kubernetes-deploy 0.30.0 → 0.31.0

data/lib/{kubernetes-deploy → krane}/duration_parser.rb

@@ -2,7 +2,7 @@
 
 require 'active_support/duration'
 
-module KubernetesDeploy
+module Krane
   # This class is a less strict extension of ActiveSupport::Duration::ISO8601Parser.
   # In addition to full ISO8601 durations, it can parse unprefixed ISO8601 time components (e.g. '1H').
   # It is also case-insensitive.

data/lib/{kubernetes-deploy → krane}/ejson_secret_provisioner.rb

@@ -2,9 +2,9 @@
 require 'json'
 require 'base64'
 require 'open3'
-require 'kubernetes-deploy/kubectl'
+require 'krane/kubectl'
 
-module KubernetesDeploy
+module Krane
   class EjsonSecretError < FatalDeploymentError
     def initialize(msg)
       super("Generation of Kubernetes secrets from ejson failed: #{msg}")
@@ -111,7 +111,7 @@ module KubernetesDeploy
         "data" => encoded_data,
       }
 
-      KubernetesDeploy::Secret.build(
+      Krane::Secret.build(
         namespace: namespace, context: context, logger: logger, definition: secret, statsd_tags: @statsd_tags,
       )
     end

data/lib/krane/errors.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Krane
+  class FatalDeploymentError < StandardError; end
+  class FatalKubeAPIError < FatalDeploymentError; end
+  class KubectlError < StandardError; end
+  class TaskConfigurationError < FatalDeploymentError; end
+
+  class InvalidTemplateError < FatalDeploymentError
+    attr_reader :content
+    attr_accessor :filename
+    def initialize(err, filename: nil, content: nil)
+      @filename = filename
+      @content = content
+      super(err)
+    end
+  end
+
+  class DeploymentTimeoutError < FatalDeploymentError; end
+
+  class EjsonPrunableError < FatalDeploymentError
+    def initialize
+      super("Found #{KubernetesResource::LAST_APPLIED_ANNOTATION} annotation on " \
+          "#{EjsonSecretProvisioner::EJSON_KEYS_SECRET} secret. " \
+          "krane will not continue since it is extremely unlikely that this secret should be pruned.")
+    end
+  end
+end

data/lib/{kubernetes-deploy → krane}/formatted_logger.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 require 'logger'
 require 'colorized_string'
-require 'kubernetes-deploy/deferred_summary_logging'
+require 'krane/deferred_summary_logging'
 
-module KubernetesDeploy
+module Krane
   class FormattedLogger < Logger
     include DeferredSummaryLogging
 

data/lib/krane/global_deploy_task.rb

@@ -0,0 +1,210 @@
+# frozen_string_literal: true
+require 'tempfile'
+
+require 'krane/common'
+require 'krane/concurrency'
+require 'krane/resource_cache'
+require 'krane/kubectl'
+require 'krane/kubeclient_builder'
+require 'krane/cluster_resource_discovery'
+require 'krane/template_sets'
+require 'krane/resource_deployer'
+require 'krane/kubernetes_resource'
+require 'krane/global_deploy_task_config_validator'
+require 'krane/concerns/template_reporting'
+
+%w(
+  custom_resource
+  custom_resource_definition
+).each do |subresource|
+  require "krane/kubernetes_resource/#{subresource}"
+end
+
+module Krane
+  # Ship global resources to a context
+  class GlobalDeployTask
+    extend Krane::StatsD::MeasureMethods
+    include TemplateReporting
+    delegate :context, :logger, :global_kinds, to: :@task_config
+
+    # Initializes the deploy task
+    #
+    # @param context [String] Kubernetes context
+    # @param global_timeout [Integer] Timeout in seconds
+    # @param selector [Hash] Selector(s) parsed by Krane::LabelSelector
+    # @param template_paths [Array<String>] An array of template paths
+    def initialize(context:, global_timeout: nil, selector: nil, filenames: [], logger: nil)
+      template_paths = filenames.map { |path| File.expand_path(path) }
+
+      @task_config = TaskConfig.new(context, nil, logger)
+      @template_sets = TemplateSets.from_dirs_and_files(paths: template_paths,
+        logger: @task_config.logger)
+      @global_timeout = global_timeout
+      @selector = selector
+    end
+
+    # Runs the task, returning a boolean representing success or failure
+    #
+    # @return [Boolean]
+    def run(*args)
+      run!(*args)
+      true
+    rescue FatalDeploymentError
+      false
+    end
+
+    # Runs the task, raising exceptions in case of issues
+    #
+    # @param verify_result [Boolean] Wait for completion and verify success
+    # @param prune [Boolean] Enable deletion of resources that match the provided
+    #  selector and do not appear in the template dir
+    #
+    # @return [nil]
+    def run!(verify_result: true, prune: true)
+      start = Time.now.utc
+      logger.reset
+
+      logger.phase_heading("Initializing deploy")
+      validate_configuration
+      resources = discover_resources
+      validate_resources(resources)
+
+      logger.phase_heading("Checking initial resource statuses")
+      check_initial_status(resources)
+
+      logger.phase_heading("Deploying all resources")
+      deploy!(resources, verify_result, prune)
+
+      StatsD.client.event("Deployment succeeded",
+        "Successfully deployed all resources to #{context}",
+        alert_type: "success", tags: statsd_tags + %w(status:success))
+      StatsD.client.distribution('all_resources.duration', StatsD.duration(start),
+        tags: statsd_tags << "status:success")
+      logger.print_summary(:success)
+    rescue Krane::DeploymentTimeoutError
+      logger.print_summary(:timed_out)
+      StatsD.client.event("Deployment timed out",
+        "One or more resources failed to deploy to #{context} in time",
+        alert_type: "error", tags: statsd_tags + %w(status:timeout))
+      StatsD.client.distribution('all_resources.duration', StatsD.duration(start),
+        tags: statsd_tags << "status:timeout")
+      raise
+    rescue Krane::FatalDeploymentError => error
+      logger.summary.add_action(error.message) if error.message != error.class.to_s
+      logger.print_summary(:failure)
+      StatsD.client.event("Deployment failed",
+        "One or more resources failed to deploy to #{context}",
+        alert_type: "error", tags: statsd_tags + %w(status:failed))
+      StatsD.client.distribution('all_resources.duration', StatsD.duration(start),
+        tags: statsd_tags << "status:failed")
+      raise
+    end
+
+    private
+
+    def deploy!(resources, verify_result, prune)
+      resource_deployer = ResourceDeployer.new(task_config: @task_config,
+        prune_whitelist: prune_whitelist, max_watch_seconds: @global_timeout,
+        selector: @selector, statsd_tags: statsd_tags)
+      resource_deployer.deploy!(resources, verify_result, prune)
+    end
+
+    def validate_configuration
+      task_config_validator = GlobalDeployTaskConfigValidator.new(@task_config,
+        kubectl, kubeclient_builder)
+      errors = []
+      errors += task_config_validator.errors
+      errors += @template_sets.validate
+      errors << "Selector is required" unless @selector.to_h.present?
+      unless errors.empty?
+        add_para_from_list(logger: logger, action: "Configuration invalid", enum: errors)
+        raise TaskConfigurationError
+      end
+
+      logger.info("Using resource selector #{@selector}")
+      logger.info("All required parameters and files are present")
+    end
+    measure_method(:validate_configuration)
+
+    def validate_resources(resources)
+      validate_globals(resources)
+
+      Concurrency.split_across_threads(resources) do |r|
+        r.validate_definition(@kubectl, selector: @selector)
+      end
+
+      resources.select(&:has_warnings?).each do |resource|
+        record_warnings(logger: logger, warning: resource.validation_warning_msg,
+          filename: File.basename(resource.file_path))
+      end
+
+      failed_resources = resources.select(&:validation_failed?)
+      if failed_resources.present?
+        failed_resources.each do |r|
+          content = File.read(r.file_path) if File.file?(r.file_path) && !r.sensitive_template_content?
+          record_invalid_template(logger: logger, err: r.validation_error_msg,
+            filename: File.basename(r.file_path), content: content)
+        end
+        raise FatalDeploymentError, "Template validation failed"
+      end
+    end
+    measure_method(:validate_resources)
+
+    def validate_globals(resources)
+      return unless (namespaced = resources.reject(&:global?).presence)
+      namespaced_names = namespaced.map do |resource|
+        "#{resource.name} (#{resource.type}) in #{File.basename(resource.file_path)}"
+      end
+      namespaced_names = FormattedLogger.indent_four(namespaced_names.join("\n"))
+
+      logger.summary.add_paragraph(ColorizedString.new("Namespaced resources:\n#{namespaced_names}").yellow)
+      raise FatalDeploymentError, "This command cannot deploy namespaced resources"
+    end
+
+    def discover_resources
+      logger.info("Discovering resources:")
+      resources = []
+      crds_by_kind = cluster_resource_discoverer.crds.map { |crd| [crd.name, crd] }.to_h
+      @template_sets.with_resource_definitions do |r_def|
+        crd = crds_by_kind[r_def["kind"]]&.first
+        r = KubernetesResource.build(context: context, logger: logger, definition: r_def,
+          crd: crd, global_names: global_kinds, statsd_tags: statsd_tags)
+        resources << r
+        logger.info("  - #{r.id}")
+      end
+
+      resources.sort
+    rescue InvalidTemplateError => e
+      record_invalid_template(logger: logger, err: e.message, filename: e.filename, content: e.content)
+      raise FatalDeploymentError, "Failed to parse template"
+    end
+    measure_method(:discover_resources)
+
+    def cluster_resource_discoverer
+      @cluster_resource_discoverer ||= ClusterResourceDiscovery.new(task_config: @task_config)
+    end
+
+    def statsd_tags
+      %W(context:#{context})
+    end
+
+    def kubectl
+      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
+    end
+
+    def kubeclient_builder
+      @kubeclient_builder ||= KubeclientBuilder.new
+    end
+
+    def prune_whitelist
+      cluster_resource_discoverer.prunable_resources(namespaced: false)
+    end
+
+    def check_initial_status(resources)
+      cache = ResourceCache.new(@task_config)
+      Concurrency.split_across_threads(resources) { |r| r.sync(cache) }
+      resources.each { |r| logger.info(r.pretty_status) }
+    end
+    measure_method(:check_initial_status, "initial_status.duration")
+  end
+end

data/lib/krane/global_deploy_task_config_validator.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'krane/task_config_validator'
+
+module Krane
+  class GlobalDeployTaskConfigValidator < Krane::TaskConfigValidator
+    def initialize(*arguments)
+      super(*arguments)
+      @validations -= [:validate_namespace_exists]
+    end
+  end
+end

data/lib/{kubernetes-deploy → krane}/kubeclient_builder.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require 'kubeclient'
 
-module KubernetesDeploy
+module Krane
   class KubeclientBuilder
     class ContextMissingError < FatalDeploymentError
       def initialize(context_name, kubeconfig)
@@ -103,6 +103,14 @@ module KubernetesDeploy
       )
     end
 
+    def build_scheduling_v1beta1_kubeclient(context)
+      build_kubeclient(
+        api_version: "v1beta1",
+        context: context,
+        endpoint_path: "/apis/scheduling.k8s.io"
+      )
+    end
+
     def validate_config_files
       errors = []
       if @kubeconfig_files.empty?
@@ -137,8 +145,8 @@ module KubernetesDeploy
         ssl_options: kube_context.ssl_options,
         auth_options: kube_context.auth_options,
         timeouts: {
-          open: KubernetesDeploy::Kubectl::DEFAULT_TIMEOUT,
-          read: KubernetesDeploy::Kubectl::DEFAULT_TIMEOUT,
+          open: Krane::Kubectl::DEFAULT_TIMEOUT,
+          read: Krane::Kubectl::DEFAULT_TIMEOUT,
         }
       )
       client.discover

data/lib/{kubernetes-deploy → krane}/kubectl.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require 'open3'
 
-module KubernetesDeploy
+module Krane
   class Kubectl
     ERROR_MATCHERS = {
       not_found: /NotFound/,
@@ -52,7 +52,7 @@ module KubernetesDeploy
         else
           logger.debug("Kubectl err: #{output_is_sensitive ? '<suppressed sensitive output>' : err}")
         end
-        StatsD.increment('kubectl.error', 1, tags: { context: context, namespace: namespace, cmd: cmd[1] })
+        StatsD.client.increment('kubectl.error', 1, tags: { context: context, namespace: namespace, cmd: cmd[1] })
 
         break unless retriable_err?(err, retry_whitelist) && current_attempt < attempts
         sleep(retry_delay(current_attempt))

data/lib/{kubernetes-deploy → krane}/kubernetes_resource.rb

@@ -2,12 +2,12 @@
 require 'json'
 require 'shellwords'
 
-require 'kubernetes-deploy/remote_logs'
-require 'kubernetes-deploy/duration_parser'
-require 'kubernetes-deploy/label_selector'
-require 'kubernetes-deploy/rollout_conditions'
+require 'krane/remote_logs'
+require 'krane/duration_parser'
+require 'krane/label_selector'
+require 'krane/rollout_conditions'
 
-module KubernetesDeploy
+module Krane
   class KubernetesResource
     attr_reader :name, :namespace, :context
     attr_writer :type, :deploy_started_at, :global
@@ -40,7 +40,7 @@ module KubernetesDeploy
     SERVER_DRY_RUNNABLE = false
 
     class << self
-      def build(namespace:, context:, definition:, logger:, statsd_tags:, crd: nil, global_names: [])
+      def build(namespace: nil, context:, definition:, logger:, statsd_tags:, crd: nil, global_names: [])
         validate_definition_essentials(definition)
         opts = { namespace: namespace, context: context, definition: definition, logger: logger,
                  statsd_tags: statsd_tags }
@@ -59,8 +59,8 @@ module KubernetesDeploy
       end
 
       def class_for_kind(kind)
-        if KubernetesDeploy.const_defined?(kind)
-          KubernetesDeploy.const_get(kind)
+        if Krane.const_defined?(kind)
+          Krane.const_get(kind)
         end
       rescue NameError
         nil
@@ -87,8 +87,9 @@ module KubernetesDeploy
           raise InvalidTemplateError.new("Template is missing required field 'kind'", content: debug_content)
         end
 
-        if definition.dig('metadata', 'name').blank?
-          raise InvalidTemplateError.new("Template is missing required field 'metadata.name'", content: debug_content)
+        if definition.dig('metadata', 'name').blank? && definition.dig('metadata', 'generateName').blank?
+          raise InvalidTemplateError.new("Template must specify one of 'metadata.name' or 'metadata.generateName'",
+            content: debug_content)
         end
       end
     end
@@ -112,7 +113,7 @@ module KubernetesDeploy
 
     def initialize(namespace:, context:, definition:, logger:, statsd_tags: [])
       # subclasses must also set these if they define their own initializer
-      @name = definition.dig("metadata", "name").to_s
+      @name = (definition.dig("metadata", "name") || definition.dig("metadata", "generateName")).to_s
       @optional_statsd_tags = statsd_tags
       @namespace = namespace
       @context = context
@@ -170,7 +171,7 @@ module KubernetesDeploy
 
     def sync(cache)
       @instance_data = cache.get_instance(kubectl_resource_type, name, raise_if_not_found: true)
-    rescue KubernetesDeploy::Kubectl::ResourceNotFoundError
+    rescue Krane::Kubectl::ResourceNotFoundError
       @disappeared = true if deploy_started?
       @instance_data = {}
     end
@@ -235,9 +236,13 @@ module KubernetesDeploy
       !deploy_succeeded? && !deploy_failed? && (Time.now.utc - @deploy_started_at > timeout)
     end
 
-    # Expected values: :apply, :replace, :replace_force
+    # Expected values: :apply, :create, :replace, :replace_force
     def deploy_method
-      :apply
+      if @definition.dig("metadata", "name").blank? && uses_generate_name?
+        :create
+      else
+        :apply
+      end
     end
 
     def sync_debug_info(kubectl)
@@ -317,7 +322,7 @@ module KubernetesDeploy
     def fetch_events(kubectl)
       return {} unless exists?
       out, _err, st = kubectl.run("get", "events", "--output=go-template=#{Event.go_template_for(type, name)}",
-        log_failure: false)
+        log_failure: false, use_namespace: !global?)
       return {} unless st.success?
 
       event_collector = Hash.new { |hash, key| hash[key] = [] }
@@ -340,7 +345,7 @@ module KubernetesDeploy
 
     def report_status_to_statsd(watch_time)
       unless @statsd_report_done
-        StatsD.distribution('resource.duration', watch_time, tags: statsd_tags)
+        StatsD.client.distribution('resource.duration', watch_time, tags: statsd_tags)
         @statsd_report_done = true
       end
     end
@@ -350,13 +355,29 @@ module KubernetesDeploy
     end
 
     def server_dry_runnable_resource?
-      self.class::SERVER_DRY_RUNNABLE
+      # generateName and server-side dry run are incompatible because the former only works with `create`
+      # and the latter only works with `apply`
+      self.class::SERVER_DRY_RUNNABLE && !uses_generate_name?
+    end
+
+    def uses_generate_name?
+      @definition.dig('metadata', 'generateName').present?
     end
 
     def server_dry_run_validated?
       @server_dry_run_validated
     end
 
+    # If a resource uses generateName, we don't know the full name of the resource until it's deployed to the cluster.
+    # In this case, we need to update our local definition with the realized name in order to accurately track the
+    # resource during deploy
+    def use_generated_name(instance_data)
+      @name = instance_data.dig('metadata', 'name')
+      @definition['metadata']['name'] = @name
+      @definition['metadata'].delete('generateName')
+      @file = create_definition_tempfile
+    end
+
     class Event
       EVENT_SEPARATOR = "ENDEVENT--BEGINEVENT"
       FIELD_SEPARATOR = "ENDFIELD--BEGINFIELD"
@@ -480,13 +501,13 @@ module KubernetesDeploy
     def validate_spec_with_kubectl(kubectl)
       err = ""
       if kubectl.server_dry_run_enabled? && server_dry_runnable_resource?
-        _, err, st = validate_with_dry_run_option(kubectl, "--server-dry-run")
+        _, err, st = validate_with_server_side_dry_run(kubectl)
         @server_dry_run_validated = st.success?
         return true if st.success?
       end
 
       if err.empty? || err.match(SERVER_DRY_RUN_DISABLED_ERROR)
-        _, err, st = validate_with_dry_run_option(kubectl, "--dry-run")
+        _, err, st = validate_with_local_dry_run(kubectl)
       end
 
       return true if st.success?
@@ -497,10 +518,21 @@ module KubernetesDeploy
       end
     end
 
-    def validate_with_dry_run_option(kubectl, dry_run_option)
-      command = ["apply", "-f", file_path, dry_run_option, "--output=name"]
+    # Server side dry run is only supported on apply
+    def validate_with_server_side_dry_run(kubectl)
+      command = ["apply", "-f", file_path, "--server-dry-run", "--output=name"]
+      kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
+        retry_whitelist: [:client_timeout], attempts: 3)
+    end
+
+    # Local dry run is supported on only create and apply
+    # If the deploy method is create, validating with apply will fail
+    # If the resource template uses generateName, validating with apply will fail
+    def validate_with_local_dry_run(kubectl)
+      verb = deploy_method == :apply ? "apply" : "create"
+      command = [verb, "-f", file_path, "--dry-run", "--output=name"]
       kubectl.run(*command, log_failure: false, output_is_sensitive: sensitive_template_content?,
-                               retry_whitelist: [:client_timeout], attempts: 3)
+        retry_whitelist: [:client_timeout], attempts: 3, use_namespace: !global?)
     end
 
     def labels