kube_cluster 0.2.1 → 0.3.1

data/lib/kube/cluster/manifest/middleware/hpa_for_deployment.rb

@@ -1,109 +0,0 @@
-# frozen_string_literal: true
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      class Middleware
-        # Generates a HorizontalPodAutoscaler for every pod-bearing
-        # resource that carries the +app.kubernetes.io/autoscale+ label.
-        #
-        # The label value encodes the min and max replicas as "min-max":
-        #
-        #   metadata.labels = { "app.kubernetes.io/autoscale": "1-5" }
-        #
-        # Options:
-        #   cpu:    — target CPU utilization percentage (default: 75)
-        #   memory: — target memory utilization percentage (default: 80)
-        #
-        #   stack do
-        #     use Middleware::HPAForDeployment
-        #     use Middleware::HPAForDeployment, cpu: 60, memory: 70
-        #   end
-        #
-        class HPAForDeployment < Middleware
-          LABEL = :"app.kubernetes.io/autoscale"
-
-          def initialize(cpu: 75, memory: 80)
-            @cpu = cpu
-            @memory = memory
-          end
-
-          def call(resource)
-            return resource unless pod_bearing?(resource)
-
-            value = label(resource, LABEL)
-            return resource unless value
-
-            min, max = parse_range(value)
-
-            h = resource.to_h
-            name      = h.dig(:metadata, :name)
-            namespace = h.dig(:metadata, :namespace)
-            labels    = h.dig(:metadata, :labels) || {}
-            api_version = h[:apiVersion] || "apps/v1"
-            resource_kind = kind(resource)
-
-            # Capture ivars as locals — the block runs via instance_exec
-            # on a BlackHoleStruct, so @ivars would resolve on the BHS.
-            cpu_target    = @cpu
-            memory_target = @memory
-
-            hpa = Kube::Schema["HorizontalPodAutoscaler"].new {
-              metadata.name      = name
-              metadata.namespace = namespace if namespace
-              metadata.labels    = labels.reject { |k, _| k == LABEL }
-
-              spec.scaleTargetRef = {
-                apiVersion: api_version,
-                kind:       resource_kind,
-                name:       name,
-              }
-              spec.minReplicas = min
-              spec.maxReplicas = max
-              spec.metrics = [
-                {
-                  type: "Resource",
-                  resource: {
-                    name: "cpu",
-                    target: { type: "Utilization", averageUtilization: cpu_target },
-                  },
-                },
-                {
-                  type: "Resource",
-                  resource: {
-                    name: "memory",
-                    target: { type: "Utilization", averageUtilization: memory_target },
-                  },
-                },
-              ]
-            }
-
-            [resource, hpa]
-          end
-
-          private
-
-            def parse_range(value)
-              parts = value.to_s.split("-", 2)
-
-              unless parts.length == 2
-                raise ArgumentError,
-                  "Invalid autoscale label: #{value.inspect}. Expected format: \"min-max\" (e.g. \"1-5\")"
-              end
-
-              min = Integer(parts[0])
-              max = Integer(parts[1])
-
-              unless min > 0 && max >= min
-                raise ArgumentError,
-                  "Invalid autoscale range: min=#{min}, max=#{max}. " \
-                  "min must be > 0 and max must be >= min."
-              end
-
-              [min, max]
-            end
-        end
-      end
-    end
-  end
-end

data/lib/kube/cluster/manifest/middleware/labels.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      class Middleware
-        # Merges labels into +metadata.labels+ on every resource.
-        # Existing labels are preserved; the supplied labels act as defaults
-        # that can be overridden per-resource.
-        #
-        #   stack do
-        #     use Middleware::Labels, app: "web-app", managed_by: "kube_cluster"
-        #   end
-        #
-        # The keyword arguments are converted to standard label keys:
-        #
-        #   app:        -> "app.kubernetes.io/name"
-        #   instance:   -> "app.kubernetes.io/instance"
-        #   version:    -> "app.kubernetes.io/version"
-        #   component:  -> "app.kubernetes.io/component"
-        #   part_of:    -> "app.kubernetes.io/part-of"
-        #   managed_by: -> "app.kubernetes.io/managed-by"
-        #
-        # Any unrecognized keys are passed through as-is (string or symbol).
-        #
-        class Labels < Middleware
-          STANDARD_KEYS = {
-            app:        :"app.kubernetes.io/name",
-            instance:   :"app.kubernetes.io/instance",
-            version:    :"app.kubernetes.io/version",
-            component:  :"app.kubernetes.io/component",
-            part_of:    :"app.kubernetes.io/part-of",
-            managed_by: :"app.kubernetes.io/managed-by",
-          }.freeze
-
-          def initialize(**labels)
-            @labels = normalize(labels)
-          end
-
-          def call(resource)
-            h = resource.to_h
-            h[:metadata] ||= {}
-            h[:metadata][:labels] = @labels.merge(h[:metadata][:labels] || {})
-            rebuild(resource, h)
-          end
-
-          private
-
-            def normalize(labels)
-              labels.each_with_object({}) do |(key, value), result|
-                normalized_key = STANDARD_KEYS.fetch(key, key)
-                result[normalized_key] = value.to_s
-              end
-            end
-        end
-      end
-    end
-  end
-end

data/lib/kube/cluster/manifest/middleware/namespace.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      class Middleware
-        # Sets +metadata.namespace+ on all namespace-scoped resources.
-        # Cluster-scoped kinds (Namespace, ClusterRole, etc.) are skipped.
-        #
-        #   stack do
-        #     use Middleware::Namespace, "production"
-        #   end
-        #
-        class Namespace < Middleware
-          def initialize(namespace)
-            @namespace = namespace
-          end
-
-          def call(resource)
-            return resource if cluster_scoped?(resource)
-
-            h = resource.to_h
-            h[:metadata] ||= {}
-            h[:metadata][:namespace] = @namespace
-            rebuild(resource, h)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/kube/cluster/manifest/middleware/pod_anti_affinity.rb

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      class Middleware
-        # Injects soft pod anti-affinity on pod-bearing resources so
-        # that pods prefer to spread across nodes.
-        #
-        # The anti-affinity uses the resource's own +matchLabels+ from
-        # +spec.selector.matchLabels+ as the label selector, and
-        # +kubernetes.io/hostname+ as the topology key.
-        #
-        # Resources that already have +spec.template.spec.affinity+
-        # set are left untouched.
-        #
-        #   stack do
-        #     use Middleware::PodAntiAffinity
-        #     use Middleware::PodAntiAffinity, topology_key: "topology.kubernetes.io/zone"
-        #   end
-        #
-        class PodAntiAffinity < Middleware
-          def initialize(topology_key: "kubernetes.io/hostname", weight: 1)
-            @topology_key = topology_key
-            @weight = weight
-          end
-
-          def call(resource)
-            return resource unless pod_bearing?(resource)
-
-            h = resource.to_h
-            pod_spec = pod_template(h)
-            return resource unless pod_spec
-
-            # Don't overwrite existing affinity configuration.
-            return resource if pod_spec[:affinity]
-
-            match_labels = h.dig(:spec, :selector, :matchLabels)
-            return resource unless match_labels && !match_labels.empty?
-
-            pod_spec[:affinity] = {
-              podAntiAffinity: {
-                preferredDuringSchedulingIgnoredDuringExecution: [
-                  {
-                    weight: @weight,
-                    podAffinityTerm: {
-                      labelSelector: { matchLabels: match_labels },
-                      topologyKey: @topology_key,
-                    },
-                  },
-                ],
-              },
-            }
-
-            rebuild(resource, h)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/kube/cluster/manifest/middleware/resource_preset.rb

@@ -1,64 +0,0 @@
-# frozen_string_literal: true
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      class Middleware
-        # Reads the +app.kubernetes.io/size+ label from pod-bearing
-        # resources and injects CPU/memory requests and limits into
-        # every container.
-        #
-        # The label on the resource is the input:
-        #
-        #   Kube::Schema["Deployment"].new {
-        #     metadata.labels = { "app.kubernetes.io/size": "small" }
-        #     ...
-        #   }
-        #
-        # Register in the stack — no arguments needed:
-        #
-        #   stack do
-        #     use Middleware::ResourcePreset
-        #   end
-        #
-        # Available sizes: nano, micro, small, medium, large, xlarge, 2xlarge.
-        # Limits are ~1.5x requests (following Bitnami conventions).
-        #
-        class ResourcePreset < Middleware
-          LABEL = :"app.kubernetes.io/size"
-
-          PRESETS = {
-            "nano"    => { requests: { cpu: "100m",  memory: "128Mi"  }, limits: { cpu: "150m",  memory: "192Mi"  } },
-            "micro"   => { requests: { cpu: "250m",  memory: "256Mi"  }, limits: { cpu: "375m",  memory: "384Mi"  } },
-            "small"   => { requests: { cpu: "500m",  memory: "512Mi"  }, limits: { cpu: "750m",  memory: "768Mi"  } },
-            "medium"  => { requests: { cpu: "500m",  memory: "1024Mi" }, limits: { cpu: "750m",  memory: "1536Mi" } },
-            "large"   => { requests: { cpu: "1",     memory: "2048Mi" }, limits: { cpu: "1.5",   memory: "3072Mi" } },
-            "xlarge"  => { requests: { cpu: "1",     memory: "3072Mi" }, limits: { cpu: "3",     memory: "6144Mi" } },
-            "2xlarge" => { requests: { cpu: "1",     memory: "3072Mi" }, limits: { cpu: "6",     memory: "12288Mi" } },
-          }.freeze
-
-          def call(resource)
-            size = label(resource, LABEL)
-            return resource unless size
-            return resource unless pod_bearing?(resource)
-
-            preset = PRESETS.fetch(size.to_s) do
-              raise ArgumentError, "Unknown size preset: #{size.inspect}. " \
-                "Valid sizes: #{PRESETS.keys.join(', ')}"
-            end
-
-            h = resource.to_h
-            pod_spec = pod_template(h)
-            return resource unless pod_spec
-
-            each_container(pod_spec) do |container|
-              container[:resources] = deep_merge(preset, container[:resources] || {})
-            end
-
-            rebuild(resource, h)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/kube/cluster/manifest/middleware/security_context.rb

@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      class Middleware
-        # Injects pod and container security contexts on pod-bearing resources.
-        #
-        # Reads the +app.kubernetes.io/security+ label. When the label
-        # is absent, the middleware applies the default profile.
-        #
-        #   Kube::Schema["Deployment"].new {
-        #     metadata.labels = { "app.kubernetes.io/security": "restricted" }
-        #     ...
-        #   }
-        #
-        # Available profiles: +restricted+ (default), +baseline+.
-        #
-        #   stack do
-        #     use Middleware::SecurityContext                      # default: restricted
-        #     use Middleware::SecurityContext, default: :baseline  # change default
-        #   end
-        #
-        class SecurityContext < Middleware
-          LABEL = :"app.kubernetes.io/security"
-
-          PROFILES = {
-            "restricted" => {
-              pod: {
-                runAsNonRoot: true,
-                runAsUser:    1000,
-                runAsGroup:   1000,
-                fsGroup:      1000,
-                seccompProfile: { type: "RuntimeDefault" },
-              },
-              container: {
-                allowPrivilegeEscalation: false,
-                readOnlyRootFilesystem:   true,
-                capabilities:             { drop: ["ALL"] },
-              },
-            },
-            "baseline" => {
-              pod: {
-                runAsNonRoot: true,
-                runAsUser:    1000,
-                runAsGroup:   1000,
-                fsGroup:      1000,
-              },
-              container: {
-                allowPrivilegeEscalation: false,
-              },
-            },
-          }.freeze
-
-          def initialize(default: :restricted)
-            @default = default.to_s
-          end
-
-          def call(resource)
-            return resource unless pod_bearing?(resource)
-
-            profile_name = label(resource, LABEL) || @default
-            profile = PROFILES.fetch(profile_name.to_s) do
-              raise ArgumentError, "Unknown security profile: #{profile_name.inspect}. " \
-                "Valid profiles: #{PROFILES.keys.join(', ')}"
-            end
-
-            h = resource.to_h
-            pod_spec = pod_template(h)
-            return resource unless pod_spec
-
-            pod_spec[:securityContext] = deep_merge(profile[:pod], pod_spec[:securityContext] || {})
-
-            each_container(pod_spec) do |container|
-              container[:securityContext] = deep_merge(profile[:container], container[:securityContext] || {})
-            end
-
-            rebuild(resource, h)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/kube/cluster/manifest/middleware/service_for_deployment.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      class Middleware
-        # Generates a Service for every pod-bearing resource that has
-        # containers with named ports.
-        #
-        # The generated Service uses +spec.selector.matchLabels+ from
-        # the source resource and maps each named container port.
-        #
-        # Labels and namespace are copied from the source resource, so
-        # subsequent middleware (Labels, Namespace, etc.) will also
-        # apply to the generated Service.
-        #
-        #   stack do
-        #     use Middleware::ServiceForDeployment
-        #   end
-        #
-        class ServiceForDeployment < Middleware
-          def call(resource)
-            return resource unless pod_bearing?(resource)
-
-            h = resource.to_h
-            ports = extract_ports(h)
-            return resource if ports.empty?
-
-            match_labels = h.dig(:spec, :selector, :matchLabels)
-            return resource unless match_labels && !match_labels.empty?
-
-            service = Kube::Schema["Service"].new {
-              metadata.name      = h.dig(:metadata, :name)
-              metadata.namespace = h.dig(:metadata, :namespace) if h.dig(:metadata, :namespace)
-              metadata.labels    = h.dig(:metadata, :labels) || {}
-
-              spec.selector = match_labels
-              spec.ports = ports.map { |p|
-                {
-                  name:       p[:name],
-                  port:       p[:containerPort],
-                  targetPort: p[:name],
-                  protocol:   p.fetch(:protocol, "TCP"),
-                }
-              }
-            }
-
-            [resource, service]
-          end
-
-          private
-
-            def extract_ports(hash)
-              pod_spec = pod_template(hash)
-              return [] unless pod_spec
-
-              ports = []
-              each_container(pod_spec) do |container|
-                Array(container[:ports]).each do |port|
-                  ports << port if port[:name]
-                end
-              end
-              ports
-            end
-        end
-      end
-    end
-  end
-end

data/lib/kube/cluster/manifest/middleware.rb

@@ -1,178 +0,0 @@
-# frozen_string_literal: true
-
-# Patch BlackHoleStruct to handle arrays consistently.
-#
-# The upstream gem does not recurse into arrays — hashes inside arrays
-# are not converted to BlackHoleStruct on construction, and are not
-# converted back to plain Hash on #to_h.  This causes key-type
-# inconsistencies after a Resource round-trip (symbol keys become
-# string keys inside arrays).
-#
-# These two patches fix both directions:
-#   initialize — converts hashes inside arrays to BlackHoleStruct
-#   to_h       — converts BlackHoleStruct/arrays back to plain objects
-class BlackHoleStruct
-  def initialize(hash = {})
-    raise ArgumentError, "Argument should be a Hash" unless hash.is_a?(Hash)
-
-    @table = {}
-    hash.each do |key, value|
-      @table[key.to_sym] = deep_wrap(value)
-    end
-  end
-
-  def to_h
-    hash = {}
-    @table.each do |key, value|
-      hash[key] = deep_unwrap(value)
-    end
-    hash
-  end
-
-  private
-
-  def deep_wrap(value)
-    case value
-    when Hash  then self.class.new(value)
-    when Array then value.map { |v| deep_wrap(v) }
-    else       value
-    end
-  end
-
-  def deep_unwrap(value)
-    case value
-    when self.class then value.to_h
-    when Array      then value.map { |v| deep_unwrap(v) }
-    else            value
-    end
-  end
-end
-
-module Kube
-  module Cluster
-    class Manifest < Kube::Schema::Manifest
-      # Base class for manifest middleware.
-      #
-      # Middleware receives a single resource and returns either:
-      #   - A single resource (transform)
-      #   - An array of resources (generative — e.g. Deployment in, [Deployment, Service] out)
-      #
-      # The stack processes the full manifest at each stage, so resources
-      # generated by one middleware flow through all subsequent stages.
-      #
-      # Transform example:
-      #
-      #   class AddTeamLabel < Middleware
-      #     def call(resource)
-      #       h = resource.to_h
-      #       h[:metadata][:labels][:"app.kubernetes.io/team"] = "platform"
-      #       rebuild(resource, h)
-      #     end
-      #   end
-      #
-      # Generative example:
-      #
-      #   class ServiceForDeployment < Middleware
-      #     def call(resource)
-      #       return resource unless pod_bearing?(resource)
-      #       service = build_service_from(resource)
-      #       [resource, service]
-      #     end
-      #   end
-      #
-      class Middleware
-        POD_BEARING_KINDS = %w[Deployment StatefulSet DaemonSet Job CronJob ReplicaSet].freeze
-
-        CLUSTER_SCOPED_KINDS = %w[
-          Namespace ClusterRole ClusterRoleBinding
-          PersistentVolume StorageClass IngressClass
-          CustomResourceDefinition PriorityClass
-          RuntimeClass VolumeAttachment
-          CSIDriver CSINode
-        ].freeze
-
-        def initialize(**opts)
-          @opts = opts
-        end
-
-        # Override in subclasses. Receives a single Resource, returns
-        # a single Resource (transform) or an array of Resources
-        # (generative).
-        def call(resource)
-          resource
-        end
-
-        private
-
-          # Build a new resource of the same schema subclass from a hash.
-          def rebuild(resource, hash)
-            resource.class.new(hash)
-          end
-
-          # Read a label value from the resource.
-          def label(resource, key)
-            labels = resource.to_h.dig(:metadata, :labels) || {}
-            labels[key.to_sym] || labels[key.to_s]
-          end
-
-          # Read an annotation value from the resource.
-          def annotation(resource, key)
-            annotations = resource.to_h.dig(:metadata, :annotations) || {}
-            annotations[key.to_sym] || annotations[key.to_s]
-          end
-
-          # The resource kind as a String (e.g. "Deployment").
-          def kind(resource)
-            h = resource.to_h
-            (h[:kind] || h["kind"]).to_s
-          end
-
-          # Is this a resource that contains a pod template?
-          def pod_bearing?(resource)
-            POD_BEARING_KINDS.include?(kind(resource))
-          end
-
-          # Is this a cluster-scoped resource (no namespace)?
-          def cluster_scoped?(resource)
-            CLUSTER_SCOPED_KINDS.include?(kind(resource))
-          end
-
-          # Returns the pod template spec path from a resource hash,
-          # accounting for CronJob's extra nesting.
-          def pod_template(hash)
-            if kind_from_hash(hash) == "CronJob"
-              hash.dig(:spec, :jobTemplate, :spec, :template, :spec)
-            else
-              hash.dig(:spec, :template, :spec)
-            end
-          end
-
-          # Walk every container list in a pod spec (containers,
-          # initContainers) and yield each container hash.
-          def each_container(pod_spec, &block)
-            return unless pod_spec
-
-            [:containers, :initContainers].each do |key|
-              Array(pod_spec[key]).each(&block)
-            end
-          end
-
-          # Extract kind from a hash (symbol or string keys).
-          def kind_from_hash(hash)
-            (hash[:kind] || hash["kind"]).to_s
-          end
-
-          # Deep-merge two hashes (right wins on conflict).
-          def deep_merge(base, overlay)
-            base.merge(overlay) do |_key, old_val, new_val|
-              if old_val.is_a?(Hash) && new_val.is_a?(Hash)
-                deep_merge(old_val, new_val)
-              else
-                new_val
-              end
-            end
-          end
-      end
-    end
-  end
-end