do |group_version|
-          group, version = group_version.split("/")
-          versions[group] ||= []
-          versions[group] << version
+    def api_paths
+      @api_path_cache["/"] ||= begin
+        raw_json, err, st = kubectl.run("get", "--raw", "/", attempts: 5, use_namespace: false)
+        paths = if st.success?
+          JSON.parse(raw_json)["paths"]
+        else
+          raise FatalKubeAPIError, "Error retrieving raw path /: #{err}"
         end
-      else
-        raise FatalKubeAPIError, "Error retrieving api-versions: #{err}"
+        paths.select { |path| %r{^\/api.*\/v.*$}.match(path) }
       end
-      versions
     end
 
-    def version_for_kind(versions, kind)
-      # Override list for kinds that don't appear in the lastest version of a group
-      version_override = { "CronJob" => "v1beta1", "VolumeAttachment" => "v1beta1",
-                           "CSIDriver" => "v1beta1", "Ingress" => "v1beta1",
-                           "CSINode" => "v1beta1", "Job" => "v1",
-                           "IngressClass" => "v1beta1" }
+    def fetch_api_path(path)
+      @api_path_cache[path] ||= begin
+        raw_json, err, st = kubectl.run("get", "--raw", path, attempts: 2, use_namespace: false)
+        if st.success?
+          JSON.parse(raw_json)
+        else
+          logger.warn("Error retrieving api path: #{err}")
+          {}
+        end
+      end
+    end
 
-      pattern = /v(?<major>\d+)(?<pre>alpha|beta)?(?<minor>\d+)?/
-      latest = versions.sort_by do |version|
-        match = version.match(pattern)
-        pre = { "alpha" => 0, "beta" => 1, nil => 2 }.fetch(match[:pre])
-        [match[:major].to_i, pre, match[:minor].to_i]
-      end.last
-      version_override.fetch(kind, latest)
+    def resource_hash(path, namespaced, blob)
+      return unless blob["namespaced"] == namespaced
+      # skip sub-resources
+      return if blob["name"].include?("/")
+      path_regex = %r{(/apis?/)(?<group>[^/]*)/?(?<version>v.+)}
+      match = path.match(path_regex)
+      {
+        "verbs" => blob["verbs"],
+        "kind" => blob["kind"],
+        "apigroup" => match[:group],
+        "version" => match[:version],
+      }
     end
 
     def fetch_crds
@@ -111,7 +101,7 @@ module Krane
     end
 
     def kubectl
-      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
+      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true, default_timeout: 1)
     end
   end
 end

data/lib/krane/common.rb

@@ -11,7 +11,6 @@ require 'active_support/core_ext/array/conversions'
 require 'colorized_string'
 
 require 'krane/version'
-require 'krane/oj'
 require 'krane/errors'
 require 'krane/formatted_logger'
 require 'krane/statsd'
@@ -19,5 +18,5 @@ require 'krane/task_config'
 require 'krane/task_config_validator'
 
 module Krane
-  MIN_KUBE_VERSION = '1.11.0'
+  MIN_KUBE_VERSION = '1.15.0'
 end

data/lib/krane/deploy_task.rb

@@ -30,6 +30,7 @@ require 'krane/kubernetes_resource'
   custom_resource_definition
   horizontal_pod_autoscaler
   secret
+  mutating_webhook_configuration
 ).each do |subresource|
   require "krane/kubernetes_resource/#{subresource}"
 end
@@ -277,15 +278,28 @@ module Krane
     end
     measure_method(:validate_configuration)
 
+    def partition_dry_run_resources(resources)
+      individuals = []
+      mutating_webhook_configurations = cluster_resource_discoverer.fetch_mutating_webhook_configurations
+      mutating_webhook_configurations.each do |mutating_webhook_configuration|
+        mutating_webhook_configuration.webhooks.each do |webhook|
+          individuals = (individuals + resources.select { |resource| webhook.matches_resource?(resource) }).uniq
+          resources -= individuals
+        end
+      end
+      [resources, individuals]
+    end
+
     def validate_resources(resources)
       validate_globals(resources)
+      batchable_resources, individuals = partition_dry_run_resources(resources.dup)
+      batch_dry_run_success = kubectl.server_dry_run_enabled? && validate_dry_run(batchable_resources)
+      individuals += batchable_resources unless batch_dry_run_success
       Krane::Concurrency.split_across_threads(resources) do |r|
-        r.validate_definition(kubectl, selector: @selector)
+        r.validate_definition(kubectl: kubectl, selector: @selector, dry_run: individuals.include?(r))
       end
-
       failed_resources = resources.select(&:validation_failed?)
       if failed_resources.present?
-
         failed_resources.each do |r|
           content = File.read(r.file_path) if File.file?(r.file_path) && !r.sensitive_template_content?
           record_invalid_template(logger: @logger, err: r.validation_error_msg,
@@ -308,6 +322,10 @@ module Krane
         "Use GlobalDeployTask instead."
     end
 
+    def validate_dry_run(resources)
+      resource_deployer.dry_run(resources)
+    end
+
     def namespace_definition
       @namespace_definition ||= begin
         definition, _err, st = kubectl.run("get", "namespace", @namespace, use_namespace: false,

data/lib/krane/ejson_secret_provisioner.rb

@@ -53,7 +53,7 @@ module Krane
         secrets.map do |secret_name, secret_spec|
           validate_secret_spec(secret_name, secret_spec)
           resource = generate_secret_resource(secret_name, secret_spec["_type"], secret_spec["data"])
-          resource.validate_definition(@kubectl)
+          resource.validate_definition(kubectl: @kubectl)
           if resource.validation_failed?
             raise EjsonSecretError, "Resulting resource Secret/#{secret_name} failed validation"
           end

data/lib/krane/global_deploy_task.rb

@@ -131,7 +131,7 @@ module Krane
       validate_globals(resources)
 
       Concurrency.split_across_threads(resources) do |r|
-        r.validate_definition(@kubectl, selector: @selector)
+        r.validate_definition(kubectl: @kubectl, selector: @selector)
       end
 
       failed_resources = resources.select(&:validation_failed?)

data/lib/krane/kubectl.rb

@@ -100,6 +100,14 @@ module Krane
       server_version >= Gem::Version.new(SERVER_DRY_RUN_MIN_VERSION)
     end
 
+    def dry_run_flag
+      if client_version >= Gem::Version.new("1.18")
+        "--dry-run=server"
+      else
+        "--server-dry-run"
+      end
+    end
+
     private
 
     def build_command_from_options(args, use_namespace, use_context, output)

data/lib/krane/kubernetes_resource.rb

@@ -134,12 +134,12 @@ module Krane
       Kubeclient::Resource.new(@definition)
     end
 
-    def validate_definition(kubectl, selector: nil)
+    def validate_definition(kubectl:, selector: nil, dry_run: true)
       @validation_errors = []
       validate_selector(selector) if selector
       validate_timeout_annotation
       validate_deploy_method_override_annotation
-      validate_spec_with_kubectl(kubectl)
+      validate_spec_with_kubectl(kubectl) if dry_run
       @validation_errors.present?
     end
 
@@ -226,6 +226,11 @@ module Krane
       version ? grouping : "core"
     end
 
+    def version
+      prefix, version = @definition.dig("apiVersion").split("/")
+      version || prefix
+    end
+
     def kubectl_resource_type
       type
     end
@@ -560,7 +565,12 @@ module Krane
 
     # Server side dry run is only supported on apply
     def validate_with_server_side_dry_run(kubectl)
-      command = ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
+      command = if kubectl.client_version >= Gem::Version.new('1.18')
+        ["apply", "-f", file_path, "--dry-run=server", "--output=name"]
+      else
+        ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
+      end
+
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
         retry_whitelist: [:client_timeout, :empty, :context_deadline], attempts: 3)
     end

data/lib/krane/kubernetes_resource/deployment.rb

@@ -155,6 +155,8 @@ module Krane
 
     def deploy_failing_to_progress?
       return false unless progress_condition.present?
+      # Ensure at least progress_deadline wall clock time has passed before before examining progress_condition
+      return false if deploy_started? && Time.now.utc - @deploy_started_at < progress_deadline
 
       # This assumes that when the controller bumps the observed generation, it also updates/clears all the status
       # conditions. Specifically, it assumes the progress condition is immediately set to True if a rollout is starting.

data/lib/krane/kubernetes_resource/mutating_webhook_configuration.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module Krane
+  class MutatingWebhookConfiguration < KubernetesResource
+    GLOBAL = true
+
+    class Webhook
+      EQUIVALENT = 'Equivalent'
+      EXACT = 'Exact'
+
+      class Rule
+        def initialize(definition)
+          @definition = definition
+        end
+
+        def matches_resource?(resource, accept_equivalent:)
+          groups.each do |group|
+            versions.each do |version|
+              resources.each do |kind|
+                return true if (resource.group == group || group == '*' || accept_equivalent) &&
+                  (resource.version == version || version == '*' || accept_equivalent) &&
+                  (resource.type.downcase == kind.downcase.singularize || kind == "*")
+              end
+            end
+          end
+          false
+        end
+
+        def groups
+          @definition.dig('apiGroups')
+        end
+
+        def versions
+          @definition.dig('apiVersions')
+        end
+
+        def resources
+          @definition.dig('resources')
+        end
+      end
+
+      def initialize(definition)
+        @definition = definition
+      end
+
+      def side_effects
+        @definition.dig('sideEffects')
+      end
+
+      def has_side_effects?
+        !%w(None NoneOnDryRun).include?(side_effects)
+      end
+
+      def match_policy
+        @definition.dig('matchPolicy')
+      end
+
+      def matches_resource?(resource, skip_rule_if_side_effect_none: true)
+        return false if skip_rule_if_side_effect_none && !has_side_effects?
+        rules.any? do |rule|
+          rule.matches_resource?(resource, accept_equivalent: match_policy == EQUIVALENT)
+        end
+      end
+
+      def rules
+        @definition.fetch('rules', []).map { |rule| Rule.new(rule) }
+      end
+    end
+
+    def initialize(namespace:, context:, definition:, logger:, statsd_tags:)
+      @webhooks = (definition.dig('webhooks') || []).map { |hook| Webhook.new(hook) }
+      super(namespace: namespace, context: context, definition: definition,
+        logger: logger, statsd_tags: statsd_tags)
+    end
+
+    TIMEOUT = 30.seconds
+
+    def deploy_succeeded?
+      exists?
+    end
+
+    def webhooks
+      @definition.fetch('webhooks', []).map { |webhook| Webhook.new(webhook) }
+    end
+  end
+end

data/lib/krane/resource_deployer.rb

@@ -20,6 +20,13 @@ module Krane
       @statsd_tags = statsd_tags
     end
 
+    def dry_run(resources)
+      apply_all(resources, true, dry_run: true)
+      true
+    rescue FatalDeploymentError
+      false
+    end
+
     def deploy!(resources, verify_result, prune)
       if verify_result
         deploy_all_resources(resources, prune: prune, verify: true)
@@ -128,17 +135,17 @@ module Krane
       end
     end
 
-    def apply_all(resources, prune)
+    def apply_all(resources, prune, dry_run: false)
       return unless resources.present?
-      command = %w(apply)
+      start = Time.now.utc
 
+      command = %w(apply)
       Dir.mktmpdir do |tmp_dir|
         resources.each do |r|
           FileUtils.symlink(r.file_path, tmp_dir)
-          r.deploy_started_at = Time.now.utc
+          r.deploy_started_at = Time.now.utc unless dry_run
         end
         command.push("-f", tmp_dir)
-
         if prune && @prune_whitelist.present?
           command.push("--prune")
           if @selector
@@ -149,20 +156,22 @@ module Krane
           @prune_whitelist.each { |type| command.push("--prune-whitelist=#{type}") }
         end
 
+        command.push(kubectl.dry_run_flag) if dry_run
         output_is_sensitive = resources.any?(&:sensitive_template_content?)
         global_mode = resources.all?(&:global?)
         out, err, st = kubectl.run(*command, log_failure: false, output_is_sensitive: output_is_sensitive,
           attempts: 2, use_namespace: !global_mode)
 
+        tags = statsd_tags + (dry_run ? ['dry_run:true'] : ['dry_run:false'])
+        Krane::StatsD.client.distribution('apply_all.duration', Krane::StatsD.duration(start), tags: tags)
         if st.success?
           log_pruning(out) if prune
         else
-          record_apply_failure(err, resources: resources)
+          record_apply_failure(err, resources: resources) unless dry_run
           raise FatalDeploymentError, "Command failed: #{Shellwords.join(command)}"
         end
       end
     end
-    measure_method(:apply_all)
 
     def log_pruning(kubectl_output)
       pruned = kubectl_output.scan(/^(.*) pruned$/)

data/lib/krane/runner_task.rb

@@ -118,7 +118,7 @@ module Krane
     end
 
     def validate_pod(pod)
-      pod.validate_definition(kubectl)
+      pod.validate_definition(kubectl: kubectl)
     end
 
     def watch_pod(pod)

data/lib/krane/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Krane
-  VERSION = "2.1.1"
+  VERSION = "2.1.6"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: krane
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.1.6
 platform: ruby
 authors:
 - Katrina Verey
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-10-21 00:00:00.000000000 Z
+date: 2021-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -375,7 +375,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.89.1
 - !ruby/object:Gem::Dependency
-  name: codecov
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -460,6 +460,7 @@ files:
 - lib/krane/kubernetes_resource/horizontal_pod_autoscaler.rb
 - lib/krane/kubernetes_resource/ingress.rb
 - lib/krane/kubernetes_resource/job.rb
+- lib/krane/kubernetes_resource/mutating_webhook_configuration.rb
 - lib/krane/kubernetes_resource/network_policy.rb
 - lib/krane/kubernetes_resource/persistent_volume_claim.rb
 - lib/krane/kubernetes_resource/pod.rb
@@ -511,7 +512,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="