kube_cluster 0.3.2 → 0.3.4

data/examples/06-nginx-with-cert-manager/bin/dev

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+docker compose up -d
+
+bundle exec ruby manifest.rb
+kubectl apply -f manifest.yaml

data/examples/06-nginx-with-cert-manager/docker-compose.yml

@@ -0,0 +1,16 @@
+services:
+  cluster:
+    image: "rancher/k3s:latest"
+    command: server
+    privileged: true
+    restart: always
+    environment:
+      - K3S_TOKEN=change-me-or-face-the-consequences
+      - K3S_KUBECONFIG_OUTPUT=/output/kubeconfig.yaml
+      - K3S_KUBECONFIG_MODE=666
+    volumes:
+      - .:/output
+    ports:
+      - 6443:6443
+      - 80:80
+      - 443:443

data/examples/06-nginx-with-cert-manager/manifest.rb

@@ -0,0 +1,45 @@
+require "bundler/setup"
+require "kube/cluster"
+
+CertManager = Kube::Helm::Repo
+  .new("jetstack", url: "https://charts.jetstack.io")
+  .fetch("cert-manager", version: "1.17.2")
+
+CertManager.crds.each do |crd|
+  crd.to_json_schema.then do |s|
+    Kube::Schema.register(
+      s[:kind],
+      schema: s[:schema],
+      api_version: s[:api_version]
+    )
+  end
+end
+
+require_relative "resources/namespace"
+require_relative "resources/nginx"
+require_relative "resources/self_signed_issuer"
+
+manifest =
+  Kube::Cluster::Manifest.new(
+    CertManager.apply_values(
+      {
+        "installCRDs"  => true,
+        "replicaCount" => 2,
+        "resources" => {
+          "requests" => { "cpu" => "50m",  "memory" => "64Mi" },
+          "limits"   => { "cpu" => "200m", "memory" => "128Mi" },
+        },
+        "webhook" => {
+          "replicaCount" => 2,
+        },
+      },
+      release:   "cert-manager",
+      namespace: "cert-manager",
+    ),
+
+    Namespace.new(name: "cert-manager"),
+    Nginx.new(name: "nginx-app", host: "app.example.com"),
+    SelfSignedIssuer.new,
+  )
+
+puts manifest.to_yaml

data/examples/06-nginx-with-cert-manager/resources/namespace.rb

@@ -0,0 +1,7 @@
+class Namespace < Kube::Cluster["Namespace"]
+  def initialize(name:, **options, &block)
+    super {
+      metadata.name = name
+    }
+  end
+end

data/examples/06-nginx-with-cert-manager/resources/nginx.rb

@@ -0,0 +1,156 @@
+# frozen_string_literal: true
+
+class Nginx < Kube::Cluster::Manifest
+  def initialize(name:, host:, &block)
+    ns          = name
+    match_labels = { app: name }
+
+    super(
+      Kube::Cluster["Namespace"].new {
+        metadata.name   = ns
+        metadata.labels = match_labels
+      },
+
+      Kube::Cluster["ConfigMap"].new {
+        metadata.name      = "#{name}-config"
+        metadata.namespace = ns
+        metadata.labels    = match_labels
+
+        self.data = {
+          "default.conf" => <<~NGINX,
+            server {
+                listen 80;
+                server_name _;
+
+                location / {
+                    root   /usr/share/nginx/html;
+                    index  index.html;
+                }
+
+                location /healthz {
+                    access_log off;
+                    return 200 "ok\\n";
+                    add_header Content-Type text/plain;
+                }
+            }
+          NGINX
+
+          "index.html" => <<~HTML,
+            <!DOCTYPE html>
+            <html>
+            <head><title>Hello from Nginx</title></head>
+            <body>
+                <h1>Hello from Nginx with TLS!</h1>
+                <p>Certificates managed by cert-manager.</p>
+            </body>
+            </html>
+          HTML
+        }
+      },
+
+      Kube::Cluster["Deployment"].new {
+        metadata.name      = name
+        metadata.namespace = ns
+        metadata.labels    = match_labels
+
+        spec.replicas = 2
+        spec.selector.matchLabels = match_labels
+
+        spec.template.metadata.labels = match_labels
+        spec.template.spec.containers = [
+          {
+            name:  name,
+            image: "nginx:1.27-alpine",
+            ports: [
+              { name: "http", containerPort: 80, protocol: "TCP" },
+            ],
+            resources: {
+              requests: { cpu: "50m",  memory: "64Mi" },
+              limits:   { cpu: "200m", memory: "128Mi" },
+            },
+            volumeMounts: [
+              { name: "nginx-config", mountPath: "/etc/nginx/conf.d", readOnly: true },
+              { name: "nginx-html",   mountPath: "/usr/share/nginx/html", readOnly: true },
+            ],
+            livenessProbe: {
+              httpGet: { path: "/healthz", port: "http" },
+              initialDelaySeconds: 5,
+              periodSeconds: 10,
+            },
+            readinessProbe: {
+              httpGet: { path: "/healthz", port: "http" },
+              initialDelaySeconds: 2,
+              periodSeconds: 5,
+            },
+          },
+        ]
+
+        spec.template.spec.volumes = [
+          {
+            name: "nginx-config",
+            configMap: {
+              name:  "#{name}-config",
+              items: [{ key: "default.conf", path: "default.conf" }],
+            },
+          },
+          {
+            name: "nginx-html",
+            configMap: {
+              name:  "#{name}-config",
+              items: [{ key: "index.html", path: "index.html" }],
+            },
+          },
+        ]
+      },
+
+      Kube::Cluster["Service"].new {
+        metadata.name      = name
+        metadata.namespace = ns
+        metadata.labels    = match_labels
+
+        spec.selector = match_labels
+        spec.ports = [
+          { name: "http", port: 80, targetPort: "http", protocol: "TCP" },
+        ]
+      },
+
+      Kube::Cluster["Ingress"].new {
+        metadata.name      = name
+        metadata.namespace = ns
+        metadata.labels    = match_labels
+        metadata.annotations = {
+          "cert-manager.io/cluster-issuer": "selfsigned",
+        }
+
+        spec.ingressClassName = "traefik"
+        spec.tls = [
+          {
+            hosts:      [host],
+            secretName: "#{name}-tls",
+          },
+        ]
+        spec.rules = [
+          {
+            host: host,
+            http: {
+              paths: [
+                {
+                  path:     "/",
+                  pathType: "Prefix",
+                  backend: {
+                    service: {
+                      name: name,
+                      port: { name: "http" },
+                    },
+                  },
+                },
+              ],
+            },
+          },
+        ]
+      },
+    )
+
+    instance_exec(&block) if block
+  end
+end

data/examples/06-nginx-with-cert-manager/resources/self_signed_issuer.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class SelfSignedIssuer < Kube::Cluster["ClusterIssuer"]
+  def initialize
+    super {
+      metadata.name = "selfsigned"
+
+      spec.selfSigned = {}
+    }
+  end
+end

data/examples/README.md

@@ -0,0 +1,3 @@
+UNDER DEVELOPMENT: Most of these are unfinished. The API is still in active development, and these are filled in as experiments happen.
+
+Feel free to contribute your own experiments.

data/kube_cluster.gemspec

@@ -33,6 +33,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rubocop", "~> 1.21"
 
   spec.add_dependency "kube_schema", "~> 1.3.0"
-  spec.add_dependency "kube_kit", "> 0"
   spec.add_dependency "kube_kubectl", "~> 2.0.0"
 end

data/lib/kube/cluster/connection.rb

@@ -3,11 +3,12 @@
 module Kube
   module Cluster
     class Connection
-      attr_reader :kubeconfig, :ctl
+      attr_reader :kubeconfig, :ctl, :helm
 
       def initialize(kubeconfig:)
         @kubeconfig = kubeconfig
         @ctl        = Kube::Ctl::Instance.new(kubeconfig: kubeconfig)
+        @helm       = Kube::Helm::Instance.new(kubeconfig: kubeconfig)
       end
 
       def inspect

data/lib/kube/cluster/resource/extensions/README.md

@@ -0,0 +1,15 @@
+# Resource Extensions
+
+Modules in this directory are dynamically mixed into `Kube::Cluster::Resource` instances at initialization time (via `extend`).
+
+## Why modules instead of subclasses?
+
+`Kube::Cluster["Deployment"]` returns a versioned schema class generated at runtime. Because these classes are versioned and generated dynamically, we can't subclass them directly -- there's no stable class to inherit from.
+
+Instead, we define extension modules here and dynamically insert them when the resource is instantiated. In `Resource#initialize`, after the object is built, the matching extension module is applied:
+
+```ruby
+extend Extensions.const_get(kind) if Extensions.const_defined?(kind)
+```
+
+This gives us a way to add kind-specific behaviour to resource instances without coupling to any particular schema version.

data/lib/kube/cluster/resource/extensions/custom_resource_definition.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Kube
+  module Cluster
+    class Resource < Kube::Schema::Resource
+      module Extensions
+        module CustomResourceDefinition
+          def to_json_schema
+            h = to_h
+            kind     = h.dig(:spec, :names, :kind)
+            group    = h.dig(:spec, :group)
+            versions = h.dig(:spec, :versions) || []
+
+            version = versions.find { |v| v[:storage] } ||
+                      versions.find { |v| v.dig(:schema, :openAPIV3Schema) } ||
+                      versions.first
+
+            raise ArgumentError, "CRD has no versions" unless version
+
+            version_name = version[:name]
+            schema       = version.dig(:schema, :openAPIV3Schema)
+
+            raise ArgumentError, "CRD version #{version_name} has no openAPIV3Schema" unless schema
+
+            {
+              kind:        kind,
+              schema:      deep_stringify_keys(schema),
+              api_version: "#{group}/#{version_name}",
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kube/cluster/resource/persistence.rb

@@ -7,6 +7,14 @@ module Kube
   module Cluster
     class Resource < Kube::Schema::Resource
       module Persistence
+        def name
+          to_h.dig(:metadata, :name)&.to_s
+        end
+
+        def persisted?
+          !name.nil? && !name.empty?
+        end
+
         def apply
           JSON.generate(deep_stringify_keys(to_h)).then do |json|
             kubectl("apply", "-f", "-", stdin: json)
@@ -23,7 +31,7 @@ module Kube
               false
             else
               json = JSON.generate(deep_stringify_keys(diff))
-              kubectl("patch", resource_type, name, *ns_flags, "--type", type, "-p", json)
+              kubectl("patch", kind.downcase, name, *namespace_flags, "--type", type, "-p", json)
               reload
               true
             end
@@ -34,7 +42,7 @@ module Kube
 
         def delete
           if persisted?
-            kubectl("delete", resource_type, name, *ns_flags)
+            kubectl("delete", kind.downcase, name, *namespace_flags)
             true
           else
             raise Kube::CommandError, "cannot delete a resource without a name"
@@ -44,7 +52,7 @@ module Kube
         def reload
           if persisted?
             tap do
-              kubectl("get", resource_type, name, *ns_flags, "-o", "json").then do |json|
+              kubectl("get", kind.downcase, name, *namespace_flags, "-o", "json").then do |json|
                 JSON.parse(json).then do |hash|
                   @data = deep_symbolize_keys(hash)
                   snapshot!
@@ -58,6 +66,11 @@ module Kube
 
         private
 
+          def namespace_flags
+            ns = to_h.dig(:metadata, :namespace)
+            ns ? ["--namespace", ns.to_s] : []
+          end
+
           def kubectl(*args)
             @cluster.connection.ctl.run(args.join(" "))
           end

data/lib/kube/cluster/resource.rb

@@ -2,6 +2,7 @@
 
 require_relative "resource/dirty_tracking"
 require_relative "resource/persistence"
+require_relative "resource/extensions/custom_resource_definition"
 
 module Kube
   module Cluster
@@ -39,6 +40,14 @@ module Kube
         @cluster = hash.delete(:cluster)
         super
         snapshot!
+
+        begin
+          extend Object.const_get(
+            "Kube::Cluster::Resource::Extensions::#{kind}"
+          )
+        rescue
+          nil
+        end
       end
 
       # Build a new resource of the same schema subclass from a hash.

data/lib/kube/cluster/version.rb

@@ -2,6 +2,6 @@
 
 module Kube
   module Cluster
-    VERSION = "0.3.2"
+    VERSION = "0.3.4"
   end
 end

data/lib/kube/cluster.rb

@@ -9,6 +9,7 @@ require_relative "cluster/resource"
 require_relative "cluster/manifest"
 require_relative "cluster/middleware"
 require 'kube/ctl'
+require_relative 'helm/repo'
 
 module Kube
   def self.cluster
@@ -31,11 +32,13 @@ module Kube
       @resource_classes[kind] ||= begin
         schema_class = Kube::Schema[kind]
         Class.new(Resource) do
-          @schema   = schema_class.schema
-          @defaults = schema_class.defaults
+          @schema            = schema_class.schema
+          @defaults          = schema_class.defaults
+          @schema_properties = schema_class.schema_properties
 
-          def self.schema   = @schema   || superclass.schema
-          def self.defaults = @defaults || superclass.defaults
+          def self.schema            = @schema            || superclass.schema
+          def self.defaults          = @defaults          || superclass.defaults
+          def self.schema_properties = @schema_properties || superclass.schema_properties
         end
       end
     end

data/lib/kube/helm/chart.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+require "tempfile"
+require "yaml"
+
+module Kube
+  module Helm
+    # Represents a Helm Chart.yaml as a Ruby object.
+    #
+    # The Chart holds metadata from Chart.yaml and can render resources
+    # via #apply_values. It can be backed by either a local directory
+    # (with templates on disk) or a remote chart reference.
+    #
+    #   # Virtual chart (just metadata, no templates)
+    #   chart = Kube::Helm::Chart.new {
+    #     name = "my-app"
+    #     version = "1.0.0"
+    #     appVersion = "3.4.5"
+    #   }
+    #
+    #   # Load from a local chart directory
+    #   chart = Kube::Helm::Chart.open("./charts/my-app")
+    #   manifest = chart.apply_values({ "replicaCount" => 3 })
+    #
+    #   # From a remote repo
+    #   manifest = Kube::Helm::Repo
+    #     .new("bitnami", url: "https://charts.bitnami.com/bitnami")
+    #     .fetch("nginx", version: "18.1.0")
+    #     .apply_values({ "replicaCount" => 3 })
+    #
+    class Chart
+      attr_reader :path, :ref, :cluster
+
+      # Open a chart from a local directory. Reads Chart.yaml and stores
+      # the path so that helm commands run against the local chart.
+      #
+      # @param path [String] path to the chart directory
+      # @param cluster [Kube::Cluster::Instance, nil] optional cluster connection
+      # @return [Chart]
+      def self.open(path, cluster: nil)
+        chart_file = File.join(path, "Chart.yaml")
+        raise Kube::Error, "No Chart.yaml found at #{path}" unless File.exist?(chart_file)
+
+        yaml = YAML.safe_load_file(chart_file)
+        new(yaml, path: path, cluster: cluster)
+      end
+
+      # @param data [Hash] Chart.yaml content (string or symbol keys)
+      # @param path [String, nil] filesystem path to chart directory (local charts)
+      # @param ref [String, nil] chart reference for helm commands (remote charts)
+      # @param cluster [Kube::Cluster::Instance, nil] optional cluster connection
+      def initialize(data = {}, path: nil, ref: nil, cluster: nil, &block)
+        @data    = deep_symbolize_keys(data)
+        @path    = path
+        @ref     = ref
+        @cluster = cluster
+        @data.instance_exec(&block) if block_given?
+      end
+
+      def name         = @data[:name]
+      def version      = @data[:version]
+      def app_version  = @data[:appVersion]
+      def description  = @data[:description]
+      def type         = @data[:type]
+      def dependencies = @data[:dependencies] || []
+
+      # Render the chart templates with values applied.
+      #
+      # Shells out to `helm template` and returns a Manifest of typed
+      # Resource objects.
+      #
+      # @param values [Hash] values to apply to the chart templates
+      # @param release [String, nil] release name (defaults to chart name)
+      # @param namespace [String, nil] namespace for rendered resources
+      # @return [Kube::Schema::Manifest]
+      def apply_values(values, release: nil, namespace: nil)
+        raise Kube::Error, "No chart source" unless source
+
+        release_name = release || name
+        source_ref = source
+        ver = version_flag
+
+        cmd = helm.call { template.(release_name).(source_ref) }
+        cmd = cmd.version(ver) if ver
+        cmd = cmd.namespace(namespace) if namespace
+
+        if values.is_a?(Hash) && values.any?
+          tmpfile = write_values_tempfile(values)
+          cmd = cmd.f(tmpfile.path)
+        end
+
+        Kube::Schema::Manifest.parse(helm.run(cmd.to_s))
+      end
+
+      # Show the chart's default values.
+      #
+      # @return [Hash] the default values as a Ruby hash
+      def show_values
+        raise Kube::Error, "No chart source" unless source
+
+        source_ref = source
+        ver = version_flag
+        cmd = helm.call { show.values.(source_ref) }
+        cmd = cmd.version(ver) if ver
+
+        YAML.safe_load(helm.run(cmd.to_s), permitted_classes: [Symbol]) || {}
+      end
+
+      # Return the chart's CRDs as Kube::Cluster::CustomResourceDefinition objects.
+      #
+      # First tries `helm show crds`. If that returns nothing (some charts
+      # ship CRDs in templates rather than the crds/ directory), falls back
+      # to rendering via `helm template --set installCRDs=true` and filtering
+      # for CustomResourceDefinition resources.
+      #
+      #   chart.crds.each do |crd|
+      #     s = crd.to_json_schema
+      #     Kube::Schema.register(s[:kind], schema: s[:schema], api_version: s[:api_version])
+      #   end
+      #
+      # @return [Array<Kube::Cluster::CustomResourceDefinition>]
+      def crds
+        raise Kube::Error, "No chart source" unless source
+
+        results = crds_from_show
+        results = crds_from_template if results.empty?
+        results
+      end
+
+      def to_s
+        version ? "#{name}:#{version}" : name.to_s
+      end
+
+      private
+
+        def crds_from_show
+          source_ref = source
+          ver = version_flag
+          cmd = helm.call { show.crds.(source_ref) }
+          cmd = cmd.version(ver) if ver
+
+          yaml_output = helm.run(cmd.to_s)
+          parse_crds(yaml_output)
+        end
+
+        def crds_from_template
+          source_ref = source
+          ver = version_flag
+          release_name = name || "crds"
+
+          cmd = helm.call { template.(release_name).(source_ref) }
+          cmd = cmd.version(ver) if ver
+          cmd = cmd.set("installCRDs=true")
+
+          yaml_output = helm.run(cmd.to_s)
+          parse_crds(yaml_output)
+        end
+
+        def parse_crds(yaml_output)
+          return [] if yaml_output.nil? || yaml_output.strip.empty?
+
+          docs = YAML.safe_load_stream(yaml_output, permitted_classes: [Symbol])
+          docs.compact
+              .select { |doc| doc.is_a?(Hash) && doc["kind"] == "CustomResourceDefinition" }
+              .map { |doc| Kube::Cluster["CustomResourceDefinition"].new(doc) }
+        end
+
+        # The chart source for helm commands — either a local path or a remote ref.
+        def source
+          @path || @ref
+        end
+
+        # Version flag for remote charts. Local charts don't need --version.
+        def version_flag
+          @ref ? version : nil
+        end
+
+        def helm
+          @cluster&.connection&.helm || Kube::Helm::Instance.new
+        end
+
+        def write_values_tempfile(values)
+          tmpfile = Tempfile.new(["helm-values-", ".yaml"])
+          tmpfile.write(values.to_yaml)
+          tmpfile.flush
+          tmpfile
+        end
+
+        def deep_symbolize_keys(obj)
+          case obj
+          when Hash
+            obj.each_with_object({}) do |(k, v), result|
+              result[k.to_sym] = deep_symbolize_keys(v)
+            end
+          when Array
+            obj.map { |v| deep_symbolize_keys(v) }
+          else
+            obj
+          end
+        end
+    end
+  end
+end