kube-platform 3.3.1.gk.0

data/lib/kube-platform/client.rb

@@ -0,0 +1,217 @@
+# frozen_string_literal: true
+
+require_relative "logger"
+
+module KubePlatform
+  class Client
+    include Logger
+
+    attr_reader :context
+
+    CONFIG_PATH = "#{ENV['HOME']}/.kube/config"
+    HTTP_ERROR_RETRIES = 5
+    BEARER_TOKEN_FILE_PATH = '/var/run/secrets/kubernetes.io/serviceaccount/token'
+    CERT_PATH = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+
+    def initialize(context_name: nil, config_path: CONFIG_PATH)
+      unless in_cluster?
+        @context = load_context(context_name, config_path)
+      end
+      @client_map = {}
+    end
+
+    def create(resource)
+      lifecycle_hook(resource, :pre_create)
+      log_action(:creating, resource)
+      create_resource(resource)
+      lifecycle_hook(resource, :post_create)
+    end
+
+    def update(resource)
+      lifecycle_hook(resource, :pre_update)
+      log_action(:updating, resource)
+      update_resource(resource)
+      lifecycle_hook(resource, :post_update)
+    end
+
+    def delete(resource, continue_on_missing: true)
+      lifecycle_hook(resource, :pre_delete)
+      log_action(:deleting, resource)
+      delete_resource(resource, continue_on_missing: continue_on_missing)
+      lifecycle_hook(resource, :post_delete)
+    end
+
+    def exist?(resource)
+      get(resource) != nil
+    end
+
+    def client_for_api(api = "v1")
+      @client_map[api] ||= build_client(api)
+    end
+
+    def api_endpoint_from_context
+      @context&.api_endpoint
+    end
+
+    def get(resource)
+      method = method_for_resource_action(:get, resource)
+      client = client_for_resource(resource)
+
+      raw = resource.namespaced? ? client.send(method, resource.name, resource.namespace) : client.send(method, resource.name)
+      KubePlatform::Resource.from_spec(**(raw.to_h))
+    rescue Kubeclient::ResourceNotFoundError
+      nil
+    end
+
+    # This modifies the API response slightly to appease the Resource wrapper
+    def pods_matching_selector(selector:, namespace:)
+      client = client_for_api("v1")
+      client.get_pods(label_selector: selector, namespace: namespace).map do |pod|
+        pod.apiVersion = "v1"
+        pod.kind = "Pod"
+        KubePlatform::Resource.from_spec(**(pod.to_h))
+      end
+    end
+
+    private
+
+    def log_action(action, resource)
+      logger.info("#{action.capitalize} #{resource.kind} #{resource.name}")
+    end
+
+    def create_resource(resource)
+      method = method_for_resource_action(:create, resource)
+      client = client_for_resource(resource)
+
+      with_http_error_retries do
+        client.send(method, resource.unwrap)
+      end
+    rescue StandardError # TODO: Fix this double log. Either do nothing here, or wrap a new exception around the rescued one.
+      log_exception(:create, resource)
+      raise
+    end
+
+    def update_resource(resource)
+      method = method_for_resource_action(:update, resource)
+      client = client_for_resource(resource)
+
+      with_http_error_retries do
+        client.send(method, resource.unwrap)
+      end
+    rescue StandardError # TODO: ditto
+      log_exception(:update, resource)
+      raise
+    end
+
+    def delete_resource(resource, continue_on_missing:)
+      execute_delete(resource)
+    rescue Kubeclient::ResourceNotFoundError
+      resource_not_found!(resource, continue_on_missing)
+    rescue StandardError # TODO: ditto
+      log_exception(:delete, resource)
+      raise
+    end
+
+    def execute_delete(resource)
+      method = method_for_resource_action(:delete, resource)
+      client = client_for_resource(resource)
+
+      with_http_error_retries do
+        if resource.namespaced?
+          client.send(method, resource.name, resource.namespace)
+        else
+          client.send(method, resource.name)
+        end
+      end
+    end
+
+    def with_http_error_retries
+      attempt_number = 0
+      backoff_randomization = rand(1.0...1.5)
+      begin
+        yield
+      rescue Kubeclient::ResourceNotFoundError
+        # This is not recoverable, so re-raise
+        raise
+      rescue Kubeclient::HttpError
+        if attempt_number >= HTTP_ERROR_RETRIES # TODO: ditto
+          logger.error("Giving up, retry limit of #{HTTP_ERROR_RETRIES} exceeded")
+          raise
+        end
+
+        sleep_time = backoff_randomization * 2**attempt_number
+        logger.warn("Encountered an HTTP error. Sleeping #{sleep_time}s before retrying (#{attempt_number + 1}/#{HTTP_ERROR_RETRIES})")
+        sleep(sleep_time)
+        attempt_number += 1
+        retry
+      end
+    end
+
+    def resource_not_found!(resource, continue_on_missing) # TODO: ditto
+      if continue_on_missing
+        logger.debug("Failed to delete #{resource.kind} #{resource.name}, it does not exist")
+      else
+        logger.error("Failed to delete #{resource.kind} #{resource.name}, it does not exist")
+        raise
+      end
+    end
+
+    def log_exception(action, resource)
+      logger.error("Exception encountered trying to #{action} #{resource.kind} '#{resource.name}'")
+    end
+
+    def method_for_resource_action(action, resource)
+      "#{action}_#{Kubeclient::ClientMixin.underscore_entity(resource.kind)}".to_sym
+    end
+
+    def load_context(context_name, config_path)
+      config = Kubeclient::Config.read(config_path)
+      config.context(context_name)
+    end
+
+    def client_for_resource(resource)
+      client_for_api(resource.api_version)
+    end
+
+    def build_client(api)
+      case api
+      when "v1"
+        path = "api"
+        version = "v1"
+      else
+        api_group, _, version = api.rpartition("/")
+        path = "apis/#{api_group}"
+      end
+
+      if in_cluster?
+        build_client_in_cluster(path, version)
+      else
+        Kubeclient::Client.new("#{context.api_endpoint}/#{path}", version, ssl_options: context.ssl_options, auth_options: context.auth_options)
+      end
+    end
+
+    def build_client_in_cluster(path, version)
+      auth_options = {
+        bearer_token_file: BEARER_TOKEN_FILE_PATH
+      }
+      ssl_options = {}
+      if File.exist?(CERT_PATH)
+        ssl_options[:ca_file] = CERT_PATH
+      end
+      Kubeclient::Client.new(
+        "https://#{ENV['KUBERNETES_SERVICE_HOST']}:#{ENV['KUBERNETES_SERVICE_PORT']}/#{path}",
+        version,
+        auth_options: auth_options,
+        ssl_options:  ssl_options
+      )
+    end
+
+    def lifecycle_hook(resource, hook)
+      resource.send(hook, self) if resource.respond_to?(hook)
+    end
+
+    def in_cluster?
+      ENV['KUBERNETES_SERVICE_HOST'] && ENV['KUBERNETES_SERVICE_PORT']
+    end
+  end
+end

data/lib/kube-platform/cluster.rb

@@ -0,0 +1,224 @@
+# frozen_string_literal: true
+
+require_relative "logger"
+require "active_support/time"
+
+module KubePlatform
+  class Cluster
+    ClusterDeprecation = ActiveSupport::Deprecation.new('2.0', 'KubePlatform')
+
+    class PlatformDefinitionMismatchException < KubePlatformException
+      attr_reader :received_definition, :expected_definition
+
+      def initialize(message, expected_definition:, received_definition:)
+        @expected_definition = expected_definition
+        @received_definition = received_definition
+        super(message)
+      end
+    end
+
+    PlatformExistsException = Class.new(KubePlatformException)
+    PlatformNotFoundException = Class.new(KubePlatformException)
+    HealthCheckFailedException = Class.new(KubePlatformException)
+    NamespaceCreationException = Class.new(KubePlatformException)
+    PreCheckFailedException = Class.new(KubePlatformException)
+
+    include Logger
+
+    attr_reader :name, :cluster_definition, :client, :config
+
+    # Resources that exist outside of a namespace
+    GLOBAL_RESOURCES = ["Namespace", "PersistentVolume"].freeze
+    DEFINITION_ANNOTATION = "invoca.com/cluster_definition"
+    IMAGE_TAG_ANNOTATION = "invoca.com/image_tags"
+
+    NAMESPACE_CREATION_TIMEOUT = 5.minutes
+
+    def initialize(name:, cluster_definition:, client:, config:)
+      @name = name
+      @cluster_definition = cluster_definition
+      @client = client
+      @config = config
+    end
+
+    def create
+      exist? and raise PlatformExistsException, "Platform #{name} already exists"
+
+      run_pre_checks
+      annotate_namespace
+      create_namespace
+      create_cluster_resources
+      run_health_checks
+      logger.info "Successfully created platform #{name}"
+    end
+
+    def update
+      exist? or raise PlatformNotFoundException, "Platform #{name} does not exist"
+
+      raise_if_definition_mismatch!
+      copy_namespace_annotations
+      annotate_namespace
+      update_namespace
+      actioned_pre_update_resources? ? pre_update_actions : pre_updates
+      update_pods
+      run_health_checks
+      logger.info "Successfully updated platform #{name}"
+    end
+
+    def delete
+      if exist?
+        raise_if_definition_mismatch!
+        delete_cluster_resources
+        delete_namespace
+        logger.info "Successfully deleted platform #{name}"
+      elsif @config.force_api_calls
+        logger.info "Namespace #{name} does not exist. Returning."
+      else
+        raise PlatformNotFoundException, "Platform #{name} does not exist"
+      end
+    end
+
+    def image_key_tag_pairs
+      exist? or raise PlatformNotFoundException, "Platform #{name} does not exist"
+
+      JSON.parse(existing_namespace.annotation(IMAGE_TAG_ANNOTATION)).symbolize_keys
+    end
+
+    private
+
+    def exist?
+      !existing_namespace.nil?
+    end
+
+    def actioned_pre_update_resources?
+      cluster_definition.actioned_pre_update_resources?
+    end
+
+    def raise_if_definition_mismatch!
+      cluster_launch_definition.nil? and raise KubePlatformException, "Platform #{name} is missing the #{DEFINITION_ANNOTATION} annotation."
+      if cluster_launch_definition != definition_name
+        raise PlatformDefinitionMismatchException.new(
+          "Platform was launched with definition #{cluster_launch_definition} but current operation is for #{definition_name}",
+          expected_definition: cluster_launch_definition,
+          received_definition: definition_name
+        )
+      end
+    end
+
+    def cluster_launch_definition
+      @cluster_launch_definition ||= existing_namespace.annotation(DEFINITION_ANNOTATION)
+    end
+
+    def existing_namespace
+      @existing_namespace ||= client.get(namespace)
+    end
+
+    def definition_name
+      cluster_definition.name
+    end
+
+    def copy_namespace_annotations
+      existing_namespace&.annotations&.each_pair { |name, value| namespace.annotate(name, value) }
+    end
+
+    def annotate_namespace
+      namespace.annotate(DEFINITION_ANNOTATION, definition_name)
+      namespace.annotate(IMAGE_TAG_ANNOTATION, config.image_key_tag_pairs_without_defaults.to_json)
+    end
+
+    def namespace_resources(resources)
+      resources.each { |r| r.namespace = namespace.name unless GLOBAL_RESOURCES.include?(r.kind) }
+    end
+
+    def namespace
+      cluster_definition.namespace
+    end
+
+    def create_namespace
+      client.create(namespace)
+      create_time = Time.now
+      until client.exist?(namespace) # TODO: Use MonotonicTickCount?
+        if (Time.now - create_time) > NAMESPACE_CREATION_TIMEOUT
+          raise NamespaceCreationException, "Platform namespace #{name} failed to create in under #{NAMESPACE_CREATION_TIMEOUT} seconds"
+        end
+
+        logger.info("Waiting for namespace to exist... sleeping 10 seconds")
+        sleep(10.seconds)
+      end
+    end
+
+    def delete_namespace
+      client.delete(namespace)
+    end
+
+    def resources
+      @resources ||= namespace_resources(cluster_definition.resources)
+    end
+
+    def create_cluster_resources
+      resources.each { |r| client.create(r) }
+    end
+
+    def update_namespace
+      client.update(namespace)
+    end
+
+    def pre_update_actioned_resources
+      @pre_update_actioned_resources ||= cluster_definition.pre_update_actioned_resources.each { |_a, r| namespace_resources(r) }
+    end
+
+    def pre_update_actions
+      pre_update_actioned_resources.each do |action, resources|
+        resources.each { |r| client.send(action, r) }
+      end
+    end
+
+    def pre_update_resources
+      @pre_update_resources ||= namespace_resources(cluster_definition.pre_update_resources)
+    end
+
+    def pre_updates
+      pre_update_resources.each { |r| client.create(r) }
+    end
+
+    def update_pods
+      pods_to_update.each { |r| client.update(r) }
+    end
+
+    def pods_to_update
+      client.pods_matching_selector(selector: cluster_definition.update_pod_selector, namespace: namespace.name).map do |pod|
+        resources.find do |resource|
+          resource.pod_annotation(Manifest::FILENAME_ANNOTATION) == pod.annotation(Manifest::FILENAME_ANNOTATION)
+        end
+      end
+    end
+
+    def delete_cluster_resources
+      resources.reverse_each { |r| client.delete(r) }
+    end
+
+    # Stops at first failing health check, raising HealthCheckFailedException
+    # Or raises nothing if all pass.
+    def run_health_checks
+      cluster_definition.health_checks.each do |check|
+        logger.info("Running #{check.name} health check")
+        check.run(client, cluster_definition) or raise HealthCheckFailedException, "Health check for #{check.name} failed"
+        logger.info("Health check for #{check.name} was successful")
+      end
+    end
+
+    # Dont create cluster if failing pre check, raising HealthCheckFailedException
+    # Or raises nothing if all pass.
+    def run_pre_checks
+      cluster_definition.pre_checks.each do |check|
+        logger.info("Running #{check.name} pre check")
+        check.run(client, cluster_definition) or raise PreCheckFailedException, "Pre check for #{check.name} failed"
+        logger.info("Pre check for #{check.name} was successful")
+      end
+    end
+
+    deprecate :pre_updates,
+              :pre_update_resources,
+              deprecator: ClusterDeprecation
+  end
+end

data/lib/kube-platform/cluster_definition.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+module KubePlatform
+  class ClusterDefinition
+    ClusterDefinitionDeprecation = ActiveSupport::Deprecation.new('2.0', 'KubePlatform')
+
+    attr_reader :name, :config, :resource_dir
+
+    def initialize(name:, definition:, resource_dir:, config:)
+      @name = name
+      @definition = definition
+      @resource_dir = resource_dir
+      @config = config
+    end
+
+    def namespace
+      @namespace ||= load_namespace
+    end
+
+    def resources
+      @resources ||= @definition[:resources].map { |r| load_resource(r) }
+    end
+
+    def actioned_pre_update_resources?
+      @definition.dig(:update, :resources).is_a?(Hash)
+    end
+
+    def pre_update_actioned_resources
+      @pre_update_actioned_resources ||= (@definition.dig(:update, :resources) || {}).reduce({}) do |hash, (action, resources)|
+                                    hash.merge(action => resources.map { |r| load_resource(r) })
+                                  end
+    end
+
+    def pre_update_resources
+      @pre_update_resources ||= (@definition.dig(:update, :resources) || []).map { |r| load_resource(r) }
+    end
+
+    def health_checks
+      @health_checks ||= (@definition[:health_checks] || []).map { |hc| load_health_check(hc) }
+    end
+
+    def update_pod_selector
+      @definition.dig(:update, :pod_selector)
+    end
+
+    def pre_checks
+      @pre_checks ||= (@definition[:pre_checks] || []).map { |pc| load_pre_check(pc) }
+    end
+
+    private
+
+    def handlers
+      @definition[:handlers] || {}
+    end
+
+    def load_namespace
+      resource_file = @definition[:namespace]
+      namespace = resource_file && load_resource(resource_file) or raise ManifestException, "Platform definitions must contain a 'namespace' key that references a namespace resource"
+
+      namespace.kind == "Namespace" or raise ManifestException, "#{resource_file} does not contain a Namespace resource"
+
+      namespace
+    end
+
+    def load_resource(resource_name)
+      Resource.from_yaml(File.join(resource_dir, resource_name), handlers: handlers_for_resource(resource_name), config: config, jsonnet_library_path: "#{Dir.pwd}/vendor-jb")
+    end
+
+    def load_health_check(check)
+      HealthCheck.load(class_name: check[:class], name: check[:name], config: config_for_health_check(check))
+    end
+
+    def load_pre_check(check)
+      PreCheck.load(class_name: check[:class], name: check[:name], config: config_for_pre_check(check))
+    end
+
+    def resource_has_handlers?(resource_name)
+      handlers[resource_name] && !handlers[resource_name].empty?
+    end
+
+    def handlers_for_resource(resource_name)
+      if resource_has_handlers?(resource_name)
+        handlers[resource_name].map do |handler_spec|
+          handler_class = handler_spec[:class]
+          config = config_for_handler(handler_spec)
+          build_handler(handler_class, config)
+        end
+      else
+        []
+      end
+    end
+
+    def config_for_health_check(check_spec)
+      check_config = check_spec[:config] || {}
+      config.merge(check_config)
+    end
+
+    def config_for_handler(handler_spec)
+      handler_config = handler_spec[:config] || {}
+      config.merge(handler_config)
+    end
+
+    def build_handler(handler_class, config)
+      klass = "KubePlatform::Handlers::#{handler_class}".constantize
+      klass.new(config)
+    end
+
+    def config_for_pre_check(check_spec)
+      check_config = check_spec[:config] || {}
+      config.merge(check_config)
+    end
+
+    deprecate :pre_update_resources, deprecator: ClusterDefinitionDeprecation
+  end
+end

data/lib/kube-platform/configuration.rb

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+
+require "hashie"
+
+module KubePlatform
+  class Configuration < Hashie::Dash
+    include Hashie::Extensions::Dash::IndifferentAccess
+
+    property :cluster_name
+    property :domain_name
+    property :cluster_definition
+    property :manifest_path
+    property :image_repository
+    property :git_url
+    property :git_branch
+    property :git_resource_path
+    property :user
+    property :dockerhub_secret_name
+    property :dockerhub_secret_namespace
+    property :kubectl_context
+    property :dev_mode
+    property :ct_mode
+    property :faketime
+    property :force_api_calls
+    property :api_endpoint
+
+    NO_DEFAULT_TAG    = Object.new
+    MASTER_TAG        = "master"
+    MAIN_TAG          = "main"
+    PRODUCTION_TAG    = "production"
+    ALWAYS_PULL_TAGS  = [MASTER_TAG, MAIN_TAG, PRODUCTION_TAG].freeze
+    CONTEXT_REGEX     = %r{^https://api\.([^.]+)\.([^.]+)\.([^.]+)\.k8s\.dev\.invocaops\.com$}.freeze
+    OPS_CONTEXT_REGEX = %r{^[^.]+\.ops\.[^.]+$}
+
+    def initialize(attributes = {})
+      super(attributes)
+      yield self if block_given? # TODO: yield self is a code smell as it enables circular dependencies.
+    end
+
+    def cluster_fqdn
+      "#{cluster_name}.#{domain_name}"
+    end
+
+    def kubernetes_context
+      context_from_api_endpoint || kubectl_context
+    end
+
+    def service_tag_filters
+      filters = [cluster_name]
+
+      if kubernetes_context =~ OPS_CONTEXT_REGEX
+        filters << 'staging-ops'
+      else
+        filters << 'staging'
+      end
+
+      filters.compact.join(",")
+    end
+
+    # TODO: Remove the default option.  All images in the image repository will be tagged.
+    def tag_for_image(image, default: NO_DEFAULT_TAG)
+      if default == NO_DEFAULT_TAG
+        tag_for_image_key(image) or
+          raise KubePlatform::ConfigException, "Could not locate an image tag for '#{image}' and no default was provided"
+      else
+        tag_for_image_key(image) || tag_for_image_key(default) or
+          raise KubePlatform::ConfigException, "Could not locate an image tag for '#{image}' or the requested default '#{default}'"
+      end
+    end
+
+    def image_for_key(key)
+      image_repository.get(key)&.name or
+        raise KubePlatform::ConfigException, "No image found for '#{key}' in #{image_repository.inspect}"
+    end
+
+    def master_tag?(tag)
+      [MASTER_TAG, MAIN_TAG].include?(tag)
+    end
+
+    def production_tag?(tag)
+      tag == PRODUCTION_TAG
+    end
+
+    def always_pull_tag?(tag)
+      ALWAYS_PULL_TAGS.include?(tag)
+    end
+
+    def image_key_tag_pairs
+      image_repository.key_tag_pairs
+    end
+
+    def image_key_tag_pairs_without_defaults
+      image_repository.key_tag_pairs_without_defaults
+    end
+
+    def apply_defaults(defaults)
+      obj = new_instance_with_additional_properties(defaults.keys)
+
+      defaults.each do |key, value|
+        if obj[key].nil?
+          obj[key] = value
+        end
+      end
+
+      obj
+    end
+
+    def binding
+      super
+    end
+
+    alias orig_merge merge
+
+    def merge(other)
+      new_instance_with_additional_properties(other.keys).orig_merge(other)
+    end
+
+    private
+
+    def context_from_api_endpoint
+      if (match = CONTEXT_REGEX.match(api_endpoint))
+        match.captures.join(".")
+      end
+    end
+
+    def tag_for_image_key(key)
+      image_repository.get(key)&.tag
+    end
+
+    def new_instance_with_additional_properties(properties)
+      klass = add_additional_properties(properties)
+      klass.new(self)
+    end
+
+    def add_additional_properties(properties)
+      dash_class = Class.new(self.class)
+      properties.each do |p|
+        dash_class.class_exec do
+          property p.to_sym
+        end
+      end
+      dash_class
+    end
+  end
+end

data/lib/kube-platform/exceptions.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module KubePlatform
+  KubePlatformException  = Class.new(StandardError)
+  ConfigException       = Class.new(KubePlatformException)
+  ManifestException     = Class.new(KubePlatformException)
+  WaitTimeoutException  = Class.new(KubePlatformException)
+  TokenNotFound         = Class.new(KubePlatformException)
+end