kubernetes-deploy 0.3.4 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 243574658a49fa135a24916b5ab9144d1350e3a5
-  data.tar.gz: 8ac19f9d603838a2791da5bfe1c58222a4d082c5
+  metadata.gz: a5719744341ee174982a0aeec721aca1fac39154
+  data.tar.gz: 4d705c38c73e5de46b428b2475ad3f2dcc19bd48
 SHA512:
-  metadata.gz: 357d21eb05b6f7ae579db5ab5749ff5dc5eac8e3d6e682735e8dfbdef3ec9e5fa1c6324ac68f9fc0b50a7d125bf5d7297549ac001f70f204b92dc4560d1c5b12
-  data.tar.gz: 88e3506ab13ecbe080b155ecaf0bd825de3987235ab2fb62058b420ba722c299c5a12060d4ada535740cd6b40bcaf0cf969c927829a4e971a0eb30f4262d3143
+  metadata.gz: f97774306df820422fd5fa2cb91408e0f89e50f9e2257b003d1026a80df060db3a7e844b9a806a44b2552c8b4d88d960396f38ac99b87663478b4e6c4f3972ba
+  data.tar.gz: 85602d28ddb571043f4ab89239b90b6777197ca90c2a37565a78630042507dc98d493e36f0c24fc7b944485892b8a25d0565655a32f38163fb94c223fe858fd4

data/Gemfile

@@ -4,5 +4,5 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'pry'
-gem 'kubeclient'
 gem 'rubocop'
+gem 'timecop'

data/README.md

@@ -29,9 +29,16 @@ Requirements:
  - kubectl 1.5.1+ binary must be available in your path
  - `ENV['KUBECONFIG']` must point to a valid kubeconfig file that includes the context you want to deploy to
  - The target namespace must already exist in the target context
- - `ENV['GOOGLE_APPLICATION_CREDENTIALS']` must point to the credentials for an authenticated service account if your user's auth provider is gcp
+ - `ENV['GOOGLE_APPLICATION_CREDENTIALS']` must point to the credentials for an authenticated service account if your user's auth provider is GCP
  - `ENV['ENVIRONMENT']` must be set to use the default template path (`config/deploy/$ENVIRONMENT`) in the absence of the `--template-dir=DIR` option
 
+The tool also provides a task for restarting all of the pods in one or more deployments.
+It triggers the restart by touching the `RESTARTED_AT` environment variable in the deployment's podSpec.
+The rollout strategy defined for each deployment will be respected by the restart.
+
+The following command will restart all pods in the `web` and `jobs` deployments:
+
+`kubernetes-restart <kube namespace> <kube context> --deployments=web,jobs`
 
 ## Development
 

data/exe/kubernetes-deploy

@@ -7,8 +7,12 @@ require 'optparse'
 
 skip_wait = false
 template_dir = nil
+allow_protected_ns = false
+prune = true
 ARGV.options do |opts|
   opts.on("--skip-wait") { skip_wait = true }
+  opts.on("--allow-protected-ns") { allow_protected_ns = true }
+  opts.on("--no-prune") { prune = false }
   opts.on("--template-dir=DIR") { |v| template_dir = v }
   opts.parse!
 end
@@ -35,6 +39,8 @@ KubernetesDeploy::Runner.with_friendly_errors do
     current_sha: revision,
     template_dir: template_dir,
     wait_for_completion: !skip_wait,
+    allow_protected_ns: allow_protected_ns,
+    prune: prune,
   )
   runner.run
 end

data/exe/kubernetes-restart

@@ -0,0 +1,23 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'optparse'
+
+require 'kubernetes-deploy'
+require 'kubernetes-deploy/restart_task'
+
+raw_deployments = nil
+ARGV.options do |opts|
+  opts.on("--deployments=LIST") { |v| raw_deployments = v }
+  opts.parse!
+end
+
+if raw_deployments.nil?
+  puts "Failed: specify at least one deployment to restart with --deployments flag"
+  exit 1
+end
+
+KubernetesDeploy::Runner.with_friendly_errors do
+  restart = KubernetesDeploy::RestartTask.new(namespace: ARGV[0], context: ARGV[1])
+  restart.perform(raw_deployments.split(","))
+end

data/kubernetes-deploy.gemspec

@@ -21,8 +21,10 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
   spec.add_dependency "activesupport", ">= 4.2"
+  spec.add_dependency "kubeclient", "~> 2.3"
 
   spec.add_development_dependency "bundler", "~> 1.13"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "minitest-stub-const", "~> 0.6"
 end

data/lib/kubernetes-deploy.rb

@@ -3,6 +3,7 @@ require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/slice'
 require 'active_support/core_ext/numeric/time'
 require 'active_support/core_ext/string/inflections'
+require 'active_support/core_ext/string/strip'
 
 require 'logger'
 require 'kubernetes-deploy/runner'

data/lib/kubernetes-deploy/kubeclient_builder.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+require 'kubeclient'
+
+module KubernetesDeploy
+  module KubeclientBuilder
+    class ContextMissingError < FatalDeploymentError
+      def initialize(context_name)
+        super("`#{context_name}` context must be configured in your KUBECONFIG (#{ENV['KUBECONFIG']}). " \
+          "Please see the README.")
+      end
+    end
+
+    private
+
+    def build_v1_kubeclient(context)
+      _build_kubeclient(
+        api_version: "v1",
+        context: context
+      )
+    end
+
+    def build_v1beta1_kubeclient(context)
+      _build_kubeclient(
+        api_version: "v1beta1",
+        context: context,
+        endpoint_path: "/apis/extensions/"
+      )
+    end
+
+    def _build_kubeclient(api_version:, context:, endpoint_path: nil)
+      config = Kubeclient::Config.read(ENV.fetch("KUBECONFIG"))
+      unless config.contexts.include?(context)
+        raise ContextMissingError, context
+      end
+      kube_context = config.context(context)
+
+      client = Kubeclient::Client.new(
+        "#{kube_context.api_endpoint}#{endpoint_path}",
+        api_version,
+        ssl_options: kube_context.ssl_options,
+        auth_options: kube_context.auth_options
+      )
+      client.discover
+      client
+    end
+  end
+end

data/lib/kubernetes-deploy/resource_watcher.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  class ResourceWatcher
+    def initialize(resources)
+      unless resources.is_a?(Enumerable)
+        raise ArgumentError, <<-MSG.strip
+ResourceWatcher expects Enumerable collection, got `#{resources.class}` instead
+MSG
+      end
+      @resources = resources
+    end
+
+    def run(delay_sync: 3.seconds, logger: KubernetesDeploy.logger)
+      delay_sync_until = Time.now.utc
+      started_at = delay_sync_until
+      human_resources = @resources.map(&:id).join(", ")
+      max_wait_time = @resources.map(&:timeout).max
+      logger.info("Waiting for #{human_resources} with #{max_wait_time}s timeout")
+
+      while @resources.present?
+        if Time.now.utc < delay_sync_until
+          sleep(delay_sync_until - Time.now.utc)
+        end
+        delay_sync_until = Time.now.utc + delay_sync # don't pummel the API if the sync is fast
+        @resources.each(&:sync)
+        newly_finished_resources, @resources = @resources.partition(&:deploy_finished?)
+        newly_finished_resources.each do |resource|
+          next unless resource.deploy_failed? || resource.deploy_timed_out?
+          logger.error("#{resource.id} failed to deploy with status '#{resource.status}'.")
+        end
+      end
+
+      watch_time = Time.now.utc - started_at
+      logger.info("Spent #{watch_time.round(2)}s waiting for #{human_resources}")
+    end
+  end
+end

data/lib/kubernetes-deploy/restart_task.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+require 'kubernetes-deploy/kubeclient_builder'
+require 'kubernetes-deploy/ui_helpers'
+require 'kubernetes-deploy/resource_watcher'
+
+module KubernetesDeploy
+  class RestartTask
+    include UIHelpers
+    include KubernetesDeploy::KubeclientBuilder
+
+    class DeploymentNotFoundError < FatalDeploymentError
+      def initialize(name, namespace)
+        super("Deployment `#{name}` not found in namespace `#{namespace}`. Aborting the task.")
+      end
+    end
+
+    class NamespaceNotFoundError < FatalDeploymentError
+      def initialize(name, context)
+        super("Namespace `#{name}` not found in context `#{context}`. Aborting the task.")
+      end
+    end
+
+    class RestartError < FatalDeploymentError
+      def initialize(deployment_name, response)
+        super("Failed to restart #{deployment_name}. " \
+            "API returned non-200 response code (#{response.code})\n" \
+            "Response:\n#{response.body}")
+      end
+    end
+
+    HTTP_OK_RANGE = 200..299
+
+    def initialize(context:, namespace:, logger: KubernetesDeploy.logger)
+      @context = context
+      @namespace = namespace
+      @logger = logger
+      @kubeclient = build_v1_kubeclient(context)
+      @v1beta1_kubeclient = build_v1beta1_kubeclient(context)
+    end
+
+    def perform(deployments_names)
+      verify_namespace
+
+      if deployments_names.empty?
+        raise ArgumentError, "#perform takes at least one deployment to restart"
+      end
+
+      phase_heading("Triggering restart by touching ENV[RESTARTED_AT]")
+      deployments = fetch_deployments(deployments_names.uniq)
+      patch_kubeclient_deployments(deployments)
+
+      phase_heading("Waiting for rollout")
+      wait_for_rollout(deployments)
+
+      names = deployments.map { |d| "`#{d.metadata.name}`" }
+      @logger.info "Restart of #{names.join(', ')} deployments succeeded"
+    end
+
+    private
+
+    def wait_for_rollout(kubeclient_resources)
+      resources = kubeclient_resources.map { |d| Deployment.new(d.metadata.name, @namespace, @context, nil) }
+      watcher = ResourceWatcher.new(resources)
+      watcher.run
+    end
+
+    def verify_namespace
+      @kubeclient.get_namespace(@namespace)
+    rescue KubeException => error
+      if error.error_code == 404
+        raise NamespaceNotFoundError.new(@namespace, @context)
+      else
+        raise
+      end
+    end
+
+    def patch_deployment_with_restart(record)
+      @v1beta1_kubeclient.patch_deployment(
+        record.metadata.name,
+        build_patch_payload(record),
+        @namespace
+      )
+    end
+
+    def patch_kubeclient_deployments(deployments)
+      deployments.each do |record|
+        response = patch_deployment_with_restart(record)
+        if HTTP_OK_RANGE.cover?(response.code)
+          @logger.info "Triggered `#{record.metadata.name}` restart"
+        else
+          raise RestartError.new(record.metadata.name, response)
+        end
+      end
+    end
+
+    def fetch_deployments(list)
+      list.map do |name|
+        record = nil
+        begin
+          record = @v1beta1_kubeclient.get_deployment(name, @namespace)
+        rescue KubeException => error
+          if error.error_code == 404
+            raise DeploymentNotFoundError.new(name, @namespace)
+          else
+            raise
+          end
+        end
+        record
+      end
+    end
+
+    def build_patch_payload(deployment)
+      containers = deployment.spec.template.spec.containers
+      {
+        spec: {
+          template: {
+            spec: {
+              containers: containers.map do |container|
+                {
+                  name: container.name,
+                  env: [{ name: "RESTARTED_AT", value: Time.now.to_i.to_s }]
+                }
+              end
+            }
+          }
+        }
+      }
+    end
+  end
+end

data/lib/kubernetes-deploy/runner.rb

@@ -19,9 +19,13 @@ require 'kubernetes-deploy/kubernetes_resource'
 ).each do |subresource|
   require "kubernetes-deploy/kubernetes_resource/#{subresource}"
 end
+require 'kubernetes-deploy/resource_watcher'
+require "kubernetes-deploy/ui_helpers"
 
 module KubernetesDeploy
   class Runner
+    include UIHelpers
+
     PREDEPLOY_SEQUENCE = %w(
       Cloudsql
       Redis
@@ -64,7 +68,8 @@ MSG
       exit 1
     end
 
-    def initialize(namespace:, current_sha:, context:, wait_for_completion:, template_dir:)
+    def initialize(namespace:, current_sha:, context:, template_dir:,
+      wait_for_completion:, allow_protected_ns: false, prune: true)
       @namespace = namespace
       @context = context
       @current_sha = current_sha
@@ -72,14 +77,19 @@ MSG
       # Max length of podname is only 63chars so try to save some room by truncating sha to 8 chars
       @id = current_sha[0...8] + "-#{SecureRandom.hex(4)}" if current_sha
       @wait_for_completion = wait_for_completion
+      @allow_protected_ns = allow_protected_ns
+      @prune = prune
     end
 
     def wait_for_completion?
       @wait_for_completion
     end
 
+    def allow_protected_ns?
+      @allow_protected_ns
+    end
+
     def run
-      @current_phase = 0
       phase_heading("Validating configuration")
       validate_configuration
 
@@ -97,7 +107,10 @@ MSG
       predeploy_priority_resources(resources)
 
       phase_heading("Deploying all resources")
-      deploy_resources(resources, prune: true)
+      if PROTECTED_NAMESPACES.include?(@namespace) && @prune
+        raise FatalDeploymentError, "Refusing to deploy to protected namespace '#{@namespace}' with pruning enabled"
+      end
+      deploy_resources(resources, prune: @prune)
 
       return unless wait_for_completion?
       wait_for_completion(resources)
@@ -192,26 +205,8 @@ MSG
     end
 
     def wait_for_completion(watched_resources)
-      delay_sync_until = Time.now.utc
-      started_at = delay_sync_until
-      human_resources = watched_resources.map(&:id).join(", ")
-      max_wait_time = watched_resources.map(&:timeout).max
-      KubernetesDeploy.logger.info("Waiting for #{human_resources} with #{max_wait_time}s timeout")
-      while watched_resources.present?
-        if Time.now.utc < delay_sync_until
-          sleep(delay_sync_until - Time.now.utc)
-        end
-        delay_sync_until = Time.now.utc + 3 # don't pummel the API if the sync is fast
-        watched_resources.each(&:sync)
-        newly_finished_resources, watched_resources = watched_resources.partition(&:deploy_finished?)
-        newly_finished_resources.each do |resource|
-          next unless resource.deploy_failed? || resource.deploy_timed_out?
-          KubernetesDeploy.logger.error("#{resource.id} failed to deploy with status '#{resource.status}'.")
-        end
-      end
-
-      watch_time = Time.now.utc - started_at
-      KubernetesDeploy.logger.info("Spent #{watch_time.round(2)}s waiting for #{human_resources}")
+      watcher = ResourceWatcher.new(watched_resources)
+      watcher.run
     end
 
     def render_template(filename, raw_template)
@@ -244,7 +239,18 @@ MSG
       if @namespace.blank?
         errors << "Namespace must be specified"
       elsif PROTECTED_NAMESPACES.include?(@namespace)
-        errors << "Refusing to deploy to protected namespace #{@namespace}"
+        if allow_protected_ns? && @prune
+          errors << "Refusing to deploy to protected namespace '#{@namespace}' with pruning enabled"
+        elsif allow_protected_ns?
+          warning = <<-WARNING.strip_heredoc
+          You're deploying to protected namespace #{@namespace}, which cannot be pruned.
+          Existing resources can only be removed manually with kubectl. Removing templates from the set deployed will have no effect.
+          ***Please do not deploy to #{@namespace} unless you really know what you are doing.***
+          WARNING
+          KubernetesDeploy.logger.warn(warning)
+        else
+          errors << "Refusing to deploy to protected namespace '#{@namespace}'"
+        end
       end
 
       if @context.blank?
@@ -335,17 +341,5 @@ MSG
       end
       [out.chomp, err.chomp, st]
     end
-
-    def phase_heading(phase_name)
-      @current_phase += 1
-      heading = "Phase #{@current_phase}: #{phase_name}"
-      padding = (100.0 - heading.length) / 2
-      KubernetesDeploy.logger.info("")
-      KubernetesDeploy.logger.info("#{'-' * padding.floor}#{heading}#{'-' * padding.ceil}")
-    end
-
-    def log_green(msg)
-      KubernetesDeploy.logger.info("\033[0;32m#{msg}\x1b[0m")
-    end
   end
 end

data/lib/kubernetes-deploy/ui_helpers.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  module UIHelpers
+    private
+
+    def phase_heading(phase_name)
+      @current_phase ||= 0
+      @current_phase += 1
+      heading = "Phase #{@current_phase}: #{phase_name}"
+      padding = (100.0 - heading.length) / 2
+      KubernetesDeploy.logger.info("")
+      KubernetesDeploy.logger.info("#{'-' * padding.floor}#{heading}#{'-' * padding.ceil}")
+    end
+
+    def log_green(msg)
+      KubernetesDeploy.logger.info("\033[0;32m#{msg}\x1b[0m")
+    end
+  end
+end

data/lib/kubernetes-deploy/version.rb

@@ -1,3 +1,3 @@
 module KubernetesDeploy
-  VERSION = "0.3.4"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kubernetes-deploy
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.4.0
 platform: ruby
 authors:
 - Kir Shatrov
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-03-22 00:00:00.000000000 Z
+date: 2017-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -26,6 +26,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: kubeclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -68,11 +82,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: minitest-stub-const
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
 description: Kubernetes deploy scripts
 email:
 - ops-accounts+shipit@shopify.com
 executables:
 - kubernetes-deploy
+- kubernetes-restart
 extensions: []
 extra_rdoc_files: []
 files:
@@ -85,8 +114,10 @@ files:
 - bin/ci
 - bin/setup
 - exe/kubernetes-deploy
+- exe/kubernetes-restart
 - kubernetes-deploy.gemspec
 - lib/kubernetes-deploy.rb
+- lib/kubernetes-deploy/kubeclient_builder.rb
 - lib/kubernetes-deploy/kubernetes_resource.rb
 - lib/kubernetes-deploy/kubernetes_resource/cloudsql.rb
 - lib/kubernetes-deploy/kubernetes_resource/config_map.rb
@@ -96,7 +127,10 @@ files:
 - lib/kubernetes-deploy/kubernetes_resource/pod.rb
 - lib/kubernetes-deploy/kubernetes_resource/redis.rb
 - lib/kubernetes-deploy/kubernetes_resource/service.rb
+- lib/kubernetes-deploy/resource_watcher.rb
+- lib/kubernetes-deploy/restart_task.rb
 - lib/kubernetes-deploy/runner.rb
+- lib/kubernetes-deploy/ui_helpers.rb
 - lib/kubernetes-deploy/version.rb
 homepage: https://github.com/Shopify/kubernetes-deploy
 licenses: