RubyGems - kubernetes-deploy - Versions diffs - 0.25.0 → 0.26.0 - Mend

kubernetes-deploy 0.25.0 → 0.26.0

Files changed (37) hide show

checksums.yaml +4 -4
data/.buildkite/pipeline.nightly.yml +0 -9
data/.buildkite/pipeline.yml +0 -9
data/CHANGELOG.md +23 -0
data/CONTRIBUTING.md +164 -0
data/README.md +29 -104
data/dev.yml +3 -3
data/exe/kubernetes-deploy +32 -21
data/exe/kubernetes-render +20 -12
data/exe/kubernetes-restart +5 -1
data/lib/kubernetes-deploy.rb +1 -0
data/lib/kubernetes-deploy/bindings_parser.rb +20 -8
data/lib/kubernetes-deploy/cluster_resource_discovery.rb +1 -1
data/lib/kubernetes-deploy/container_logs.rb +6 -0
data/lib/kubernetes-deploy/deploy_task.rb +85 -44
data/lib/kubernetes-deploy/ejson_secret_provisioner.rb +38 -84
data/lib/kubernetes-deploy/errors.rb +8 -0
data/lib/kubernetes-deploy/kubeclient_builder.rb +52 -20
data/lib/kubernetes-deploy/kubeclient_builder/kube_config.rb +1 -1
data/lib/kubernetes-deploy/kubectl.rb +11 -10
data/lib/kubernetes-deploy/kubernetes_resource.rb +47 -9
data/lib/kubernetes-deploy/kubernetes_resource/custom_resource.rb +1 -1
data/lib/kubernetes-deploy/kubernetes_resource/custom_resource_definition.rb +1 -1
data/lib/kubernetes-deploy/kubernetes_resource/deployment.rb +1 -1
data/lib/kubernetes-deploy/kubernetes_resource/horizontal_pod_autoscaler.rb +12 -4
data/lib/kubernetes-deploy/kubernetes_resource/network_policy.rb +22 -0
data/lib/kubernetes-deploy/kubernetes_resource/pod.rb +2 -0
data/lib/kubernetes-deploy/kubernetes_resource/secret.rb +23 -0
data/lib/kubernetes-deploy/label_selector.rb +42 -0
data/lib/kubernetes-deploy/options_helper.rb +31 -15
data/lib/kubernetes-deploy/remote_logs.rb +6 -1
data/lib/kubernetes-deploy/renderer.rb +5 -1
data/lib/kubernetes-deploy/resource_cache.rb +4 -1
data/lib/kubernetes-deploy/restart_task.rb +22 -10
data/lib/kubernetes-deploy/runner_task.rb +5 -3
data/lib/kubernetes-deploy/version.rb +1 -1
metadata +6 -2

data/lib/kubernetes-deploy/kubernetes_resource.rb CHANGED Viewed

@@ -29,6 +29,8 @@ module KubernetesDeploy
       MSG
     TIMEOUT_OVERRIDE_ANNOTATION = "kubernetes-deploy.shopify.io/timeout-override"
+    LAST_APPLIED_ANNOTATION = "kubectl.kubernetes.io/last-applied-configuration"
+    KUBECTL_OUTPUT_IS_SENSITIVE = false
     class << self
       def build(namespace:, context:, definition:, logger:, statsd_tags:, crd: nil)
@@ -37,12 +39,8 @@ module KubernetesDeploy
         if definition["kind"].blank?
           raise InvalidTemplateError.new("Template missing 'Kind'", content: definition.to_yaml)
         end
-        begin
-          if KubernetesDeploy.const_defined?(definition["kind"])
-            klass = KubernetesDeploy.const_get(definition["kind"])
-            return klass.new(**opts)
-          end
-        rescue NameError
+        if (klass = class_for_kind(definition["kind"]))
+          return klass.new(**opts)
         end
         if crd
           CustomResource.new(crd: crd, **opts)
@@ -53,6 +51,14 @@ module KubernetesDeploy
         end
       end
+      def class_for_kind(kind)
+        if KubernetesDeploy.const_defined?(kind)
+          KubernetesDeploy.const_get(kind) # rubocop:disable Sorbet/ConstantsFromStrings
+        end
+      rescue NameError
+        nil
+      end
       def timeout
         self::TIMEOUT
       end
@@ -101,14 +107,21 @@ module KubernetesDeploy
       Kubeclient::Resource.new(@definition)
     end
-    def validate_definition(kubectl)
+    def validate_definition(kubectl, selector: nil)
       @validation_errors = []
+      validate_selector(selector) if selector
       validate_timeout_annotation
       command = ["create", "-f", file_path, "--dry-run", "--output=name"]
-      _, err, st = kubectl.run(*command, log_failure: false)
+      _, err, st = kubectl.run(*command, log_failure: false, output_is_sensitive: kubectl_output_is_sensitive?)
       return true if st.success?
-      @validation_errors << err
+      if kubectl_output_is_sensitive?
+        @validation_errors << <<-EOS
+          Validation for #{id} failed. Detailed information is unavailable as the raw error may contain sensitive data.
+        EOS
+      else
+        @validation_errors << err
+      end
       false
     end
@@ -124,6 +137,10 @@ module KubernetesDeploy
       "#{type}/#{name}"
     end
+    def <=>(other)
+      id <=> other.id
+    end
     def file_path
       file.path
     end
@@ -305,6 +322,10 @@ module KubernetesDeploy
       end
     end
+    def kubectl_output_is_sensitive?
+      self.class::KUBECTL_OUTPUT_IS_SENSITIVE
+    end
     class Event
       EVENT_SEPARATOR = "ENDEVENT--BEGINEVENT"
       FIELD_SEPARATOR = "ENDFIELD--BEGINFIELD"
@@ -388,6 +409,23 @@ module KubernetesDeploy
       @definition.dig("metadata", "annotations", TIMEOUT_OVERRIDE_ANNOTATION)
     end
+    def validate_selector(selector)
+      if labels.nil?
+        @validation_errors << "selector #{selector} passed in, but no labels were defined"
+        return
+      end
+      unless selector.to_h <= labels
+        label_name = 'label'.pluralize(labels.size)
+        label_string = LabelSelector.new(labels).to_s
+        @validation_errors << "selector #{selector} does not match #{label_name} #{label_string}"
+      end
+    end
+    def labels
+      @definition.dig("metadata", "labels")
+    end
     def file
       @file ||= create_definition_tempfile
     end

data/lib/kubernetes-deploy/kubernetes_resource/custom_resource.rb CHANGED Viewed

@@ -62,7 +62,7 @@ module KubernetesDeploy
       kind
     end
-    def validate_definition(kubectl)
+    def validate_definition(*)
       super
       @crd.validate_rollout_conditions

data/lib/kubernetes-deploy/kubernetes_resource/custom_resource_definition.rb CHANGED Viewed

@@ -66,7 +66,7 @@ module KubernetesDeploy
       @rollout_conditions = nil
     end
-    def validate_definition(_)
+    def validate_definition(*)
       super
       validate_rollout_conditions

data/lib/kubernetes-deploy/kubernetes_resource/deployment.rb CHANGED Viewed

@@ -92,7 +92,7 @@ module KubernetesDeploy
       progress_condition.present? ? deploy_failing_to_progress? : super
     end
-    def validate_definition(_)
+    def validate_definition(*)
       super
       unless REQUIRED_ROLLOUT_TYPES.include?(required_rollout) || percent?(required_rollout)

data/lib/kubernetes-deploy/kubernetes_resource/horizontal_pod_autoscaler.rb CHANGED Viewed

@@ -2,16 +2,17 @@
 module KubernetesDeploy
   class HorizontalPodAutoscaler < KubernetesResource
     TIMEOUT = 3.minutes
-    RECOVERABLE_CONDITIONS = %w(ScalingDisabled FailedGet)
+    RECOVERABLE_CONDITION_PREFIX = "FailedGet"
     def deploy_succeeded?
-      scaling_active_condition["status"] == "True"
+      scaling_active_condition["status"] == "True" || scaling_disabled?
     end
     def deploy_failed?
       return false unless exists?
-      recoverable = RECOVERABLE_CONDITIONS.any? { |c| scaling_active_condition.fetch("reason", "").start_with?(c) }
-      scaling_active_condition["status"] == "False" && !recoverable
+      return false if scaling_disabled?
+      scaling_active_condition["status"] == "False" &&
+      !scaling_active_condition.fetch("reason", "").start_with?(RECOVERABLE_CONDITION_PREFIX)
     end
     def kubectl_resource_type
@@ -21,6 +22,8 @@ module KubernetesDeploy
     def status
       if !exists?
         super
+      elsif scaling_disabled?
+        "ScalingDisabled"
       elsif deploy_succeeded?
         "Configured"
       elsif scaling_active_condition.present? || able_to_scale_condition.present?
@@ -42,6 +45,11 @@ module KubernetesDeploy
     private
+    def scaling_disabled?
+      scaling_active_condition["status"] == "False" &&
+      scaling_active_condition["reason"] == "ScalingDisabled"
+    end
     def conditions
       @instance_data.dig("status", "conditions") || []
     end

data/lib/kubernetes-deploy/kubernetes_resource/network_policy.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  class NetworkPolicy < KubernetesResource
+    TIMEOUT = 30.seconds
+    def status
+      exists? ? "Created" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/kubernetes-deploy/kubernetes_resource/pod.rb CHANGED Viewed

@@ -9,6 +9,8 @@ module KubernetesDeploy
       Preempting
     )
+    attr_accessor :stream_logs
     def initialize(namespace:, context:, definition:, logger:,
       statsd_tags: nil, parent: nil, deploy_started_at: nil, stream_logs: false)
       @parent = parent

data/lib/kubernetes-deploy/kubernetes_resource/secret.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  class Secret < KubernetesResource
+    TIMEOUT = 30.seconds
+    KUBECTL_OUTPUT_IS_SENSITIVE = true
+    def status
+      exists? ? "Available" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/kubernetes-deploy/label_selector.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  class LabelSelector
+    def self.parse(string)
+      selector = {}
+      string.split(',').each do |kvp|
+        key, value = kvp.split('=', 2)
+        if key.blank?
+          raise ArgumentError, "key is blank"
+        end
+        if key.end_with?("!")
+          raise ArgumentError, "!= selectors are not supported"
+        end
+        if value&.start_with?("=")
+          raise ArgumentError, "== selectors are not supported"
+        end
+        selector[key] = value
+      end
+      new(selector)
+    end
+    def initialize(hash)
+      @selector = hash
+    end
+    def to_h
+      @selector
+    end
+    def to_s
+      return "" if @selector.nil?
+      @selector.map { |k, v| "#{k}=#{v}" }.join(",")
+    end
+  end
+end

data/lib/kubernetes-deploy/options_helper.rb CHANGED Viewed

@@ -2,25 +2,41 @@
 module KubernetesDeploy
   module OptionsHelper
-    def self.default_and_check_template_dir(template_dir)
-      if !template_dir && ENV.key?("ENVIRONMENT")
-        template_dir = "config/deploy/#{ENV['ENVIRONMENT']}"
-      end
+    class OptionsError < StandardError; end
-      if !template_dir || template_dir.empty?
-        puts "Template directory is unknown. " \
-          "Either specify --template-dir argument or set $ENVIRONMENT to use config/deploy/$ENVIRONMENT " \
-        + "as a default path."
-        exit(1)
+    STDIN_TEMP_FILE = "from_stdin.yml.erb"
+    class << self
+      def with_validated_template_dir(template_dir)
+        if template_dir == '-'
+          Dir.mktmpdir("kubernetes-deploy") do |dir|
+            template_dir_from_stdin(temp_dir: dir)
+            yield dir
+          end
+        else
+          yield default_template_dir(template_dir)
+        end
       end
-      template_dir
-    end
+      private
+      def default_template_dir(template_dir)
+        if ENV.key?("ENVIRONMENT")
+          template_dir = File.join("config", "deploy", ENV['ENVIRONMENT'])
+        end
+        if !template_dir || template_dir.empty?
+          raise OptionsError, "Template directory is unknown. " \
+            "Either specify --template-dir argument or set $ENVIRONMENT to use config/deploy/$ENVIRONMENT " \
+            "as a default path."
+        end
+        template_dir
+      end
-    def self.revision_from_environment
-      ENV.fetch('REVISION') do
-        puts "ENV['REVISION'] is missing. Please specify the commit SHA"
-        exit 1
+      def template_dir_from_stdin(temp_dir:)
+        File.open(File.join(temp_dir, STDIN_TEMP_FILE), 'w+') { |f| f.print($stdin.read) }
+      rescue IOError, Errno::ENOENT => e
+        raise OptionsError, e.message
       end
     end
   end

data/lib/kubernetes-deploy/remote_logs.rb CHANGED Viewed

@@ -28,7 +28,12 @@ module KubernetesDeploy
     end
     def print_latest
-      @container_logs.each { |cl| cl.print_latest(prefix: @container_logs.length > 1) }
+      @container_logs.each do |cl|
+        unless cl.printing_started?
+          @logger.info("Streaming logs from #{@parent_id} container '#{cl.container_name}':")
+        end
+        cl.print_latest(prefix: @container_logs.length > 1)
+      end
     end
     def print_all(prevent_duplicate: true)

data/lib/kubernetes-deploy/renderer.rb CHANGED Viewed

@@ -24,7 +24,11 @@ module KubernetesDeploy
       @logger = logger
       @bindings = bindings
       # Max length of podname is only 63chars so try to save some room by truncating sha to 8 chars
-      @id = current_sha[0...8] + "-#{SecureRandom.hex(4)}" if current_sha
+      @id = if ENV["TASK_ID"]
+        ENV["TASK_ID"]
+      elsif current_sha
+        current_sha[0...8] + "-#{SecureRandom.hex(4)}"
+      end
     end
     def render_template(filename, raw_template)

data/lib/kubernetes-deploy/resource_cache.rb CHANGED Viewed

@@ -50,7 +50,10 @@ module KubernetesDeploy
     end
     def fetch_by_kind(kind)
-      raw_json, _, st = @kubectl.run("get", kind, "--chunk-size=0", "--output=json", attempts: 5)
+      resource_class = KubernetesResource.class_for_kind(kind)
+      output_is_sensitive = resource_class.nil? ? false : resource_class::KUBECTL_OUTPUT_IS_SENSITIVE
+      raw_json, _, st = @kubectl.run("get", kind, "--chunk-size=0", attempts: 5, output: "json",
+         output_is_sensitive: output_is_sensitive)
       raise KubectlError unless st.success?
       instances = {}

data/lib/kubernetes-deploy/restart_task.rb CHANGED Viewed

@@ -5,8 +5,6 @@ require 'kubernetes-deploy/kubectl'
 module KubernetesDeploy
   class RestartTask
-    include KubernetesDeploy::KubeclientBuilder
     class FatalRestartError < FatalDeploymentError; end
     class RestartAPIError < FatalRestartError
@@ -34,13 +32,13 @@ module KubernetesDeploy
       false
     end
-    def perform!(deployments_names = nil)
+    def perform!(deployments_names = nil, selector: nil)
       start = Time.now.utc
       @logger.reset
       @logger.phase_heading("Initializing restart")
       verify_namespace
-      deployments = identify_target_deployments(deployments_names)
+      deployments = identify_target_deployments(deployments_names, selector: selector)
       if kubectl.server_version < Gem::Version.new(MIN_KUBE_VERSION)
         @logger.warn(KubernetesDeploy::Errors.server_version_warning(kubectl.server_version))
       end
@@ -76,17 +74,27 @@ module KubernetesDeploy
       %W(namespace:#{@namespace} context:#{@context} status:#{status} deployments:#{deployments.to_a.length}})
     end
-    def identify_target_deployments(deployment_names)
+    def identify_target_deployments(deployment_names, selector: nil)
       if deployment_names.nil?
-        @logger.info("Configured to restart all deployments with the `#{ANNOTATION}` annotation")
-        deployments = v1beta1_kubeclient.get_deployments(namespace: @namespace)
-          .select { |d| d.metadata.annotations[ANNOTATION] }
+        deployments = if selector.nil?
+          @logger.info("Configured to restart all deployments with the `#{ANNOTATION}` annotation")
+          v1beta1_kubeclient.get_deployments(namespace: @namespace)
+        else
+          selector_string = selector.to_s
+          @logger.info(
+            "Configured to restart all deployments with the `#{ANNOTATION}` annotation and #{selector_string} selector"
+          )
+          v1beta1_kubeclient.get_deployments(namespace: @namespace, label_selector: selector_string)
+        end
+        deployments.select! { |d| d.metadata.annotations[ANNOTATION] }
         if deployments.none?
           raise FatalRestartError, "no deployments with the `#{ANNOTATION}` annotation found in namespace #{@namespace}"
         end
       elsif deployment_names.empty?
         raise FatalRestartError, "Configured to restart deployments by name, but list of names was blank"
+      elsif !selector.nil?
+        raise FatalRestartError, "Can't specify deployment names and selector at the same time"
       else
         deployment_names = deployment_names.uniq
         list = deployment_names.join(', ')
@@ -166,7 +174,7 @@ module KubernetesDeploy
     end
     def kubeclient
-      @kubeclient ||= build_v1_kubeclient(@context)
+      @kubeclient ||= kubeclient_builder.build_v1_kubeclient(@context)
     end
     def kubectl
@@ -174,7 +182,11 @@ module KubernetesDeploy
     end
     def v1beta1_kubeclient
-      @v1beta1_kubeclient ||= build_v1beta1_kubeclient(@context)
+      @v1beta1_kubeclient ||= kubeclient_builder.build_v1beta1_kubeclient(@context)
+    end
+    def kubeclient_builder
+      @kubeclient_builder ||= KubeclientBuilder.new
     end
   end
 end