krane 2.4.6 → 3.6.2

data/krane.gemspec

@@ -25,14 +25,14 @@ Gem::Specification.new do |spec|
 
   spec.metadata['allowed_push_host'] = "https://rubygems.org"
 
-  spec.required_ruby_version = '>= 2.6.0'
+  spec.required_ruby_version = '>= 2.7.6'
   spec.add_dependency("activesupport", ">= 5.0")
   spec.add_dependency("kubeclient", "~> 4.9")
-  spec.add_dependency("googleauth", "~> 0.8")
+  spec.add_dependency("googleauth", "~> 1.2")
   spec.add_dependency("ejson", "~> 1.0")
   spec.add_dependency("colorize", "~> 0.8")
-  spec.add_dependency("statsd-instrument", ['>= 2.8', "< 4"])
-  spec.add_dependency("oj", "~> 3.0")
+  spec.add_dependency("statsd-instrument", ['>= 2.8', "< 3.9"])
+  spec.add_dependency("multi_json")
   spec.add_dependency("concurrent-ruby", "~> 1.1")
   spec.add_dependency("jsonpath", "~> 1.0")
   spec.add_dependency("thor", ">= 1.0", "< 2.0")
@@ -43,11 +43,11 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("yard")
 
   # Test framework
-  spec.add_development_dependency("minitest", "~> 5.12")
+  spec.add_development_dependency("minitest", "~> 5.19")
   spec.add_development_dependency("minitest-stub-const", "~> 0.6")
   spec.add_development_dependency("minitest-reporters")
-  spec.add_development_dependency("mocha", "~> 1.5")
-  spec.add_development_dependency("webmock", "~> 3.0")
+  spec.add_development_dependency("mocha", "~> 2.1")
+  spec.add_development_dependency("webmock", "~> 3.18")
   spec.add_development_dependency("timecop")
 
   # Debugging and analysis

data/lib/krane/bindings_parser.rb

@@ -41,7 +41,8 @@ module Krane
         when '.json'
           bindings = parse_json(File.read(file_path))
         when '.yaml', '.yml'
-          bindings = YAML.safe_load(File.read(file_path), [], [], true, file_path)
+          bindings = YAML.safe_load(File.read(file_path), permitted_classes: [], permitted_symbols: [], 
+                                    aliases: true, filename: file_path)
         else
           raise ArgumentError, "Supplied file does not appear to be JSON or YAML"
         end
@@ -53,14 +54,14 @@ module Krane
     end
 
     def parse_json(string)
-      bindings = JSON.parse(string)
+      bindings = MultiJson.load(string)
 
       unless bindings.is_a?(Hash)
         raise ArgumentError, "Expected JSON data to be a hash."
       end
 
       bindings
-    rescue JSON::ParserError
+    rescue MultiJson::ParseError
       nil
     end
 

data/lib/krane/cli/krane.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 require 'krane'
-require 'krane/oj'
-require 'thor'
-require 'krane/cli/version_command'
-require 'krane/cli/restart_command'
-require 'krane/cli/run_command'
-require 'krane/cli/render_command'
 require 'krane/cli/deploy_command'
 require 'krane/cli/global_deploy_command'
+require 'krane/cli/render_command'
+require 'krane/cli/restart_command'
+require 'krane/cli/run_command'
+require 'krane/cli/version_command'
+require 'multi_json'
+require 'thor'
 
 module Krane
   module CLI

data/lib/krane/cluster_resource_discovery.rb

@@ -19,7 +19,7 @@ module Krane
     end
 
     def prunable_resources(namespaced:)
-      black_list = %w(Namespace Node ControllerRevision)
+      black_list = %w(Namespace Node ControllerRevision Event)
       fetch_resources(namespaced: namespaced).map do |resource|
         next unless resource["verbs"].one? { |v| v == "delete" }
         next if black_list.include?(resource["kind"])
@@ -37,19 +37,6 @@ module Krane
       end.compact.uniq { |r| "#{r['apigroup']}/#{r['kind']}" }
     end
 
-    def fetch_mutating_webhook_configurations
-      command = %w(get mutatingwebhookconfigurations)
-      raw_json, err, st = kubectl.run(*command, output: "json", attempts: 5, use_namespace: false)
-      if st.success?
-        JSON.parse(raw_json)["items"].map do |definition|
-          Krane::MutatingWebhookConfiguration.new(namespace: namespace, context: context, logger: logger,
-            definition: definition, statsd_tags: @namespace_tags)
-        end
-      else
-        raise FatalKubeAPIError, "Error retrieving mutatingwebhookconfigurations: #{err}"
-      end
-    end
-
     private
 
     # During discovery, the api paths may not actually be at the root, so we must programatically find it.
@@ -67,7 +54,7 @@ module Krane
       @api_path_cache["/"] ||= begin
         raw_json, err, st = kubectl.run("get", "--raw", base_api_path, attempts: 5, use_namespace: false)
         paths = if st.success?
-          JSON.parse(raw_json)["paths"]
+          MultiJson.load(raw_json)["paths"]
         else
           raise FatalKubeAPIError, "Error retrieving raw path /: #{err}"
         end
@@ -79,7 +66,7 @@ module Krane
       @api_path_cache[path] ||= begin
         raw_json, err, st = kubectl.run("get", "--raw", path, attempts: 2, use_namespace: false)
         if st.success?
-          JSON.parse(raw_json)
+          MultiJson.load(raw_json)
         else
           logger.warn("Error retrieving api path: #{err}")
           {}
@@ -105,7 +92,7 @@ module Krane
       raw_json, err, st = kubectl.run("get", "CustomResourceDefinition", output: "json", attempts: 5,
         use_namespace: false)
       if st.success?
-        JSON.parse(raw_json)["items"]
+        MultiJson.load(raw_json)["items"]
       else
         raise FatalKubeAPIError, "Error retrieving CustomResourceDefinition: #{err}"
       end

data/lib/krane/common.rb

@@ -20,5 +20,5 @@ require 'krane/task_config'
 require 'krane/task_config_validator'
 
 module Krane
-  MIN_KUBE_VERSION = '1.15.0'
+  MIN_KUBE_VERSION = '1.22.0'
 end

data/lib/krane/deploy_task.rb

@@ -30,7 +30,6 @@ require 'krane/kubernetes_resource'
   custom_resource_definition
   horizontal_pod_autoscaler
   secret
-  mutating_webhook_configuration
 ).each do |subresource|
   require "krane/kubernetes_resource/#{subresource}"
 end
@@ -78,7 +77,7 @@ module Krane
       Hash[before_crs + crs + after_crs]
     end
 
-    def prune_whitelist
+    def prune_allowlist
       cluster_resource_discoverer.prunable_resources(namespaced: true)
     end
 
@@ -193,7 +192,7 @@ module Krane
 
     def resource_deployer
       @resource_deployer ||= Krane::ResourceDeployer.new(task_config: @task_config,
-        prune_whitelist: prune_whitelist, global_timeout: @global_timeout,
+        prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
         selector: @selector, statsd_tags: statsd_tags, current_sha: @current_sha)
     end
 
@@ -285,26 +284,11 @@ module Krane
     end
     measure_method(:validate_configuration)
 
-    def partition_dry_run_resources(resources)
-      individuals = []
-      mutating_webhook_configurations = cluster_resource_discoverer.fetch_mutating_webhook_configurations
-      mutating_webhook_configurations.each do |mutating_webhook_configuration|
-        mutating_webhook_configuration.webhooks.each do |webhook|
-          individuals = (individuals + resources.select { |resource| webhook.matches_resource?(resource) }).uniq
-          resources -= individuals
-        end
-      end
-      [resources, individuals]
-    end
-
     def validate_resources(resources)
       validate_globals(resources)
-      batchable_resources, individuals = partition_dry_run_resources(resources.dup)
-      batch_dry_run_success = kubectl.server_dry_run_enabled? && validate_dry_run(batchable_resources)
-      individuals += batchable_resources unless batch_dry_run_success
       resources.select! { |r| r.selected?(@selector) } if @selector_as_filter
       Krane::Concurrency.split_across_threads(resources) do |r|
-        r.validate_definition(kubectl: kubectl, selector: @selector, dry_run: individuals.include?(r))
+        r.validate_definition(kubectl: kubectl, selector: @selector, dry_run: true)
       end
       failed_resources = resources.select(&:validation_failed?)
       if failed_resources.present?
@@ -330,15 +314,11 @@ module Krane
         "Use GlobalDeployTask instead."
     end
 
-    def validate_dry_run(resources)
-      resource_deployer.dry_run(resources)
-    end
-
     def namespace_definition
       @namespace_definition ||= begin
         definition, _err, st = kubectl.run("get", "namespace", @namespace, use_namespace: false,
           log_failure: true, raise_if_not_found: true, attempts: 3, output: 'json')
-        st.success? ? JSON.parse(definition, symbolize_names: true) : nil
+        st.success? ? MultiJson.load(definition, symbolize_names: true) : nil
       end
     rescue Kubectl::ResourceNotFoundError
       nil
@@ -372,7 +352,7 @@ module Krane
         unless st.success?
           raise EjsonSecretError, "Error retrieving Secret/#{EjsonSecretProvisioner::EJSON_KEYS_SECRET}: #{err}"
         end
-        JSON.parse(out)
+        MultiJson.load(out)
       end
     end
 

data/lib/krane/ejson_secret_provisioner.rb

@@ -117,8 +117,8 @@ module Krane
 
     def load_ejson_from_file
       return {} unless File.exist?(@ejson_file)
-      JSON.parse(File.read(@ejson_file))
-    rescue JSON::ParserError => e
+      MultiJson.load(File.read(@ejson_file))
+    rescue MultiJson::ParseError => e
       raise EjsonSecretError, "Failed to parse encrypted ejson:\n  #{e}"
     end
 
@@ -139,8 +139,8 @@ module Krane
         msg = err.presence || out
         raise EjsonSecretError, msg
       end
-      JSON.parse(out)
-    rescue JSON::ParserError
+      MultiJson.load(out)
+    rescue MultiJson::ParseError
       raise EjsonSecretError, "Failed to parse decrypted ejson"
     end
 

data/lib/krane/global_deploy_task.rb

@@ -108,7 +108,7 @@ module Krane
 
     def deploy!(resources, verify_result, prune)
       resource_deployer = ResourceDeployer.new(task_config: @task_config,
-        prune_whitelist: prune_whitelist, global_timeout: @global_timeout,
+        prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
         selector: @selector, statsd_tags: statsd_tags)
       resource_deployer.deploy!(resources, verify_result, prune)
     end
@@ -194,7 +194,7 @@ module Krane
       @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
     end
 
-    def prune_whitelist
+    def prune_allowlist
       cluster_resource_discoverer.prunable_resources(namespaced: false)
     end
 

data/lib/krane/kubeclient_builder.rb

@@ -49,9 +49,9 @@ module Krane
       )
     end
 
-    def build_policy_v1beta1_kubeclient(context)
+    def build_policy_v1_kubeclient(context)
       build_kubeclient(
-        api_version: "v1beta1",
+        api_version: "v1",
         context: context,
         endpoint_path: "/apis/policy/"
       )

data/lib/krane/kubectl.rb

@@ -12,6 +12,7 @@ module Krane
     DEFAULT_TIMEOUT = 15
     MAX_RETRY_DELAY = 16
     SERVER_DRY_RUN_MIN_VERSION = "1.13"
+    ALLOW_LIST_MIN_VERSION = "1.26"
 
     class ResourceNotFoundError < StandardError; end
 
@@ -82,9 +83,17 @@ module Krane
     def version_info
       @version_info ||=
         begin
-          response, _, status = run("version", use_namespace: false, log_failure: true, attempts: 2)
+          response, _, status = run("version", output: "json", use_namespace: false, log_failure: true, attempts: 2)
           raise KubectlError, "Could not retrieve kubectl version info" unless status.success?
-          extract_version_info_from_kubectl_response(response)
+
+          version_data = MultiJson.load(response)
+          client_version = platform_agnostic_version(version_data.dig("clientVersion", "gitVersion").to_s)
+          server_version = platform_agnostic_version(version_data.dig("serverVersion", "gitVersion").to_s)
+          unless client_version && server_version
+            raise KubectlError, "Received invalid kubectl version data: #{version_data}"
+          end
+
+          { client: client_version, server: server_version }
         end
     end
 
@@ -101,10 +110,14 @@ module Krane
     end
 
     def dry_run_flag
-      if client_version >= Gem::Version.new("1.18")
-        "--dry-run=server"
+      "--dry-run=server"
+    end
+
+    def allowlist_flag
+      if client_version >= Gem::Version.new(ALLOW_LIST_MIN_VERSION)
+        "--prune-allowlist"
       else
-        "--server-dry-run"
+        "--prune-whitelist"
       end
     end
 
@@ -127,15 +140,10 @@ module Krane
       end
     end
 
-    def extract_version_info_from_kubectl_response(response)
-      info = {}
-      response.each_line do |l|
-        match = l.match(/^(?<kind>Client|Server).* GitVersion:"v(?<version>\d+\.\d+\.\d+)/)
-        if match
-          info[match[:kind].downcase.to_sym] = Gem::Version.new(match[:version])
-        end
+    def platform_agnostic_version(version_string)
+      if match = version_string.match(/v(?<version>\d+\.\d+\.\d+)/)
+        Gem::Version.new(match[:version])
       end
-      info
     end
   end
 end

data/lib/krane/kubernetes_resource/horizontal_pod_autoscaler.rb

@@ -16,7 +16,7 @@ module Krane
     end
 
     def kubectl_resource_type
-      'hpa.v2beta1.autoscaling'
+      'hpa.v2.autoscaling'
     end
 
     def status

data/lib/krane/kubernetes_resource/pod.rb

@@ -10,6 +10,7 @@ module Krane
     )
 
     attr_accessor :stream_logs
+    attr_reader :definition
 
     def initialize(namespace:, context:, definition:, logger:,
       statsd_tags: nil, parent: nil, deploy_started_at: nil, stream_logs: false)

data/lib/krane/kubernetes_resource/service.rb

@@ -5,6 +5,7 @@ module Krane
   class Service < KubernetesResource
     TIMEOUT = 7.minutes
     SYNC_DEPENDENCIES = %w(Pod Deployment StatefulSet)
+    SKIP_ENDPOINT_VALIDATION_ANNOTATION = 'skip-endpoint-validation'
 
     def sync(cache)
       super
@@ -59,6 +60,9 @@ module Krane
     end
 
     def requires_endpoints?
+      # skip validation if the annotation is present
+      return false if skip_endpoint_validation
+
       # services of type External don't have endpoints
       return false if external_name_svc?
 
@@ -96,5 +100,9 @@ module Krane
     def published?
       @instance_data.dig('status', 'loadBalancer', 'ingress').present?
     end
+
+    def skip_endpoint_validation
+      krane_annotation_value(SKIP_ENDPOINT_VALIDATION_ANNOTATION) == 'true'
+    end
   end
 end

data/lib/krane/kubernetes_resource/stateful_set.rb

@@ -5,6 +5,7 @@ module Krane
     TIMEOUT = 10.minutes
     ONDELETE = 'OnDelete'
     SYNC_DEPENDENCIES = %w(Pod)
+    REQUIRED_ROLLOUT_TYPES = %w(full).freeze
     attr_reader :pods
 
     def sync(cache)
@@ -19,25 +20,24 @@ module Krane
     end
 
     def deploy_succeeded?
-      success = observed_generation == current_generation &&
-        desired_replicas == status_data['readyReplicas'].to_i &&
-        status_data['currentRevision'] == status_data['updateRevision']
-      if update_strategy == ONDELETE
-        # Gem cannot monitor update since it doesn't occur until delete
+      success = observed_generation == current_generation
+
+      if update_strategy == ONDELETE && required_rollout != "full"
         unless @success_assumption_warning_shown
-          @logger.warn("WARNING: Your StatefulSet's updateStrategy is set to OnDelete, "\
-                       "which means updates will not be applied until its pods are deleted. "\
-                       "Consider switching to rollingUpdate.")
+          @logger.warn("WARNING: Your StatefulSet's updateStrategy is set to #{update_strategy}, "\
+                       "which means updates will not be applied until its pods are deleted.")
           @success_assumption_warning_shown = true
         end
       else
-        success &= desired_replicas == status_data['currentReplicas'].to_i
+        success &= desired_replicas == status_data['readyReplicas'].to_i
+        success &= desired_replicas == status_data['updatedReplicas'].to_i
       end
+
       success
     end
 
     def deploy_failed?
-      return false if update_strategy == ONDELETE
+      return false if update_strategy == ONDELETE && required_rollout != 'full'
       pods.present? && pods.any?(&:deploy_failed?) &&
       observed_generation == current_generation
     end
@@ -65,7 +65,11 @@ module Krane
     def parent_of_pod?(pod_data)
       return false unless pod_data.dig("metadata", "ownerReferences")
       pod_data["metadata"]["ownerReferences"].any? { |ref| ref["uid"] == @instance_data["metadata"]["uid"] } &&
-      @instance_data["status"]["currentRevision"] == pod_data["metadata"]["labels"]["controller-revision-hash"]
+      @instance_data["status"]["updateRevision"] == pod_data["metadata"]["labels"]["controller-revision-hash"]
+    end
+
+    def required_rollout
+      krane_annotation_value("required-rollout") || nil
     end
   end
 end

data/lib/krane/kubernetes_resource.rb

@@ -226,11 +226,6 @@ module Krane
       version ? grouping : "core"
     end
 
-    def version
-      prefix, version = @definition.dig("apiVersion").split("/")
-      version || prefix
-    end
-
     def kubectl_resource_type
       type
     end
@@ -250,7 +245,7 @@ module Krane
     end
 
     def deploy_method_override
-      krane_annotation_value(DEPLOY_METHOD_OVERRIDE_ANNOTATION)&.to_sym
+      krane_annotation_value(DEPLOY_METHOD_OVERRIDE_ANNOTATION)&.gsub("-", "_")&.to_sym
     end
 
     def sync_debug_info(kubectl)
@@ -558,7 +553,6 @@ module Krane
       if err.empty? || err.match(SERVER_DRY_RUN_DISABLED_ERROR)
         _, err, st = validate_with_local_dry_run(kubectl)
       end
-
       return true if st.success?
       @validation_errors << if sensitive_template_content?
         "Validation for #{id} failed. Detailed information is unavailable as the raw error may contain sensitive data."
@@ -569,11 +563,7 @@ module Krane
 
     # Server side dry run is only supported on apply
     def validate_with_server_side_dry_run(kubectl)
-      command = if kubectl.client_version >= Gem::Version.new('1.18')
-        ["apply", "-f", file_path, "--dry-run=server", "--output=name"]
-      else
-        ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
-      end
+      command = ["apply", "-f", file_path, "--dry-run=server", "--output=name"]
 
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
         retry_whitelist: [:client_timeout, :empty, :context_deadline], attempts: 3)
@@ -584,12 +574,7 @@ module Krane
     # If the resource template uses generateName, validating with apply will fail
     def validate_with_local_dry_run(kubectl)
       verb = deploy_method == :apply ? "apply" : "create"
-      command = if kubectl.client_version >= Gem::Version.new('1.18')
-        [verb, "-f", file_path, "--dry-run=client", "--output=name"]
-      else
-        [verb, "-f", file_path, "--dry-run", "--output=name"]
-      end
-
+      command = [verb, "-f", file_path, "--dry-run=client", "--output=name"]
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
         retry_whitelist: [:client_timeout, :empty, :context_deadline], attempts: 3, use_namespace: !global?)
     end

data/lib/krane/resource_cache.rb

@@ -64,7 +64,7 @@ module Krane
       raise KubectlError unless st.success?
 
       instances = {}
-      JSON.parse(raw_json)["items"].each do |resource|
+      MultiJson.load(raw_json)["items"].each do |resource|
         resource_name = resource.dig("metadata", "name")
         instances[resource_name] = resource
       end

data/lib/krane/resource_deployer.rb

@@ -11,22 +11,15 @@ module Krane
     delegate :logger, to: :@task_config
     attr_reader :statsd_tags
 
-    def initialize(task_config:, prune_whitelist:, global_timeout:, current_sha: nil, selector:, statsd_tags:)
+    def initialize(task_config:, prune_allowlist:, global_timeout:, current_sha: nil, selector:, statsd_tags:)
       @task_config = task_config
-      @prune_whitelist = prune_whitelist
+      @prune_allowlist = prune_allowlist
       @global_timeout = global_timeout
       @current_sha = current_sha
       @selector = selector
       @statsd_tags = statsd_tags
     end
 
-    def dry_run(resources)
-      apply_all(resources, true, dry_run: true)
-      true
-    rescue FatalDeploymentError
-      false
-    end
-
     def deploy!(resources, verify_result, prune)
       if verify_result
         deploy_all_resources(resources, prune: prune, verify: true)
@@ -102,7 +95,7 @@ module Krane
       # Apply can be done in one large batch, the rest have to be done individually
       applyables, individuals = resources.partition { |r| r.deploy_method == :apply }
       # Prunable resources should also applied so that they can  be pruned
-      pruneable_types = @prune_whitelist.map { |t| t.split("/").last }
+      pruneable_types = @prune_allowlist.map { |t| t.split("/").last }
       applyables += individuals.select { |r| pruneable_types.include?(r.type) && !r.deploy_method_override }
 
       individuals.each do |individual_resource|
@@ -147,14 +140,15 @@ module Krane
           r.deploy_started_at = Time.now.utc unless dry_run
         end
         command.push("-f", tmp_dir)
-        if prune && @prune_whitelist.present?
+        if prune && @prune_allowlist.present?
           command.push("--prune")
           if @selector
             command.push("--selector", @selector.to_s)
           else
             command.push("--all")
           end
-          @prune_whitelist.each { |type| command.push("--prune-whitelist=#{type}") }
+          allow_list_flag = kubectl.allowlist_flag
+          @prune_allowlist.each { |type| command.push("#{allow_list_flag}=#{type}") }
         end
 
         command.push(kubectl.dry_run_flag) if dry_run
@@ -252,7 +246,7 @@ module Krane
       # For resources that rely on a generateName attribute, we get the `name` from the result of the call to `create`
       # We must explicitly set this name value so that the `apply` step for pruning can run successfully
       if status.success? && resource.uses_generate_name?
-        resource.use_generated_name(JSON.parse(out))
+        resource.use_generated_name(MultiJson.load(out))
       end
 
       [err, status]

data/lib/krane/restart_task.rb

@@ -12,10 +12,9 @@ module Krane
     class FatalRestartError < FatalDeploymentError; end
 
     class RestartAPIError < FatalRestartError
-      def initialize(deployment_name, response)
+      def initialize(deployment_name, message)
         super("Failed to restart #{deployment_name}. " \
-            "API returned non-200 response code (#{response.code})\n" \
-            "Response:\n#{response.body}")
+            "Error:\n#{message}")
       end
     end
 

data/lib/krane/rollout_conditions.rb

@@ -11,7 +11,7 @@ module Krane
       def from_annotation(conditions_string)
         return new(default_conditions) if conditions_string.downcase.strip == "true"
 
-        conditions = JSON.parse(conditions_string).slice('success_conditions', 'failure_conditions')
+        conditions = MultiJson.load(conditions_string).slice('success_conditions', 'failure_conditions')
         conditions.deep_symbolize_keys!
 
         # Create JsonPath objects
@@ -26,7 +26,7 @@ module Krane
         end
 
         new(conditions)
-      rescue JSON::ParserError => e
+      rescue MultiJson::ParseError => e
         raise RolloutConditionsError, "Rollout conditions are not valid JSON: #{e}"
       rescue StandardError => e
         raise RolloutConditionsError,

data/lib/krane/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Krane
-  VERSION = "2.4.6"
+  VERSION = "3.6.2"
 end