krane 3.3.0 → 3.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +1 -1
- data/.github/workflows/add-to-project.yml +18 -0
- data/.github/workflows/ci.yml +3 -0
- data/1.0-Upgrade.md +1 -1
- data/CHANGELOG.md +9 -1
- data/CONTRIBUTING.md +4 -4
- data/README.md +7 -6
- data/lib/krane/cli/deploy_command.rb +2 -0
- data/lib/krane/deploy_task.rb +5 -4
- data/lib/krane/global_deploy_task.rb +2 -2
- data/lib/krane/kubectl.rb +9 -0
- data/lib/krane/resource_deployer.rb +6 -5
- data/lib/krane/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5d9fd3a2bdcd247f19399a1617e4b3d7c2534b78535a05fe2609e1770fbcb943
|
|
4
|
+
data.tar.gz: 58f419d984de460814ceb27212e577b26d81e243f5be9b3821a0b348e314b975
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '0443799d9c0b820269127bedc5c2ee8ad7ef4de195bceb8b0cd65f46d55e169b19be24e50798901796ff33b46a34e21af5d2e2e5c3adfff2cf9464fd52899f27'
|
|
7
|
+
data.tar.gz: 81647888f3cca18356273f23802960d683830d68bb373da6031e64791374ef276a42f8161bf2f50b57dd46de6934d924dde85ddf70c6ac9930fb9f8163c0f452
|
data/.github/CODEOWNERS
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
* @Shopify/
|
|
1
|
+
* @Shopify/infrastructure-tooling
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
name: Project automations
|
|
2
|
+
on:
|
|
3
|
+
issues:
|
|
4
|
+
types:
|
|
5
|
+
- opened
|
|
6
|
+
- reopened
|
|
7
|
+
env:
|
|
8
|
+
PROJECT_URL: https://github.com/orgs/Shopify/projects/2279
|
|
9
|
+
|
|
10
|
+
jobs:
|
|
11
|
+
add-to-project:
|
|
12
|
+
name: Issue or PR opened
|
|
13
|
+
runs-on: shopify-ubuntu-latest
|
|
14
|
+
steps:
|
|
15
|
+
- uses: actions/add-to-project@v0.4.0 # https://github.com/actions/add-to-project/tree/v0.4.0
|
|
16
|
+
with:
|
|
17
|
+
project-url: ${{ env.PROJECT_URL }}
|
|
18
|
+
github-token: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
|
data/.github/workflows/ci.yml
CHANGED
|
@@ -16,10 +16,13 @@ jobs:
|
|
|
16
16
|
- "3.0.4"
|
|
17
17
|
- "2.7.6"
|
|
18
18
|
kubernetes_version:
|
|
19
|
+
- "1.27.3"
|
|
19
20
|
- "1.26.4"
|
|
20
21
|
- "1.24.13"
|
|
21
22
|
- "1.23.17"
|
|
22
23
|
include:
|
|
24
|
+
- kubernetes_version: "1.27.3"
|
|
25
|
+
kind_image: "kindest/node:v1.27.3@sha256:9dd3392d79af1b084671b05bcf65b21de476256ad1dcc853d9f3b10b4ac52dde"
|
|
23
26
|
- kubernetes_version: "1.26.4"
|
|
24
27
|
kind_image: "kindest/node:v1.26.4@sha256:a539833d26264444ab3b8f5e56e23fa3361436445fa23c864e6dec622458858f"
|
|
25
28
|
- kubernetes_version: "1.24.13"
|
data/1.0-Upgrade.md
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* There are breaking changes in the public API (such as the renaming of the `KubernetesDeploy` namespace to `Krane`, and the change in default values for different arguments of the public interface).
|
|
8
8
|
* StatsD metrics will now be generated with the `krane` prefix.
|
|
9
9
|
* `krane deploy` now considers all namespaced resources eligible for pruning, including
|
|
10
|
-
custom resources. See [blacklist](https://github.com/Shopify/krane/blob/
|
|
10
|
+
custom resources. See [blacklist](https://github.com/Shopify/krane/blob/main/lib/krane/cluster_resource_discovery.rb#L20) for exceptions.
|
|
11
11
|
* `kubernetes-deploy` (now `krane deploy`) / `DeployTask` can no longer deploy global (non-namespaced) resources. A new command called `krane global-deploy` and a related class called `GlobalDeployTask` were added to replace that feature.
|
|
12
12
|
* `krane deploy` will not render erb templates. Use `krane render | krane deploy --stdin` to reproduce this functionality.
|
|
13
13
|
* If you attempt to install two gems that have conflicting executables, `gem install` will warn you but the most recently installed one will win.
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
## next
|
|
2
2
|
|
|
3
|
+
# 3.4.1
|
|
4
|
+
|
|
5
|
+
- Added flag `--skip-dry-run` to completely opt out of dry run validation.
|
|
6
|
+
|
|
7
|
+
# 3.4.0
|
|
8
|
+
|
|
9
|
+
- Use `prune-allowlist` instead of `prune-whitelist` for 1.26+ clusters. Clusters running 1.25 or less will continue to use `--prune-whitelist`. [#940](https://github.com/Shopify/krane/pull/940)
|
|
10
|
+
|
|
3
11
|
## 3.3.0
|
|
4
12
|
|
|
5
13
|
*Enhancements*
|
|
@@ -288,7 +296,7 @@ It seems an issue when too many pods are referencing the same secret/configmap h
|
|
|
288
296
|
# 1.0.0
|
|
289
297
|
|
|
290
298
|
We've renamed the gem and cli to Krane.
|
|
291
|
-
See our [migration guide](https://github.com/Shopify/krane/blob/
|
|
299
|
+
See our [migration guide](https://github.com/Shopify/krane/blob/main/1.0-Upgrade.md) to help navigate the breaking changes.
|
|
292
300
|
|
|
293
301
|
## 1.0.0.pre.2
|
|
294
302
|
|
data/CONTRIBUTING.md
CHANGED
|
@@ -22,7 +22,7 @@ The following is a set of guidelines for contributing to krane. Please take a mo
|
|
|
22
22
|
* [CI (External contributors)](#ci-external-contributors)
|
|
23
23
|
## Code of Conduct
|
|
24
24
|
|
|
25
|
-
This project and everyone participating in it are governed by the [Code of Conduct](https://github.com/Shopify/krane/blob/
|
|
25
|
+
This project and everyone participating in it are governed by the [Code of Conduct](https://github.com/Shopify/krane/blob/main/CODE_OF_CONDUCT.md).
|
|
26
26
|
By participating, you are expected to uphold this code. Please report unacceptable
|
|
27
27
|
behavior to [krane@shopify.com](mailto:krane@shopify.com).
|
|
28
28
|
|
|
@@ -95,9 +95,9 @@ This gem uses subclasses of `KubernetesResource` to implement custom success/fai
|
|
|
95
95
|
* `deploy_failed?`
|
|
96
96
|
3. Adjust the `TIMEOUT` constant to an appropriate value for this type.
|
|
97
97
|
4. Add the new class to list of resources in
|
|
98
|
-
[`deploy_task.rb`](https://github.com/Shopify/krane/blob/
|
|
99
|
-
5. Add the new resource to the [prune whitelist](https://github.com/Shopify/krane/blob/
|
|
100
|
-
6. Add a basic example of the type to the hello-cloud [fixture set](https://github.com/Shopify/krane/tree/
|
|
98
|
+
[`deploy_task.rb`](https://github.com/Shopify/krane/blob/main/lib/krane/deploy_task.rb#L8)
|
|
99
|
+
5. Add the new resource to the [prune whitelist](https://github.com/Shopify/krane/blob/main/lib/krane/deploy_task.rb#L81)
|
|
100
|
+
6. Add a basic example of the type to the hello-cloud [fixture set](https://github.com/Shopify/krane/tree/main/test/fixtures/hello-cloud) and appropriate assertions to `#assert_all_up` in [`hello_cloud.rb`](https://github.com/Shopify/krane/blob/main/test/helpers/fixture_sets/hello_cloud.rb). This will get you coverage in several existing tests, such as `test_full_hello_cloud_set_deploy_succeeds`.
|
|
101
101
|
7. Add tests for any edge cases you foresee.
|
|
102
102
|
|
|
103
103
|
### Contributor License Agreement
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
# krane [](https://buildkite.com/shopify/krane)
|
|
2
2
|
|
|
3
|
-
> This project used to be called `kubernetes-deploy`. Check out our [migration guide](https://github.com/Shopify/krane/blob/
|
|
3
|
+
> This project used to be called `kubernetes-deploy`. Check out our [migration guide](https://github.com/Shopify/krane/blob/main/1.0-Upgrade.md) for more information including details about breaking changes.
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
`krane` is a command line tool that helps you ship changes to a Kubernetes namespace and understand the result. At Shopify, we use it within our much-beloved, open-source [Shipit](https://github.com/Shopify/shipit-engine#kubernetes) deployment app.
|
|
@@ -93,6 +93,7 @@ Krane provides support for official upstream supported versions [Kubernetes](htt
|
|
|
93
93
|
| 1.24 | Yes | -- |
|
|
94
94
|
| 1.25 | No | -- |
|
|
95
95
|
| 1.26 | Yes | -- |
|
|
96
|
+
| 1.27 | Yes | -- |
|
|
96
97
|
|
|
97
98
|
## Installation
|
|
98
99
|
|
|
@@ -336,7 +337,7 @@ status:
|
|
|
336
337
|
|
|
337
338
|
### Deploy walkthrough
|
|
338
339
|
|
|
339
|
-
Let's walk through what happens when you run the `deploy` task with [this directory of templates](https://github.com/Shopify/krane/tree/
|
|
340
|
+
Let's walk through what happens when you run the `deploy` task with [this directory of templates](https://github.com/Shopify/krane/tree/main/test/fixtures/hello-cloud). This particular example uses ERB templates as well, so we'll use the [krane render](#krane-render) task to achieve that.
|
|
340
341
|
|
|
341
342
|
You can test this out for yourself by running the following command:
|
|
342
343
|
|
|
@@ -403,7 +404,7 @@ In this phase, we:
|
|
|
403
404
|
|
|
404
405
|
Just like in the previous phase, we essentially run `kubectl apply` on those templates and periodically check the cluster for the current status of each resource so we can display error or success information.
|
|
405
406
|
|
|
406
|
-
If pruning is enabled (which, again, is the default), any [kind not listed in the blacklist](https://github.com/Shopify/krane/blob/
|
|
407
|
+
If pruning is enabled (which, again, is the default), any [kind not listed in the blacklist](https://github.com/Shopify/krane/blob/main/lib/krane/cluster_resource_discovery.rb#L20) that we can find in the namespace but not in the templates will be removed. A particular message about pruning will be printed in the next phase if any resource matches this criteria.
|
|
407
408
|
|
|
408
409
|
#### Result
|
|
409
410
|
|
|
@@ -653,13 +654,13 @@ This is a limitation of the current implementation.
|
|
|
653
654
|
# Contributing
|
|
654
655
|
|
|
655
656
|
We :heart: contributors! To make it easier for you and us we've written a
|
|
656
|
-
[Contributing Guide](https://github.com/Shopify/krane/blob/
|
|
657
|
+
[Contributing Guide](https://github.com/Shopify/krane/blob/main/CONTRIBUTING.md)
|
|
657
658
|
|
|
658
659
|
|
|
659
660
|
You can also reach out to us on our slack channel, #krane, at https://kubernetes.slack.com. All are welcome!
|
|
660
661
|
|
|
661
662
|
## Code of Conduct
|
|
662
|
-
Everyone is expected to follow our [Code of Conduct](https://github.com/Shopify/krane/blob/
|
|
663
|
+
Everyone is expected to follow our [Code of Conduct](https://github.com/Shopify/krane/blob/main/CODE_OF_CONDUCT.md).
|
|
663
664
|
|
|
664
665
|
|
|
665
666
|
# License
|
|
@@ -33,6 +33,7 @@ module Krane
|
|
|
33
33
|
default: false },
|
|
34
34
|
"verify-result" => { type: :boolean, default: true,
|
|
35
35
|
desc: "Verify workloads correctly deployed" },
|
|
36
|
+
"skip-dry-run" => { type: :boolean, desc: "Enable skipping dry run", default: false},
|
|
36
37
|
}
|
|
37
38
|
|
|
38
39
|
def self.from_options(namespace, context, options)
|
|
@@ -71,6 +72,7 @@ module Krane
|
|
|
71
72
|
selector: selector,
|
|
72
73
|
selector_as_filter: selector_as_filter,
|
|
73
74
|
protected_namespaces: protected_namespaces,
|
|
75
|
+
skip_dry_run: options["skip-dry-run"]
|
|
74
76
|
)
|
|
75
77
|
|
|
76
78
|
deploy.run!(
|
data/lib/krane/deploy_task.rb
CHANGED
|
@@ -77,7 +77,7 @@ module Krane
|
|
|
77
77
|
Hash[before_crs + crs + after_crs]
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
-
def
|
|
80
|
+
def prune_allowlist
|
|
81
81
|
cluster_resource_discoverer.prunable_resources(namespaced: true)
|
|
82
82
|
end
|
|
83
83
|
|
|
@@ -106,7 +106,7 @@ module Krane
|
|
|
106
106
|
# @param render_erb [Boolean] Enable ERB rendering
|
|
107
107
|
def initialize(namespace:, context:, current_sha: nil, logger: nil, kubectl_instance: nil, bindings: {},
|
|
108
108
|
global_timeout: nil, selector: nil, selector_as_filter: false, filenames: [], protected_namespaces: nil,
|
|
109
|
-
render_erb: false, kubeconfig: nil)
|
|
109
|
+
render_erb: false, kubeconfig: nil, skip_dry_run: false)
|
|
110
110
|
@logger = logger || Krane::FormattedLogger.build(namespace, context)
|
|
111
111
|
@template_sets = TemplateSets.from_dirs_and_files(paths: filenames, logger: @logger, render_erb: render_erb)
|
|
112
112
|
@task_config = Krane::TaskConfig.new(context, namespace, @logger, kubeconfig)
|
|
@@ -121,6 +121,7 @@ module Krane
|
|
|
121
121
|
@selector_as_filter = selector_as_filter
|
|
122
122
|
@protected_namespaces = protected_namespaces || PROTECTED_NAMESPACES
|
|
123
123
|
@render_erb = render_erb
|
|
124
|
+
@skip_dry_run = skip_dry_run
|
|
124
125
|
end
|
|
125
126
|
|
|
126
127
|
# Runs the task, returning a boolean representing success or failure
|
|
@@ -192,7 +193,7 @@ module Krane
|
|
|
192
193
|
|
|
193
194
|
def resource_deployer
|
|
194
195
|
@resource_deployer ||= Krane::ResourceDeployer.new(task_config: @task_config,
|
|
195
|
-
|
|
196
|
+
prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
|
|
196
197
|
selector: @selector, statsd_tags: statsd_tags, current_sha: @current_sha)
|
|
197
198
|
end
|
|
198
199
|
|
|
@@ -286,7 +287,7 @@ module Krane
|
|
|
286
287
|
|
|
287
288
|
def validate_resources(resources)
|
|
288
289
|
validate_globals(resources)
|
|
289
|
-
batch_dry_run_success = validate_dry_run(resources)
|
|
290
|
+
batch_dry_run_success = @skip_dry_run || validate_dry_run(resources)
|
|
290
291
|
resources.select! { |r| r.selected?(@selector) } if @selector_as_filter
|
|
291
292
|
Krane::Concurrency.split_across_threads(resources) do |r|
|
|
292
293
|
# No need to pass in kubectl (and do per-resource dry run apply) if batch dry run succeeded
|
|
@@ -108,7 +108,7 @@ module Krane
|
|
|
108
108
|
|
|
109
109
|
def deploy!(resources, verify_result, prune)
|
|
110
110
|
resource_deployer = ResourceDeployer.new(task_config: @task_config,
|
|
111
|
-
|
|
111
|
+
prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
|
|
112
112
|
selector: @selector, statsd_tags: statsd_tags)
|
|
113
113
|
resource_deployer.deploy!(resources, verify_result, prune)
|
|
114
114
|
end
|
|
@@ -194,7 +194,7 @@ module Krane
|
|
|
194
194
|
@kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
|
|
195
195
|
end
|
|
196
196
|
|
|
197
|
-
def
|
|
197
|
+
def prune_allowlist
|
|
198
198
|
cluster_resource_discoverer.prunable_resources(namespaced: false)
|
|
199
199
|
end
|
|
200
200
|
|
data/lib/krane/kubectl.rb
CHANGED
|
@@ -12,6 +12,7 @@ module Krane
|
|
|
12
12
|
DEFAULT_TIMEOUT = 15
|
|
13
13
|
MAX_RETRY_DELAY = 16
|
|
14
14
|
SERVER_DRY_RUN_MIN_VERSION = "1.13"
|
|
15
|
+
ALLOW_LIST_MIN_VERSION = "1.26"
|
|
15
16
|
|
|
16
17
|
class ResourceNotFoundError < StandardError; end
|
|
17
18
|
|
|
@@ -112,6 +113,14 @@ module Krane
|
|
|
112
113
|
"--dry-run=server"
|
|
113
114
|
end
|
|
114
115
|
|
|
116
|
+
def allowlist_flag
|
|
117
|
+
if client_version >= Gem::Version.new(ALLOW_LIST_MIN_VERSION)
|
|
118
|
+
"--prune-allowlist"
|
|
119
|
+
else
|
|
120
|
+
"--prune-whitelist"
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
|
|
115
124
|
private
|
|
116
125
|
|
|
117
126
|
def build_command_from_options(args, use_namespace, use_context, output)
|
|
@@ -11,9 +11,9 @@ module Krane
|
|
|
11
11
|
delegate :logger, to: :@task_config
|
|
12
12
|
attr_reader :statsd_tags
|
|
13
13
|
|
|
14
|
-
def initialize(task_config:,
|
|
14
|
+
def initialize(task_config:, prune_allowlist:, global_timeout:, current_sha: nil, selector:, statsd_tags:)
|
|
15
15
|
@task_config = task_config
|
|
16
|
-
@
|
|
16
|
+
@prune_allowlist = prune_allowlist
|
|
17
17
|
@global_timeout = global_timeout
|
|
18
18
|
@current_sha = current_sha
|
|
19
19
|
@selector = selector
|
|
@@ -102,7 +102,7 @@ module Krane
|
|
|
102
102
|
# Apply can be done in one large batch, the rest have to be done individually
|
|
103
103
|
applyables, individuals = resources.partition { |r| r.deploy_method == :apply }
|
|
104
104
|
# Prunable resources should also applied so that they can be pruned
|
|
105
|
-
pruneable_types = @
|
|
105
|
+
pruneable_types = @prune_allowlist.map { |t| t.split("/").last }
|
|
106
106
|
applyables += individuals.select { |r| pruneable_types.include?(r.type) && !r.deploy_method_override }
|
|
107
107
|
|
|
108
108
|
individuals.each do |individual_resource|
|
|
@@ -147,14 +147,15 @@ module Krane
|
|
|
147
147
|
r.deploy_started_at = Time.now.utc unless dry_run
|
|
148
148
|
end
|
|
149
149
|
command.push("-f", tmp_dir)
|
|
150
|
-
if prune && @
|
|
150
|
+
if prune && @prune_allowlist.present?
|
|
151
151
|
command.push("--prune")
|
|
152
152
|
if @selector
|
|
153
153
|
command.push("--selector", @selector.to_s)
|
|
154
154
|
else
|
|
155
155
|
command.push("--all")
|
|
156
156
|
end
|
|
157
|
-
|
|
157
|
+
allow_list_flag = kubectl.allowlist_flag
|
|
158
|
+
@prune_allowlist.each { |type| command.push("#{allow_list_flag}=#{type}") }
|
|
158
159
|
end
|
|
159
160
|
|
|
160
161
|
command.push(kubectl.dry_run_flag) if dry_run
|
data/lib/krane/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: krane
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Katrina Verey
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2024-01-29 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activesupport
|
|
@@ -414,6 +414,7 @@ files:
|
|
|
414
414
|
- ".github/CODEOWNERS"
|
|
415
415
|
- ".github/ISSUE_TEMPLATE.md"
|
|
416
416
|
- ".github/pull_request_template.md"
|
|
417
|
+
- ".github/workflows/add-to-project.yml"
|
|
417
418
|
- ".github/workflows/ci.yml"
|
|
418
419
|
- ".github/workflows/cla.yml"
|
|
419
420
|
- ".gitignore"
|
|
@@ -524,7 +525,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
524
525
|
- !ruby/object:Gem::Version
|
|
525
526
|
version: '0'
|
|
526
527
|
requirements: []
|
|
527
|
-
rubygems_version: 3.
|
|
528
|
+
rubygems_version: 3.5.5
|
|
528
529
|
signing_key:
|
|
529
530
|
specification_version: 4
|
|
530
531
|
summary: A command line tool that helps you ship changes to a Kubernetes namespace
|