RubyGems - kubernetes-deploy - Versions diffs - 0.22.0 → 0.23.0 - Mend

kubernetes-deploy 0.22.0 → 0.23.0

Files changed (43) hide show

checksums.yaml +5 -5
data/.rubocop.yml +8 -0
data/CHANGELOG.md +16 -0
data/README.md +32 -0
data/exe/kubernetes-deploy +2 -15
data/exe/kubernetes-render +32 -0
data/kubernetes-deploy.gemspec +5 -3
data/lib/kubernetes-deploy.rb +5 -3
data/lib/kubernetes-deploy/cluster_resource_discovery.rb +34 -0
data/lib/kubernetes-deploy/container_logs.rb +25 -13
data/lib/kubernetes-deploy/deploy_task.rb +68 -50
data/lib/kubernetes-deploy/errors.rb +1 -0
data/lib/kubernetes-deploy/formatted_logger.rb +16 -2
data/lib/kubernetes-deploy/kubeclient_builder/google_friendly_config.rb +4 -6
data/lib/kubernetes-deploy/kubectl.rb +20 -9
data/lib/kubernetes-deploy/kubernetes_resource.rb +5 -6
data/lib/kubernetes-deploy/kubernetes_resource/cloudsql.rb +3 -4
data/lib/kubernetes-deploy/kubernetes_resource/daemon_set.rb +4 -5
data/lib/kubernetes-deploy/kubernetes_resource/deployment.rb +7 -8
data/lib/kubernetes-deploy/kubernetes_resource/memcached.rb +4 -5
data/lib/kubernetes-deploy/kubernetes_resource/pod.rb +7 -5
data/lib/kubernetes-deploy/kubernetes_resource/pod_set_base.rb +12 -6
data/lib/kubernetes-deploy/kubernetes_resource/redis.rb +5 -6
data/lib/kubernetes-deploy/kubernetes_resource/replica_set.rb +23 -5
data/lib/kubernetes-deploy/kubernetes_resource/role.rb +22 -0
data/lib/kubernetes-deploy/kubernetes_resource/service.rb +8 -4
data/lib/kubernetes-deploy/kubernetes_resource/stateful_set.rb +2 -3
data/lib/kubernetes-deploy/oj.rb +4 -0
data/lib/kubernetes-deploy/options_helper.rb +27 -0
data/lib/kubernetes-deploy/remote_logs.rb +10 -4
data/lib/kubernetes-deploy/render_task.rb +119 -0
data/lib/kubernetes-deploy/renderer.rb +1 -1
data/lib/kubernetes-deploy/resource_cache.rb +64 -0
data/lib/kubernetes-deploy/resource_watcher.rb +27 -6
data/lib/kubernetes-deploy/restart_task.rb +5 -6
data/lib/kubernetes-deploy/runner_task.rb +6 -10
data/lib/kubernetes-deploy/statsd.rb +60 -7
data/lib/kubernetes-deploy/template_discovery.rb +15 -0
data/lib/kubernetes-deploy/version.rb +1 -1
data/pull_request_template.md +8 -0
metadata +47 -5
data/lib/kubernetes-deploy/resource_discovery.rb +0 -19
data/lib/kubernetes-deploy/sync_mediator.rb +0 -80

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 93fa4f3f00a9ff96a2dfc20fa26ead2ccf77d5e2
-  data.tar.gz: 6b1e6a305c64c94ffb1cb38b5f7d722ba2e11fd6
+SHA256:
+  metadata.gz: 01ddead06a28a399d7364d5789c2bcb1cee0e0aa4ae471a4af1a90c32973050b
+  data.tar.gz: ebcedef932871bd542db69bc0b48fb6f47f2482c712aa9380a79cb872b6c3e82
 SHA512:
-  metadata.gz: 88e0586648309f18d49b7d7e27650edd273bc0fdef8ae9bb0a0aa639ed6e4016fb0d7c6d2a1c25caede0774bb5fdc30b79d100e0ade49fcd6dd1a3823d20dc3a
-  data.tar.gz: a2ae7f6b727838b2c090c4208d0d321dee080902f8a50057c62f53691888294121211b863225945d5178ceea24876299e49ebdee1bc70f911e66eafd129e28fe
+  metadata.gz: 837dcaf96f89beae9f9a57ceb207595d602f1e039217007750112828a8076d0337c17bb6a75bcc2d5a5a8c531f8b0db363a19293d5dc6ce011cdd70440c888a7
+  data.tar.gz: e8e6484dbfae1b867542a02c39f7c96ed4434ab3f900f49fea72523466ea9be23ce2d1f2209d9fb609b7e71af63d1c047ab6f98f756ec28eef8bb47245fb9180

data/.rubocop.yml CHANGED

@@ -9,3 +9,11 @@ Style/TrailingCommaInArrayLiteral:
 Style/TrailingCommaInHashLiteral:
   Enabled: false
+Style/MethodCallWithArgsParentheses:
+  Enabled: false
+Naming/FileName:
+  Enabled: true
+  Exclude:
+    - lib/kubernetes-deploy.rb

data/CHANGELOG.md CHANGED

@@ -1,3 +1,19 @@
+## 0.23.0
+*Features*
+- New command: `kubernetes-render` is a tool for rendering ERB templates to raw Kubernetes YAML. It's useful for seeing what `kubernetes-deploy` does before actually invoking `kubectl` on the rendered YAML. It's also useful for outputting YAML that can be passed to other tools, for validation or introspection purposes. ([#375](https://github.com/Shopify/kubernetes-deploy/pull/375/files))
+- **[Breaking change]** This release completes the conversion of `kubernetes-deploy` StatsD metrics to `distribution`s, which was done for `kubernetes-restart` and `kubernetes-run` in v0.22.0.
+- Several new distribution metrics are available to give insight into the timing of each step of the deploy process: `KubernetesDeploy.validate_configuration.duration`, `KubernetesDeploy.discover_resources.duration`, `KubernetesDeploy.validate_resources.duration`, `KubernetesDeploy.initial_status.duration`, `KubernetesDeploy.create_ejson_secrets.duration`, `KubernetesDeploy.apply_all.duration`, `KubernetesDeploy.sync.duration`
+- **[Breaking change]** `KubernetesDeploy.resource.duration` no longer includes `sha` or `resource` tags. ([#392](https://github.com/Shopify/kubernetes-deploy/pull/392))
+*Enhancements*
+- Roles are now predeployed before RoleBindings ([#380](https://github.com/Shopify/kubernetes-deploy/pull/380))
+- Several performance enhancements for deploys to namespaces with hundreds of resources.
+- KubernetesDeploy no longer modifies the global StatsD configuration when used as a gem ([#384](https://github.com/Shopify/kubernetes-deploy/pull/384))
+*Bug fixes*
+- Handle out-of-order arrival of entries from different streams when processing logs ([#401](https://github.com/Shopify/kubernetes-deploy/pull/401))
 ## 0.22.0
 *Features*

data/README.md CHANGED

@@ -50,6 +50,10 @@ This repo also includes related tools for [running tasks](#kubernetes-run) and [
 * [Prerequisites](#prerequisites-1)
 * [Usage](#usage-2)
+**KUBERNETES-RENDER**
+* [Prerequisites](#prerequisites-2)
+* [Usage](#usage-3)
 **DEVELOPMENT**
 * [Setup](#setup)
 * [Running the test suite locally](#running-the-test-suite-locally)
@@ -371,6 +375,34 @@ Based on this specification `kubernetes-run` will create a new pod with the entr
+# kubernetes-render
+`kubernetes-render` is a tool for rendering ERB templates to raw Kubernetes YAML. It's useful for seeing what `kubernetes-deploy` does before actually invoking `kubectl` on the rendered YAML. It's also useful for outputting YAML that can be passed to other tools, for validation or introspection purposes.
+## Prerequisites
+ * `kubernetes-render` does __not__ require a running cluster or an active kubernetes context, which is nice if you want to run it in a CI environment, potentially alongside something like https://github.com/garethr/kubeval to make sure your configuration is sound.
+ * Like the other `kubernetes-deploy` commands, `kubernetes-render` requires the `$REVISION` environment variable to be set, and will make it available as `current_sha` in your ERB templates.
+## Usage
+To render all templates in your template dir, run:
+```
+kubernetes-render --template-dir=./path/to/template/dir
+```
+To render some templates in a template dir, run kubernetes-render with the names of the templates to render:
+```
+kubernetes-render --template-dir=./path/to/template/dir this-template.yaml.erb that-template.yaml.erb
+```
+*Options:*
+- `--template-dir=DIR`: Used to set the directory to interpret template names relative to. This is often the same directory passed as `--template-dir` when running `kubernetes-deploy` to actually deploy templates. Set `$ENVIRONMENT` instead to use `config/deploy/$ENVIRONMENT`.
+- `--bindings=BINDINGS`: Makes additional variables available to your ERB templates. For example, `kubernetes-render --bindings=color=blue,size=large some-template.yaml.erb` will expose `color` and `size` to `some-template.yaml.erb`.
 # Development

data/exe/kubernetes-deploy CHANGED

@@ -40,23 +40,10 @@ ARGV.options do |opts|
   opts.parse!
 end
-if !template_dir && ENV.key?("ENVIRONMENT")
-  template_dir = "config/deploy/#{ENV['ENVIRONMENT']}"
-end
-if !template_dir || template_dir.empty?
-  puts "Template directory is unknown. " \
-    "Either specify --template-dir argument or set $ENVIRONMENT to use config/deploy/$ENVIRONMENT as a default path."
-  exit 1
-end
-revision = ENV.fetch('REVISION') do
-  puts "ENV['REVISION'] is missing. Please specify the commit SHA"
-  exit 1
-end
 namespace = ARGV[0]
 context = ARGV[1]
+template_dir = KubernetesDeploy::OptionsHelper.default_and_check_template_dir(template_dir)
+revision = KubernetesDeploy::OptionsHelper.revision_from_environment
 logger = KubernetesDeploy::FormattedLogger.build(namespace, context, verbose_prefix: verbose_log_prefix)
 runner = KubernetesDeploy::DeployTask.new(

data/exe/kubernetes-render ADDED

@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'kubernetes-deploy'
+require 'kubernetes-deploy/render_task'
+require 'optparse'
+template_dir = nil
+bindings = {}
+ARGV.options do |opts|
+  opts.on("--bindings=BINDINGS", "Expose additional variables to ERB templates " \
+    "(format: k1=v1,k2=v2, JSON string or file (JSON or YAML) path prefixed by '@')") do |binds|
+    bindings.merge!(KubernetesDeploy::BindingsParser.parse(binds))
+  end
+  opts.on("--template-dir=DIR", "Set the template dir (default: config/deploy/$ENVIRONMENT)") { |v| template_dir = v }
+  opts.parse!
+end
+templates = ARGV
+logger = KubernetesDeploy::FormattedLogger.build(verbose_prefix: false)
+revision = KubernetesDeploy::OptionsHelper.revision_from_environment
+runner = KubernetesDeploy::RenderTask.new(
+  logger: logger,
+  current_sha: revision,
+  template_dir: template_dir,
+  bindings: bindings,
+)
+success = runner.run(STDOUT, templates)
+exit 1 unless success

data/kubernetes-deploy.gemspec CHANGED

@@ -15,12 +15,12 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/Shopify/kubernetes-deploy"
   spec.license       = "MIT"
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+  spec.files         = %x(git ls-files -z).split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = %w(lib)
   spec.required_ruby_version = '>= 2.3.0'
   spec.add_dependency "activesupport", ">= 5.0"
@@ -28,7 +28,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency "googleauth", "~> 0.6.6" # https://github.com/google/google-auth-library-ruby/issues/153
   spec.add_dependency "ejson", "~> 1.0"
   spec.add_dependency "colorize", "~> 0.8"
-  spec.add_dependency "statsd-instrument", "~> 2.3"
+  spec.add_dependency "statsd-instrument", '~> 2.3', '>= 2.3.2'
+  spec.add_dependency "oj", "~> 3.7"
+  spec.add_dependency "concurrent-ruby", "~> 1.1"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake", "~> 10.0"

data/lib/kubernetes-deploy.rb CHANGED

@@ -11,16 +11,18 @@ require 'active_support/duration'
 require 'colorized_string'
 require 'kubernetes-deploy/version'
+require 'kubernetes-deploy/oj'
 require 'kubernetes-deploy/errors'
 require 'kubernetes-deploy/formatted_logger'
-require 'kubernetes-deploy/deploy_task'
+require 'kubernetes-deploy/options_helper'
 require 'kubernetes-deploy/statsd'
+require 'kubernetes-deploy/deploy_task'
 require 'kubernetes-deploy/concurrency'
 require 'kubernetes-deploy/bindings_parser'
 require 'kubernetes-deploy/duration_parser'
-require 'kubernetes-deploy/sync_mediator'
+require 'kubernetes-deploy/resource_cache'
 module KubernetesDeploy
   MIN_KUBE_VERSION = '1.9.0'
-  KubernetesDeploy::StatsD.build
+  StatsD.build
 end

data/lib/kubernetes-deploy/cluster_resource_discovery.rb ADDED

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  class ClusterResourceDiscovery
+    def initialize(namespace:, context:, logger:, namespace_tags:)
+      @namespace = namespace
+      @context = context
+      @logger = logger
+      @namespace_tags = namespace_tags
+    end
+    def crds
+      @crds ||= fetch_crds.map do |cr_def|
+        CustomResourceDefinition.new(namespace: @namespace, context: @context, logger: @logger,
+          definition: cr_def, statsd_tags: @namespace_tags)
+      end
+    end
+    private
+    def fetch_crds
+      raw_json, _, st = kubectl.run("get", "CustomResourceDefinition", "-a", "--output=json", attempts: 5)
+      if st.success?
+        JSON.parse(raw_json)["items"]
+      else
+        []
+      end
+    end
+    def kubectl
+      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: true)
+    end
+  end
+end

data/lib/kubernetes-deploy/container_logs.rb CHANGED

@@ -5,18 +5,20 @@ module KubernetesDeploy
     DEFAULT_LINE_LIMIT = 250
-    def initialize(parent_id:, container_name:, logger:)
+    def initialize(parent_id:, container_name:, namespace:, context:, logger:)
       @parent_id = parent_id
       @container_name = container_name
+      @namespace = namespace
+      @context = context
       @logger = logger
       @lines = []
       @next_print_index = 0
     end
-    def sync(kubectl)
-      new_logs = fetch_latest(kubectl)
+    def sync
+      new_logs = fetch_latest
       return unless new_logs.present?
-      @lines += deduplicate(new_logs)
+      @lines += sort_and_deduplicate(new_logs)
     end
     def empty?
@@ -39,7 +41,7 @@ module KubernetesDeploy
     private
-    def fetch_latest(kubectl)
+    def fetch_latest
       cmd = ["logs", @parent_id, "--container=#{container_name}", "--timestamps"]
       cmd << if @last_timestamp.present?
         "--since-time=#{rfc3339_timestamp(@last_timestamp)}"
@@ -50,22 +52,32 @@ module KubernetesDeploy
       out.split("\n")
     end
+    def kubectl
+      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: false)
+    end
     def rfc3339_timestamp(time)
       time.strftime("%FT%T.%N%:z")
     end
-    def deduplicate(logs)
-      deduped = []
-      check_for_duplicate = true
+    def sort_and_deduplicate(logs)
+      parsed_lines = logs.map { |line| split_timestamped_line(line) }
+      sorted_lines = parsed_lines.sort do |(timestamp1, _msg1), (timestamp2, _msg2)|
+        if timestamp1.nil?
+          -1
+        elsif timestamp2.nil?
+          1
+        else
+          timestamp1 <=> timestamp2
+        end
+      end
-      logs.each do |line|
-        timestamp, msg = split_timestamped_line(line)
-        next if check_for_duplicate && likely_duplicate?(timestamp)
-        check_for_duplicate = false # logs are ordered, so once we've seen a new one, assume all subsequent logs are new
+      deduped = []
+      sorted_lines.each do |timestamp, msg|
+        next if likely_duplicate?(timestamp)
         @last_timestamp = timestamp if timestamp
         deduped << msg
       end
       deduped
     end

data/lib/kubernetes-deploy/deploy_task.rb CHANGED

@@ -38,11 +38,13 @@ require 'kubernetes-deploy/kubectl'
 require 'kubernetes-deploy/kubeclient_builder'
 require 'kubernetes-deploy/ejson_secret_provisioner'
 require 'kubernetes-deploy/renderer'
-require 'kubernetes-deploy/resource_discovery'
+require 'kubernetes-deploy/cluster_resource_discovery'
+require 'kubernetes-deploy/template_discovery'
 module KubernetesDeploy
   class DeployTask
     include KubeclientBuilder
+    extend KubernetesDeploy::StatsD::MeasureMethods
     PREDEPLOY_SEQUENCE = %w(
       ResourceQuota
@@ -52,6 +54,7 @@ module KubernetesDeploy
       ConfigMap
       PersistentVolumeClaim
       ServiceAccount
+      Role
       RoleBinding
       Pod
     )
@@ -85,7 +88,7 @@ module KubernetesDeploy
         policy/v1beta1/PodDisruptionBudget
         batch/v1beta1/CronJob
       )
-      wl + cluster_resource_discoverer.crds(@sync_mediator).select(&:prunable?).map(&:group_version_kind)
+      wl + cluster_resource_discoverer.crds.select(&:prunable?).map(&:group_version_kind)
     end
     def server_version
@@ -108,7 +111,6 @@ module KubernetesDeploy
         logger: @logger,
         bindings: bindings,
       )
-      @sync_mediator = SyncMediator.new(namespace: @namespace, context: @context, logger: @logger)
     end
     def run(*args)
@@ -124,33 +126,16 @@ module KubernetesDeploy
       @logger.phase_heading("Initializing deploy")
       validate_configuration(allow_protected_ns: allow_protected_ns, prune: prune)
-      confirm_context_exists
-      confirm_namespace_exists
-      @namespace_tags |= tags_from_namespace_labels
       resources = discover_resources
-      validate_definitions(resources)
+      validate_resources(resources)
       @logger.phase_heading("Checking initial resource statuses")
-      @sync_mediator.sync(resources)
-      resources.each { |r| @logger.info(r.pretty_status) }
-      ejson = EjsonSecretProvisioner.new(
-        namespace: @namespace,
-        context: @context,
-        template_dir: @template_dir,
-        logger: @logger,
-        prune: prune,
-      )
-      if ejson.secret_changes_required?
-        @logger.phase_heading("Deploying kubernetes secrets from #{EjsonSecretProvisioner::EJSON_SECRETS_FILE}")
-        ejson.run
-      end
+      check_initial_status(resources)
+      create_ejson_secrets(prune)
       if deploy_has_priority_resources?(resources)
         @logger.phase_heading("Predeploying priority resources")
-        start_priority_resource = Time.now.utc
         predeploy_priority_resources(resources)
-        ::StatsD.measure('priority_resources.duration', StatsD.duration(start_priority_resource), tags: statsd_tags)
       end
       @logger.phase_heading("Deploying all resources")
@@ -159,9 +144,7 @@ module KubernetesDeploy
       end
       if verify_result
-        start_normal_resource = Time.now.utc
-        deploy_resources(resources, prune: prune, verify: true)
-        ::StatsD.measure('normal_resources.duration', StatsD.duration(start_normal_resource), tags: statsd_tags)
+        deploy_all_resources(resources, prune: prune, verify: true)
         failed_resources = resources.reject(&:deploy_succeeded?)
         success = failed_resources.empty?
         if !success && failed_resources.all?(&:deploy_timed_out?)
@@ -169,7 +152,7 @@ module KubernetesDeploy
         end
         raise FatalDeploymentError unless success
       else
-        deploy_resources(resources, prune: prune, verify: false)
+        deploy_all_resources(resources, prune: prune, verify: false)
         @logger.summary.add_action("deployed #{resources.length} #{'resource'.pluralize(resources.length)}")
         warning = <<~MSG
           Deploy result verification is disabled for this deploy.
@@ -177,32 +160,37 @@ module KubernetesDeploy
         MSG
         @logger.summary.add_paragraph(ColorizedString.new(warning).yellow)
       end
-      ::StatsD.event("Deployment of #{@namespace} succeeded",
+      StatsD.event("Deployment of #{@namespace} succeeded",
         "Successfully deployed all #{@namespace} resources to #{@context}",
         alert_type: "success", tags: statsd_tags << "status:success")
-      ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:success")
+      StatsD.distribution('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:success")
       @logger.print_summary(:success)
     rescue DeploymentTimeoutError
       @logger.print_summary(:timed_out)
-      ::StatsD.event("Deployment of #{@namespace} timed out",
+      StatsD.event("Deployment of #{@namespace} timed out",
         "One or more #{@namespace} resources failed to deploy to #{@context} in time",
         alert_type: "error", tags: statsd_tags << "status:timeout")
-      ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:timeout")
+      StatsD.distribution('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:timeout")
       raise
     rescue FatalDeploymentError => error
       @logger.summary.add_action(error.message) if error.message != error.class.to_s
       @logger.print_summary(:failure)
-      ::StatsD.event("Deployment of #{@namespace} failed",
+      StatsD.event("Deployment of #{@namespace} failed",
         "One or more #{@namespace} resources failed to deploy to #{@context}",
         alert_type: "error", tags: statsd_tags << "status:failed")
-      ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:failed")
+      StatsD.distribution('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:failed")
       raise
     end
     private
     def cluster_resource_discoverer
-      ResourceDiscovery.new(namespace: @namespace, context: @context, logger: @logger, namespace_tags: @namespace_tags)
+      @cluster_resource_discoverer ||= ClusterResourceDiscovery.new(
+        namespace: @namespace,
+        context: @context,
+        logger: @logger,
+        namespace_tags: @namespace_tags
+      )
     end
     def deploy_has_priority_resources?(resources)
@@ -219,7 +207,7 @@ module KubernetesDeploy
         fail_count = failed_resources.length
         if fail_count > 0
           KubernetesDeploy::Concurrency.split_across_threads(failed_resources) do |r|
-            r.sync_debug_info(@sync_mediator.kubectl)
+            r.sync_debug_info(kubectl)
           end
           failed_resources.each { |r| @logger.summary.add_paragraph(r.debug_message) }
           raise FatalDeploymentError, "Failed to deploy #{fail_count} priority #{'resource'.pluralize(fail_count)}"
@@ -227,8 +215,9 @@ module KubernetesDeploy
         @logger.blank_line
       end
     end
+    measure_method(:predeploy_priority_resources, 'priority_resources.duration')
-    def validate_definitions(resources)
+    def validate_resources(resources)
       KubernetesDeploy::Concurrency.split_across_threads(resources) { |r| r.validate_definition(kubectl) }
       failed_resources = resources.select(&:validation_failed?)
       return unless failed_resources.present?
@@ -239,14 +228,35 @@ module KubernetesDeploy
       end
       raise FatalDeploymentError, "Template validation failed"
     end
+    measure_method(:validate_resources)
+    def check_initial_status(resources)
+      cache = ResourceCache.new(@namespace, @context, @logger)
+      KubernetesDeploy::Concurrency.split_across_threads(resources) { |r| r.sync(cache) }
+      resources.each { |r| @logger.info(r.pretty_status) }
+    end
+    measure_method(:check_initial_status, "initial_status.duration")
+    def create_ejson_secrets(prune)
+      ejson = EjsonSecretProvisioner.new(
+        namespace: @namespace,
+        context: @context,
+        template_dir: @template_dir,
+        logger: @logger,
+        prune: prune,
+      )
+      return unless ejson.secret_changes_required?
+      @logger.phase_heading("Deploying kubernetes secrets from #{EjsonSecretProvisioner::EJSON_SECRETS_FILE}")
+      ejson.run
+    end
+    measure_method(:create_ejson_secrets)
     def discover_resources
       resources = []
       @logger.info("Discovering templates:")
-      Dir.foreach(@template_dir) do |filename|
-        next unless filename.end_with?(".yml.erb", ".yml", ".yaml", ".yaml.erb")
+      TemplateDiscovery.new(@template_dir).templates.each do |filename|
         split_templates(filename) do |r_def|
           r = KubernetesResource.build(namespace: @namespace, context: @context, logger: @logger,
                                        definition: r_def, statsd_tags: @namespace_tags)
@@ -260,11 +270,12 @@ module KubernetesDeploy
       end
       resources
     end
+    measure_method(:discover_resources)
     def split_templates(filename)
       file_content = File.read(File.join(@template_dir, filename))
       rendered_content = @renderer.render_template(filename, file_content)
-      YAML.load_stream(rendered_content) do |doc|
+      YAML.load_stream(rendered_content, "<rendered> #{filename}") do |doc|
         next if doc.blank?
         unless doc.is_a?(Hash)
           raise InvalidTemplateError.new("Template is not a valid Kubernetes manifest",
@@ -283,15 +294,11 @@ module KubernetesDeploy
     def record_invalid_template(err:, filename:, content:)
       debug_msg = ColorizedString.new("Invalid template: #{filename}\n").red
-      debug_msg += "> Error message:\n#{indent_four(err)}"
-      debug_msg += "\n> Template content:\n#{indent_four(content)}"
+      debug_msg += "> Error message:\n#{FormattedLogger.indent_four(err)}"
+      debug_msg += "\n> Template content:\n#{FormattedLogger.indent_four(content)}"
       @logger.summary.add_paragraph(debug_msg)
     end
-    def indent_four(str)
-      "    " + str.gsub("\n", "\n    ")
-    end
     def validate_configuration(allow_protected_ns:, prune:)
       errors = []
       if ENV["KUBECONFIG"].blank?
@@ -340,8 +347,12 @@ module KubernetesDeploy
         raise FatalDeploymentError, "Configuration invalid"
       end
+      confirm_context_exists
+      confirm_namespace_exists
+      @namespace_tags |= tags_from_namespace_labels
       @logger.info("All required parameters and files are present")
     end
+    measure_method(:validate_configuration)
     def deploy_resources(resources, prune: false, verify:, record_summary: true)
       return if resources.empty?
@@ -388,12 +399,17 @@ module KubernetesDeploy
       apply_all(applyables, prune)
       if verify
-        watcher = ResourceWatcher.new(resources: resources, sync_mediator: @sync_mediator,
-          logger: @logger, deploy_started_at: deploy_started_at, timeout: @max_watch_seconds)
+        watcher = ResourceWatcher.new(resources: resources, logger: @logger, deploy_started_at: deploy_started_at,
+          timeout: @max_watch_seconds, namespace: @namespace, context: @context, sha: @current_sha)
         watcher.run(record_summary: record_summary)
       end
     end
+    def deploy_all_resources(resources, prune: false, verify:, record_summary: true)
+      deploy_resources(resources, prune: prune, verify: verify, record_summary: record_summary)
+    end
+    measure_method(:deploy_all_resources, 'normal_resources.duration')
     def apply_all(resources, prune)
       return unless resources.present?
       command = %w(apply)
@@ -421,6 +437,7 @@ module KubernetesDeploy
         end
       end
     end
+    measure_method(:apply_all)
     def log_pruning(kubectl_output)
       pruned = kubectl_output.scan(/^(.*) pruned$/)
@@ -446,8 +463,9 @@ module KubernetesDeploy
       end
       if unidentified_errors.present?
-        msg = "#{ColorizedString.new('Unidentified error(s):').red}\n#{indent_four(unidentified_errors.join)}"
-        @logger.summary.add_paragraph(msg)
+        heading = ColorizedString.new('Unidentified error(s):').red
+        msg = FormattedLogger.indent_four(unidentified_errors.join)
+        @logger.summary.add_paragraph("#{heading}\n#{msg}")
       end
     end