kube_cluster 0.3.7 → 0.3.8

data/lib/kube/cluster/middleware/hpa_for_deployment.rb

@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+if __FILE__ == $0
+  require "bundler/setup"
+  require "kube/cluster"
+end
+
 module Kube
   module Cluster
     class Middleware
@@ -109,3 +114,180 @@ module Kube
     end
   end
 end
+
+if __FILE__ == $0
+  require "minitest/autorun"
+
+  class HPAForDeploymentMiddlewareTest < Minitest::Test
+    Middleware = Kube::Cluster::Middleware
+
+    def test_generates_hpa_from_deployment
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        metadata.namespace = "production"
+        metadata.labels = {
+          "app.kubernetes.io/name": "web",
+          "app.kubernetes.io/autoscale": "2-10",
+        }
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx" },
+        ]
+      })
+
+      Middleware::HPAForDeployment.new.call(m)
+
+      assert_equal 2, m.resources.size
+
+      deploy, hpa = m.resources
+      assert_equal "Deployment", deploy.to_h[:kind]
+      assert_equal "HorizontalPodAutoscaler", hpa.to_h[:kind]
+
+      hh = hpa.to_h
+      assert_equal "web", hh.dig(:metadata, :name)
+      assert_equal "production", hh.dig(:metadata, :namespace)
+      assert_equal 2, hh.dig(:spec, :minReplicas)
+      assert_equal 10, hh.dig(:spec, :maxReplicas)
+
+      ref = hh.dig(:spec, :scaleTargetRef)
+      assert_equal "apps/v1", ref[:apiVersion]
+      assert_equal "Deployment", ref[:kind]
+      assert_equal "web", ref[:name]
+
+      metrics = hh.dig(:spec, :metrics)
+      assert_equal 2, metrics.size
+      assert_equal "cpu", metrics[0].dig(:resource, :name)
+      assert_equal 75, metrics[0].dig(:resource, :target, :averageUtilization)
+      assert_equal "memory", metrics[1].dig(:resource, :name)
+      assert_equal 80, metrics[1].dig(:resource, :target, :averageUtilization)
+    end
+
+    def test_custom_cpu_and_memory_targets
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        metadata.labels = { "app.kubernetes.io/autoscale": "1-3" }
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx" },
+        ]
+      })
+
+      Middleware::HPAForDeployment.new(cpu: 60, memory: 70).call(m)
+      hpa = m.resources.last.to_h
+
+      assert_equal 60, hpa.dig(:spec, :metrics, 0, :resource, :target, :averageUtilization)
+      assert_equal 70, hpa.dig(:spec, :metrics, 1, :resource, :target, :averageUtilization)
+    end
+
+    def test_strips_autoscale_label_from_hpa
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        metadata.labels = {
+          "app.kubernetes.io/name": "web",
+          "app.kubernetes.io/autoscale": "1-5",
+        }
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx" },
+        ]
+      })
+
+      Middleware::HPAForDeployment.new.call(m)
+      hpa_labels = m.resources.last.to_h.dig(:metadata, :labels)
+
+      assert_nil hpa_labels[:"app.kubernetes.io/autoscale"]
+      assert_equal "web", hpa_labels[:"app.kubernetes.io/name"]
+    end
+
+    def test_skips_deployment_without_autoscale_label
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx" },
+        ]
+      })
+
+      Middleware::HPAForDeployment.new.call(m)
+
+      assert_equal 1, m.resources.size
+    end
+
+    def test_skips_non_pod_bearing_resources
+      m = manifest(Kube::Cluster["ConfigMap"].new {
+        metadata.name = "config"
+        metadata.labels = { "app.kubernetes.io/autoscale": "1-5" }
+      })
+
+      Middleware::HPAForDeployment.new.call(m)
+
+      assert_equal 1, m.resources.size
+    end
+
+    def test_raises_on_invalid_range_format
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        metadata.labels = { "app.kubernetes.io/autoscale": "bad" }
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx" },
+        ]
+      })
+
+      error = assert_raises(ArgumentError) do
+        Middleware::HPAForDeployment.new.call(m)
+      end
+
+      assert_includes error.message, "Invalid autoscale label"
+    end
+
+    def test_raises_on_invalid_range_values
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        metadata.labels = { "app.kubernetes.io/autoscale": "5-2" }
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx" },
+        ]
+      })
+
+      error = assert_raises(ArgumentError) do
+        Middleware::HPAForDeployment.new.call(m)
+      end
+
+      assert_includes error.message, "Invalid autoscale range"
+    end
+
+    def test_works_with_statefulset
+      m = manifest(Kube::Cluster["StatefulSet"].new {
+        metadata.name = "db"
+        metadata.labels = { "app.kubernetes.io/autoscale": "1-3" }
+        spec.selector.matchLabels = { app: "db" }
+        spec.template.metadata.labels = { app: "db" }
+        spec.template.spec.containers = [
+          { name: "postgres", image: "postgres:16" },
+        ]
+      })
+
+      Middleware::HPAForDeployment.new.call(m)
+
+      assert_equal 2, m.resources.size
+      hpa = m.resources.last.to_h
+      assert_equal "StatefulSet", hpa.dig(:spec, :scaleTargetRef, :kind)
+    end
+
+    private
+
+      def manifest(*resources)
+        m = Kube::Cluster::Manifest.new
+        resources.each { |r| m << r }
+        m
+      end
+  end
+end

data/lib/kube/cluster/middleware/ingress_for_service.rb

@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+if __FILE__ == $0
+  require "bundler/setup"
+  require "kube/cluster"
+end
+
 module Kube
   module Cluster
     class Middleware
@@ -89,3 +94,125 @@ module Kube
     end
   end
 end
+
+if __FILE__ == $0
+  require "minitest/autorun"
+
+  class IngressForServiceMiddlewareTest < Minitest::Test
+    Middleware = Kube::Cluster::Middleware
+
+    def test_generates_ingress_from_service_with_expose_label
+      m = manifest(Kube::Cluster["Service"].new {
+        metadata.name = "web"
+        metadata.namespace = "production"
+        metadata.labels = { "app.kubernetes.io/expose": "app.example.com" }
+        spec.selector = { app: "web" }
+        spec.ports = [{ name: "http", port: 80, targetPort: "http" }]
+      })
+
+      Middleware::IngressForService.new.call(m)
+
+      assert_equal 2, m.resources.size
+
+      service, ingress = m.resources
+      assert_equal "Service", service.to_h[:kind]
+      assert_equal "Ingress", ingress.to_h[:kind]
+
+      ih = ingress.to_h
+      assert_equal "web", ih.dig(:metadata, :name)
+      assert_equal "production", ih.dig(:metadata, :namespace)
+      assert_equal "nginx", ih.dig(:spec, :ingressClassName)
+      assert_equal "letsencrypt-prod", ih.dig(:metadata, :annotations, :"cert-manager.io/cluster-issuer")
+      assert_equal "true", ih.dig(:metadata, :annotations, :"nginx.ingress.kubernetes.io/ssl-redirect")
+
+      # TLS
+      tls = ih.dig(:spec, :tls, 0)
+      assert_equal ["app.example.com"], tls[:hosts]
+      assert_equal "web-tls", tls[:secretName]
+
+      # Rules
+      rule = ih.dig(:spec, :rules, 0)
+      assert_equal "app.example.com", rule[:host]
+      assert_equal "web", rule.dig(:http, :paths, 0, :backend, :service, :name)
+      assert_equal "http", rule.dig(:http, :paths, 0, :backend, :service, :port, :name)
+    end
+
+    def test_custom_issuer_and_ingress_class
+      m = manifest(Kube::Cluster["Service"].new {
+        metadata.name = "web"
+        metadata.labels = { "app.kubernetes.io/expose": "app.example.com" }
+        spec.ports = [{ name: "http", port: 80 }]
+      })
+
+      Middleware::IngressForService.new(
+        issuer: "letsencrypt-staging",
+        ingress_class: "traefik",
+      ).call(m)
+
+      ingress = m.resources.last.to_h
+      assert_equal "traefik", ingress.dig(:spec, :ingressClassName)
+      assert_equal "letsencrypt-staging", ingress.dig(:metadata, :annotations, :"cert-manager.io/cluster-issuer")
+    end
+
+    def test_expose_true_uses_name_as_hostname
+      m = manifest(Kube::Cluster["Service"].new {
+        metadata.name = "api"
+        metadata.labels = { "app.kubernetes.io/expose": "true" }
+        spec.ports = [{ name: "http", port: 80 }]
+      })
+
+      Middleware::IngressForService.new.call(m)
+      ingress = m.resources.last.to_h
+
+      assert_equal "api.local", ingress.dig(:spec, :rules, 0, :host)
+      assert_equal ["api.local"], ingress.dig(:spec, :tls, 0, :hosts)
+    end
+
+    def test_strips_expose_label_from_ingress
+      m = manifest(Kube::Cluster["Service"].new {
+        metadata.name = "web"
+        metadata.labels = {
+          "app.kubernetes.io/expose": "app.example.com",
+          "app.kubernetes.io/name": "web",
+        }
+        spec.ports = [{ name: "http", port: 80 }]
+      })
+
+      Middleware::IngressForService.new.call(m)
+      ingress_labels = m.resources.last.to_h.dig(:metadata, :labels)
+
+      assert_nil ingress_labels[:"app.kubernetes.io/expose"]
+      assert_equal "web", ingress_labels[:"app.kubernetes.io/name"]
+    end
+
+    def test_skips_service_without_expose_label
+      m = manifest(Kube::Cluster["Service"].new {
+        metadata.name = "web"
+        spec.ports = [{ name: "http", port: 80 }]
+      })
+
+      Middleware::IngressForService.new.call(m)
+
+      assert_equal 1, m.resources.size
+    end
+
+    def test_skips_non_service_resources
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        metadata.labels = { "app.kubernetes.io/expose": "app.example.com" }
+      })
+
+      Middleware::IngressForService.new.call(m)
+
+      assert_equal 1, m.resources.size
+    end
+
+    private
+
+      def manifest(*resources)
+        m = Kube::Cluster::Manifest.new
+        resources.each { |r| m << r }
+        m
+      end
+  end
+end

data/lib/kube/cluster/middleware/labels.rb

@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+if __FILE__ == $0
+  require "bundler/setup"
+  require "kube/cluster"
+end
+
 module Kube
   module Cluster
     class Middleware
@@ -57,3 +62,94 @@ module Kube
     end
   end
 end
+
+if __FILE__ == $0
+  require "minitest/autorun"
+
+  class LabelsMiddlewareTest < Minitest::Test
+    Middleware = Kube::Cluster::Middleware
+
+    def test_adds_standard_labels
+      m = manifest(Kube::Cluster["ConfigMap"].new { metadata.name = "test" })
+
+      Middleware::Labels.new(app: "web", managed_by: "kube_cluster").call(m)
+      labels = m.resources.first.to_h.dig(:metadata, :labels)
+
+      assert_equal "web", labels[:"app.kubernetes.io/name"]
+      assert_equal "kube_cluster", labels[:"app.kubernetes.io/managed-by"]
+    end
+
+    def test_maps_all_standard_keys
+      m = manifest(Kube::Cluster["ConfigMap"].new { metadata.name = "test" })
+
+      Middleware::Labels.new(
+        app: "web",
+        instance: "my-release",
+        version: "1.0.0",
+        component: "frontend",
+        part_of: "platform",
+        managed_by: "kube_cluster",
+      ).call(m)
+
+      labels = m.resources.first.to_h.dig(:metadata, :labels)
+
+      assert_equal "web",           labels[:"app.kubernetes.io/name"]
+      assert_equal "my-release",    labels[:"app.kubernetes.io/instance"]
+      assert_equal "1.0.0",         labels[:"app.kubernetes.io/version"]
+      assert_equal "frontend",      labels[:"app.kubernetes.io/component"]
+      assert_equal "platform",      labels[:"app.kubernetes.io/part-of"]
+      assert_equal "kube_cluster",  labels[:"app.kubernetes.io/managed-by"]
+    end
+
+    def test_resource_labels_override_middleware_defaults
+      m = manifest(Kube::Cluster["ConfigMap"].new {
+        metadata.name = "test"
+        metadata.labels = { "app.kubernetes.io/name": "override" }
+      })
+
+      Middleware::Labels.new(app: "default").call(m)
+      labels = m.resources.first.to_h.dig(:metadata, :labels)
+
+      assert_equal "override", labels[:"app.kubernetes.io/name"]
+    end
+
+    def test_preserves_existing_labels
+      m = manifest(Kube::Cluster["ConfigMap"].new {
+        metadata.name = "test"
+        metadata.labels = { custom: "value" }
+      })
+
+      Middleware::Labels.new(app: "web").call(m)
+      labels = m.resources.first.to_h.dig(:metadata, :labels)
+
+      assert_equal "value", labels[:custom]
+      assert_equal "web", labels[:"app.kubernetes.io/name"]
+    end
+
+    def test_passes_through_non_standard_keys
+      m = manifest(Kube::Cluster["ConfigMap"].new { metadata.name = "test" })
+
+      Middleware::Labels.new(:"team.io/name" => "platform").call(m)
+      labels = m.resources.first.to_h.dig(:metadata, :labels)
+
+      assert_equal "platform", labels[:"team.io/name"]
+    end
+
+    def test_converts_values_to_strings
+      m = manifest(Kube::Cluster["ConfigMap"].new { metadata.name = "test" })
+
+      Middleware::Labels.new(version: 2).call(m)
+      labels = m.resources.first.to_h.dig(:metadata, :labels)
+
+      assert_equal "2", labels[:"app.kubernetes.io/version"]
+    end
+
+    private
+
+      def manifest(*resources)
+        m = Kube::Cluster::Manifest.new
+        resources.each { |r| m << r }
+        m
+      end
+  end
+end

data/lib/kube/cluster/middleware/namespace.rb

@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+if __FILE__ == $0
+  require "bundler/setup"
+  require "kube/cluster"
+end
+
 module Kube
   module Cluster
     class Middleware
@@ -29,3 +34,79 @@ module Kube
     end
   end
 end
+
+if __FILE__ == $0
+  require "minitest/autorun"
+
+  class NamespaceMiddlewareTest < Minitest::Test
+    Middleware = Kube::Cluster::Middleware
+
+    def test_sets_namespace_on_configmap
+      m = manifest(Kube::Cluster["ConfigMap"].new { metadata.name = "test" })
+
+      Middleware::Namespace.new("production").call(m)
+
+      assert_equal "production", m.resources.first.to_h.dig(:metadata, :namespace)
+    end
+
+    def test_sets_namespace_on_deployment
+      m = manifest(Kube::Cluster["Deployment"].new { metadata.name = "web" })
+
+      Middleware::Namespace.new("staging").call(m)
+
+      assert_equal "staging", m.resources.first.to_h.dig(:metadata, :namespace)
+    end
+
+    def test_skips_namespace_resource
+      m = manifest(Kube::Cluster["Namespace"].new { metadata.name = "my-ns" })
+
+      Middleware::Namespace.new("production").call(m)
+
+      assert_nil m.resources.first.to_h.dig(:metadata, :namespace)
+    end
+
+    def test_skips_cluster_role
+      m = manifest(Kube::Cluster["ClusterRole"].new { metadata.name = "admin" })
+
+      Middleware::Namespace.new("production").call(m)
+
+      assert_nil m.resources.first.to_h.dig(:metadata, :namespace)
+    end
+
+    def test_skips_cluster_role_binding
+      m = manifest(Kube::Cluster["ClusterRoleBinding"].new { metadata.name = "admin-binding" })
+
+      Middleware::Namespace.new("production").call(m)
+
+      assert_nil m.resources.first.to_h.dig(:metadata, :namespace)
+    end
+
+    def test_overwrites_existing_namespace
+      m = manifest(Kube::Cluster["ConfigMap"].new {
+        metadata.name = "test"
+        metadata.namespace = "old"
+      })
+
+      Middleware::Namespace.new("new").call(m)
+
+      assert_equal "new", m.resources.first.to_h.dig(:metadata, :namespace)
+    end
+
+    def test_returns_new_resource_instance
+      resource = Kube::Cluster["ConfigMap"].new { metadata.name = "test" }
+      m = manifest(resource)
+
+      Middleware::Namespace.new("production").call(m)
+
+      refute_same resource, m.resources.first
+    end
+
+    private
+
+      def manifest(*resources)
+        m = Kube::Cluster::Manifest.new
+        resources.each { |r| m << r }
+        m
+      end
+  end
+end

data/lib/kube/cluster/middleware/pod_anti_affinity.rb

@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+if __FILE__ == $0
+  require "bundler/setup"
+  require "kube/cluster"
+end
+
 module Kube
   module Cluster
     class Middleware
@@ -59,3 +64,135 @@ module Kube
     end
   end
 end
+
+if __FILE__ == $0
+  require "minitest/autorun"
+
+  class PodAntiAffinityMiddlewareTest < Minitest::Test
+    Middleware = Kube::Cluster::Middleware
+
+    def test_injects_soft_anti_affinity_on_deployment
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        spec.selector.matchLabels = { app: "web", instance: "prod" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx:latest" },
+        ]
+      })
+
+      Middleware::PodAntiAffinity.new.call(m)
+      affinity = m.resources.first.to_h.dig(:spec, :template, :spec, :affinity)
+
+      paa = affinity.dig(:podAntiAffinity, :preferredDuringSchedulingIgnoredDuringExecution)
+      assert_equal 1, paa.size
+
+      term = paa.first
+      assert_equal 1, term[:weight]
+      assert_equal "kubernetes.io/hostname", term.dig(:podAffinityTerm, :topologyKey)
+      assert_equal({ app: "web", instance: "prod" }, term.dig(:podAffinityTerm, :labelSelector, :matchLabels))
+    end
+
+    def test_custom_topology_key
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx:latest" },
+        ]
+      })
+
+      Middleware::PodAntiAffinity.new(
+        topology_key: "topology.kubernetes.io/zone",
+      ).call(m)
+
+      affinity = m.resources.first.to_h.dig(:spec, :template, :spec, :affinity)
+      term = affinity.dig(:podAntiAffinity, :preferredDuringSchedulingIgnoredDuringExecution, 0)
+
+      assert_equal "topology.kubernetes.io/zone", term.dig(:podAffinityTerm, :topologyKey)
+    end
+
+    def test_custom_weight
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx:latest" },
+        ]
+      })
+
+      Middleware::PodAntiAffinity.new(weight: 100).call(m)
+      term = m.resources.first.to_h.dig(:spec, :template, :spec, :affinity,
+        :podAntiAffinity, :preferredDuringSchedulingIgnoredDuringExecution, 0)
+
+      assert_equal 100, term[:weight]
+    end
+
+    def test_skips_resources_with_existing_affinity
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        spec.selector.matchLabels = { app: "web" }
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.affinity = { nodeAffinity: { custom: true } }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx:latest" },
+        ]
+      })
+
+      Middleware::PodAntiAffinity.new.call(m)
+      affinity = m.resources.first.to_h.dig(:spec, :template, :spec, :affinity)
+
+      assert_equal({ nodeAffinity: { custom: true } }, affinity)
+    end
+
+    def test_skips_non_pod_bearing_resources
+      resource = Kube::Cluster["ConfigMap"].new { metadata.name = "config" }
+      m = manifest(resource)
+
+      Middleware::PodAntiAffinity.new.call(m)
+
+      assert_equal resource.to_h, m.resources.first.to_h
+    end
+
+    def test_skips_resources_without_match_labels
+      m = manifest(Kube::Cluster["Deployment"].new {
+        metadata.name = "web"
+        spec.template.metadata.labels = { app: "web" }
+        spec.template.spec.containers = [
+          { name: "web", image: "nginx:latest" },
+        ]
+      })
+
+      Middleware::PodAntiAffinity.new.call(m)
+      affinity = m.resources.first.to_h.dig(:spec, :template, :spec, :affinity)
+
+      assert_nil affinity
+    end
+
+    def test_applies_to_statefulset
+      m = manifest(Kube::Cluster["StatefulSet"].new {
+        metadata.name = "db"
+        spec.selector.matchLabels = { app: "db" }
+        spec.template.metadata.labels = { app: "db" }
+        spec.template.spec.containers = [
+          { name: "postgres", image: "postgres:16" },
+        ]
+      })
+
+      Middleware::PodAntiAffinity.new.call(m)
+      affinity = m.resources.first.to_h.dig(:spec, :template, :spec, :affinity)
+
+      refute_nil affinity.dig(:podAntiAffinity)
+    end
+
+    private
+
+      def manifest(*resources)
+        m = Kube::Cluster::Manifest.new
+        resources.each { |r| m << r }
+        m
+      end
+  end
+end