kubernetes-deploy 0.29.0 → 0.30.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a0641a291f2f01c007051cf5001bc97ecb9216b55e7204d954c920083e0d303a
-  data.tar.gz: 2c2415cfd94a63f046b94e90c943a7f9e01a46207833c1d5d2a498ceeb1ff333
+  metadata.gz: 4e7827354d151cb81a0955882abede556706c6e82faabad54e4b44d36746927f
+  data.tar.gz: '083dd77e75f92608d6c04c59a8edab5dbc35da3725e3cddc7fee99706c3655d7'
 SHA512:
-  metadata.gz: 18a4e86f4f144dfa23ebc191b7d06382605ada3b050e8e1c9e717cbc9db981f16b419fb27a342f4e1267663f8f82fb12bcebfe0697c9ac4ac40c15108ab73072
-  data.tar.gz: 314bdadd3d8f864895c13e81193845f4632fa46dc23550f12955a5ffe7a7b15ed3df1e12d769d5aefdb8ee4b7e5c3e3e13d5f8378f5c828a2e4bf3c04db8c56c
+  metadata.gz: 8ee6de674126f680b470b35f33c08056095284fd29ee5a267781172b170e4de39f77d442a4e530d44ecee46ddd35a5323821f2dafbe20618aa7d0e30135eb801
+  data.tar.gz: 1746664b8c13c7c8bc64f2c6903bb62761b13f8d45e6177f82338776c2d67f3979d9e80b8a38b15290b7818d473b2967d18e1a8784cf72c30880c64f40ff5f6d

data/CHANGELOG.md

@@ -3,11 +3,29 @@
 *Important!*
 - The next release will be 1.0.0, which means that master will contain breaking changes.
 
+## 0.30.0
+
+*Enhancements*
+- **[Breaking change]** Added PersistentVolumeClaim to the prune whitelist. ([#573](https://github.com/Shopify/kubernetes-deploy/pull/573))
+  * To see what resources may be affected, run `kubectl get pvc -o jsonpath='{ range .items[*] }{.metadata.namespace}{ "\t" }{.metadata.name}{ "\t" }{.metadata.annotations}{ "\n" }{ end }' --all-namespaces | grep "last-applied"`
+  * To exclude a resource from kubernetes-deploy (and kubectl apply) management, remove the last-applied annotation `kubectl annotate pvc $PVC_NAME kubectl.kubernetes.io/last-applied-configuration-`.
+- Deploying global resources directly from `KubernetesDeploy::DeployTask` is disabled by default. You can use `allow_globals: true` to enable the old behavior. This will be disabled in the Krane version of the task, and a separate purpose-built task will be provided. [#567](https://github.com/Shopify/kubernetes-deploy/pull/567)
+- Deployments to daemonsets now better tolerate autoscaling: nodes that appear mid-deploy aren't required for convergence. [#580](https://github.com/Shopify/kubernetes-deploy/pull/580)
+
+## 0.29.0
+
+*Enhancements*
+- The KubernetesDeploy::RenderTask now supports a template_paths argument. ([#555](https://github.com/Shopify/kubernetes-deploy/pull/546))
+- We no longer hide errors from apply if all sensitive resources have passed server-dry-run validation. ([#570](https://github.com/Shopify/kubernetes-deploy/pull/570))
+
+
 *Bug Fixes*
 - Handle improper duration values more elegantly with better messaging
 
+
 *Other*
 - We now require Ruby 2.4.x since Ruby 2.3 is past EoL.
+- Lock statsd-instrument to 2.3.X due to breaking changes in 2.5.0
 
 ## 0.28.0
 

data/Gemfile

@@ -13,3 +13,4 @@ gem 'codecov', require: false
 gem 'ruby-prof', require: false
 gem 'ruby-prof-flamegraph', require: false
 gem 'minitest-reporters'
+gem 'yard', require: false

data/README.md

@@ -47,6 +47,7 @@ This repo also includes related tools for [running tasks](#kubernetes-run) and [
   * [Running tasks at the beginning of a deploy](#running-tasks-at-the-beginning-of-a-deploy)
   * [Deploying Kubernetes secrets (from EJSON)](#deploying-kubernetes-secrets-from-ejson)
   * [Deploying custom resources](#deploying-custom-resources)
+* [Walk through the steps of a deployment](#deploy-walkthrough)
 
 **KUBERNETES-RESTART**
 * [Usage](#usage-1)
@@ -420,6 +421,89 @@ status:
 - `$.status.conditions[?(@.type == "Failed")].status == "True"` means that a failure condition has been fulfilled and the resource is considered failed.
 - Since `error_msg_path` is specified, kubernetes-deploy will log the contents of `$.status.conditions[?(@.type == "Failed")].message`, which in this case is: `resource is failed`.
 
+### Deploy walkthrough
+
+Let's walk through what happens when you run the `deploy` task with [this directory of templates](https://github.com/Shopify/kubernetes-deploy/tree/master/test/fixtures/hello-cloud). You can see this for yourself by running the following command:
+
+```bash
+krane deploy my-namespace my-k8s-cluster -f test/fixtures/hello-cloud --render-erb
+```
+
+As soon as you run this, you'll start seeing some output being streamed to STDERR.
+
+#### Phase 1: Initializing deploy
+
+In this phase, we:
+
+- Perform basic validation to ensure we can proceed with the deploy. This includes checking if we can reach the context, if the context is valid, if the namespace exists within the context, and more. We try to validate as much as we can before trying to ship something because we want to avoid having an incomplete deploy in case of a failure (this is especially important because there's no rollback support).
+- List out all the resources we want to deploy (as described in the template files we used).
+- Render ERB templates and apply partials, if enabled (which is the case for this example). If enabled, we also perform basic validation on the parsed templates.
+
+#### Phase 2: Checking initial resource statuses
+
+In this phase, we check resource statuses. For each resource listed in the previous step, we check Kubernetes for their status; in the first deploy this might show a bunch of items as "Not Found", but for the deploy of a new version, this is an example of what it could look like:
+
+```
+Certificate/services-foo-tls     Exists
+Cloudsql/foo-production          Provisioned
+Deployment/jobs                  3 replicas, 3 updatedReplicas, 3 availableReplicas
+Deployment/web                   3 replicas, 3 updatedReplicas, 3 availableReplicas
+Ingress/web                      Created
+Memcached/foo-production         Healthy
+Pod/db-migrate-856359            Unknown
+Pod/upload-assets-856359         Unknown
+Redis/foo-production             Healthy
+Service/web                      Selects at least 1 pod
+```
+
+The next phase might be either "Predeploying priority resources" (if there's any) or "Deploying all resources". In this example we'll go through the former, as we do have predeployable resources.
+
+#### Phase 3: Predeploying priority resources
+
+This is the first phase that could modify the cluster.
+
+In this phase we predeploy certain types of resources (e.g. `ConfigMap`, `PersistentVolumeClaim`, `Secret`, ...) to make sure the latest version will be available when resources that might consume them (e.g. `Deployment`) are deployed. This phase will be skipped if the templates don't include any resources that would need to be predeployed.
+
+When this runs, we essentially run `kubectl apply` on those templates and periodically check the cluster for the current status of each resource so we can display error or success information. This will look different depending on the type of resource. If you're running the command described above, you should see something like this in the output:
+
+```
+Deploying ConfigMap/hello-cloud-configmap-data (timeout: 30s)
+Successfully deployed in 0.2s: ConfigMap/hello-cloud-configmap-data
+
+Deploying PersistentVolumeClaim/hello-cloud-redis (timeout: 300s)
+Successfully deployed in 3.3s: PersistentVolumeClaim/hello-cloud-redis
+
+Deploying Role/role (timeout: 300s)
+Don't know how to monitor resources of type Role. Assuming Role/role deployed successfully.
+Successfully deployed in 0.2s: Role/role
+```
+
+As you can see, different types of resources might have different timeout values and different success criteria; in some specific cases (such as with Role) we might not know how to confirm success or failure, so we use a higher timeout value and assume it did work.
+
+#### Phase 4: Deploying all resources
+
+In this phase, we:
+
+- Deploy all resources found in the templates, including resources that were predeployed in the previous step (which should be treated as a no-op by Kubernetes). We deploy everything so the pruning logic (described below) doesn't remove any predeployed resources.
+- Prune resources not found in the templates (you can disable this by using `--no-prune`).
+
+Just like in the previous phase, we essentially run `kubectl apply` on those templates and periodically check the cluster for the current status of each resource so we can display error or success information.
+
+If pruning is enabled (which, again, is the default), any [resource which type is listed in `DeployTask.prune_whitelist`](https://github.com/Shopify/kubernetes-deploy/blob/ac42ad7c8c4f6f6b27e706d6642ebe002ca1f683/lib/kubernetes-deploy/deploy_task.rb#L80-L104) that we can find in the namespace but not in the templates will be removed. A particular message about pruning will be printed in the next phase if any resource matches this criteria.
+
+#### Result
+
+The result section will show:
+- A global status: if **all** resources were deployed successfully, this will show up as "SUCCESS"; if at least one resource failed to deploy (due to an error or timeout), this will show up as "FAILURE".
+- A list of resources and their individual status: this will show up as something like "Available", "Created", and "1 replica, 1 availableReplica, 1 readyReplica".
+
+At this point the command also returns a status code:
+- If it was a success, `0`
+- If there was a timeout, `70`
+- If any other failure happened, `1`
+
+**On timeouts**: It's important to notice that a single resource timeout or a global deploy timeout doesn't necessarily mean that the operation failed. Since Kubernetes updates are asynchronous, maybe something was just too slow to return in the configured time; in those cases, usually running the deploy again might work (that should be a no-op for most - if not all - resources).
+
 # kubernetes-restart
 
 `kubernetes-restart` is a tool for restarting all of the pods in one or more deployments. It triggers the restart by touching the `RESTARTED_AT` environment variable in the deployment's podSpec. The rollout strategy defined for each deployment will be respected by the restart.

data/dev.yml

@@ -24,3 +24,5 @@ commands:
     syntax:
       optional:
         argument: TEST_REGEX
+  doc:
+    run: bundle exec yard doc

data/exe/kubernetes-deploy

@@ -78,6 +78,7 @@ begin
       logger: logger,
       max_watch_seconds: max_watch_seconds,
       selector: selector,
+      allow_globals: true
     )
 
     runner.run!(

data/lib/krane/cli/deploy_command.rb

@@ -33,7 +33,7 @@ module Krane
       }
 
       def self.from_options(namespace, context, options)
-        require 'kubernetes-deploy/deploy_task'
+        require 'krane/deploy_task'
         require 'kubernetes-deploy/options_helper'
         require 'kubernetes-deploy/bindings_parser'
         require 'kubernetes-deploy/label_selector'
@@ -53,7 +53,7 @@ module Krane
 
         KubernetesDeploy::OptionsHelper.with_processed_template_paths([options[:filenames]],
           require_explicit_path: true) do |paths|
-          deploy = KubernetesDeploy::DeployTask.new(
+          deploy = ::Krane::DeployTask.new(
             namespace: namespace,
             context: context,
             current_sha: ENV["REVISION"],

data/lib/krane/cli/run_command.rb

@@ -22,7 +22,7 @@ module Krane
         "template" => {
           type: :string,
           desc: "The template file you'll be rendering",
-          default: 'task-runner-template',
+          required: true,
         },
         "env-vars" => {
           type: :string,

data/lib/krane/deploy_task.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'kubernetes-deploy/deploy_task'
+
+module Krane
+  class DeployTask < KubernetesDeploy::DeployTask
+    def initialize(**args)
+      raise "Use Krane::DeployGlobalTask to deploy global resources" if args[:allow_globals]
+      super(args.merge(allow_globals: false))
+    end
+  end
+end

data/lib/kubernetes-deploy/cluster_resource_discovery.rb

@@ -2,22 +2,45 @@
 
 module KubernetesDeploy
   class ClusterResourceDiscovery
-    def initialize(namespace:, context:, logger:, namespace_tags:)
-      @namespace = namespace
-      @context = context
-      @logger = logger
+    delegate :namespace, :context, :logger, to: :@task_config
+
+    def initialize(task_config:, namespace_tags: [])
+      @task_config = task_config
       @namespace_tags = namespace_tags
     end
 
     def crds
       @crds ||= fetch_crds.map do |cr_def|
-        CustomResourceDefinition.new(namespace: @namespace, context: @context, logger: @logger,
+        CustomResourceDefinition.new(namespace: namespace, context: context, logger: logger,
           definition: cr_def, statsd_tags: @namespace_tags)
       end
     end
 
+    def global_resource_kinds
+      @globals ||= fetch_globals.map { |g| g["kind"] }
+    end
+
     private
 
+    def fetch_globals
+      raw, _, st = kubectl.run("api-resources", "--namespaced=false", output: "wide", attempts: 5)
+      if st.success?
+        rows = raw.split("\n")
+        header = rows[0]
+        resources = rows[1..-1]
+        full_width_field_names = header.downcase.scan(/[a-z]+[\W]*/)
+        cursor = 0
+        fields = full_width_field_names.each_with_object({}) do |name, hash|
+          start = cursor
+          cursor = start + name.length
+          hash[name.strip] = [start, cursor - 1]
+        end
+        resources.map { |r| fields.map { |k, (s, e)| [k.strip, r[s..e].strip] }.to_h }
+      else
+        []
+      end
+    end
+
     def fetch_crds
       raw_json, _, st = kubectl.run("get", "CustomResourceDefinition", output: "json", attempts: 5)
       if st.success?
@@ -28,7 +51,7 @@ module KubernetesDeploy
     end
 
     def kubectl
-      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: true)
+      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
     end
   end
 end

data/lib/kubernetes-deploy/container_logs.rb

@@ -59,7 +59,8 @@ module KubernetesDeploy
     end
 
     def kubectl
-      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: false)
+      task_config = TaskConfig.new(@context, @namespace, @logger)
+      @kubectl ||= Kubectl.new(task_config: task_config, log_failure_by_default: false)
     end
 
     def rfc3339_timestamp(time)

data/lib/kubernetes-deploy/deploy_task.rb

@@ -40,8 +40,10 @@ require 'kubernetes-deploy/ejson_secret_provisioner'
 require 'kubernetes-deploy/renderer'
 require 'kubernetes-deploy/cluster_resource_discovery'
 require 'kubernetes-deploy/template_sets'
+require 'kubernetes-deploy/deploy_task_config_validator'
 
 module KubernetesDeploy
+  # Ship resources to a namespace
   class DeployTask
     extend KubernetesDeploy::StatsD::MeasureMethods
 
@@ -84,13 +86,14 @@ module KubernetesDeploy
         core/v1/Secret
         core/v1/ServiceAccount
         core/v1/PodTemplate
+        core/v1/PersistentVolumeClaim
         batch/v1/Job
-        extensions/v1beta1/ReplicaSet
-        extensions/v1beta1/DaemonSet
-        extensions/v1beta1/Deployment
+        apps/v1/ReplicaSet
+        apps/v1/DaemonSet
+        apps/v1/Deployment
         extensions/v1beta1/Ingress
         networking.k8s.io/v1/NetworkPolicy
-        apps/v1beta1/StatefulSet
+        apps/v1/StatefulSet
         autoscaling/v1/HorizontalPodAutoscaler
         policy/v1beta1/PodDisruptionBudget
         batch/v1beta1/CronJob
@@ -104,9 +107,24 @@ module KubernetesDeploy
       kubectl.server_version
     end
 
+    # Initializes the deploy task
+    #
+    # @param namespace [String] Kubernetes namespace
+    # @param context [String] Kubernetes context
+    # @param current_sha [String] The SHA of the commit
+    # @param logger [Object] Logger object (defaults to an instance of KubernetesDeploy::FormattedLogger)
+    # @param kubectl_instance [Kubectl] Kubectl instance
+    # @param bindings [Hash] Bindings parsed by KubernetesDeploy::BindingsParser
+    # @param max_watch_seconds [Integer] Timeout in seconds
+    # @param selector [Hash] Selector(s) parsed by KubernetesDeploy::LabelSelector
+    # @param template_paths [Array<String>] An array of template paths
+    # @param template_dir [String] Path to a directory with templates (deprecated)
+    # @param protected_namespaces [Array<String>] Array of protected Kubernetes namespaces (defaults
+    #   to KubernetesDeploy::DeployTask::PROTECTED_NAMESPACES)
+    # @param render_erb [Boolean] Enable ERB rendering
     def initialize(namespace:, context:, current_sha:, logger: nil, kubectl_instance: nil, bindings: {},
       max_watch_seconds: nil, selector: nil, template_paths: [], template_dir: nil, protected_namespaces: nil,
-      render_erb: true)
+      render_erb: true, allow_globals: false)
       template_dir = File.expand_path(template_dir) if template_dir
       template_paths = (template_paths.map { |path| File.expand_path(path) } << template_dir).compact
 
@@ -123,8 +141,12 @@ module KubernetesDeploy
       @selector = selector
       @protected_namespaces = protected_namespaces || PROTECTED_NAMESPACES
       @render_erb = render_erb
+      @allow_globals = allow_globals
     end
 
+    # Runs the task, returning a boolean representing success or failure
+    #
+    # @return [Boolean]
     def run(*args)
       run!(*args)
       true
@@ -132,6 +154,13 @@ module KubernetesDeploy
       false
     end
 
+    # Runs the task, raising exceptions in case of issues
+    #
+    # @param verify_result [Boolean] Wait for completion and verify success
+    # @param allow_protected_ns [Boolean] Enable deploying to protected namespaces
+    # @param prune [Boolean] Enable deletion of resources that do not appear in the template dir
+    #
+    # @return [nil]
     def run!(verify_result: true, allow_protected_ns: false, prune: true)
       start = Time.now.utc
       @logger.reset
@@ -195,15 +224,17 @@ module KubernetesDeploy
 
     private
 
+    def global_resource_names
+      cluster_resource_discoverer.global_resource_kinds
+    end
+
     def kubeclient_builder
       @kubeclient_builder ||= KubeclientBuilder.new
     end
 
     def cluster_resource_discoverer
       @cluster_resource_discoverer ||= ClusterResourceDiscovery.new(
-        namespace: @namespace,
-        context: @context,
-        logger: @logger,
+        task_config: @task_config,
         namespace_tags: @namespace_tags
       )
     end
@@ -211,11 +242,9 @@ module KubernetesDeploy
     def ejson_provisioners
       @ejson_provisoners ||= @template_sets.ejson_secrets_files.map do |ejson_secret_file|
         EjsonSecretProvisioner.new(
-          namespace: @namespace,
-          context: @context,
+          task_config: @task_config,
           ejson_keys_secret: ejson_keys_secret,
           ejson_file: ejson_secret_file,
-          logger: @logger,
           statsd_tags: @namespace_tags,
           selector: @selector,
         )
@@ -261,18 +290,38 @@ module KubernetesDeploy
       end
 
       failed_resources = resources.select(&:validation_failed?)
-      return unless failed_resources.present?
+      if failed_resources.present?
 
-      failed_resources.each do |r|
-        content = File.read(r.file_path) if File.file?(r.file_path) && !r.sensitive_template_content?
-        record_invalid_template(err: r.validation_error_msg, filename: File.basename(r.file_path), content: content)
+        failed_resources.each do |r|
+          content = File.read(r.file_path) if File.file?(r.file_path) && !r.sensitive_template_content?
+          record_invalid_template(err: r.validation_error_msg, filename: File.basename(r.file_path), content: content)
+        end
+        raise FatalDeploymentError, "Template validation failed"
       end
-      raise FatalDeploymentError, "Template validation failed"
+      validate_globals(resources)
     end
     measure_method(:validate_resources)
 
+    def validate_globals(resources)
+      return unless (global = resources.select(&:global?).presence)
+      global_names = global.map do |resource|
+        "#{resource.name} (#{resource.type}) in #{File.basename(resource.file_path)}"
+      end
+      global_names = FormattedLogger.indent_four(global_names.join("\n"))
+
+      if @allow_globals
+        msg = "The ability for this task to deploy global resources will be removed in the next version,"\
+              " which will affect the following resources:"
+        msg += "\n#{global_names}"
+        @logger.summary.add_paragraph(ColorizedString.new(msg).yellow)
+      else
+        @logger.summary.add_paragraph(ColorizedString.new("Global resources:\n#{global_names}").yellow)
+        raise FatalDeploymentError, "This command is namespaced and cannot be used to deploy global resources."
+      end
+    end
+
     def check_initial_status(resources)
-      cache = ResourceCache.new(@namespace, @context, @logger)
+      cache = ResourceCache.new(@task_config)
       KubernetesDeploy::Concurrency.split_across_threads(resources) { |r| r.sync(cache) }
       resources.each { |r| @logger.info(r.pretty_status) }
     end
@@ -290,7 +339,7 @@ module KubernetesDeploy
           current_sha: @current_sha, bindings: @bindings) do |r_def|
         crd = crds_by_kind[r_def["kind"]]&.first
         r = KubernetesResource.build(namespace: @namespace, context: @context, logger: @logger, definition: r_def,
-          statsd_tags: @namespace_tags, crd: crd)
+          statsd_tags: @namespace_tags, crd: crd, global_names: global_resource_names)
         resources << r
         @logger.info("  - #{r.id}")
       end
@@ -300,10 +349,6 @@ module KubernetesDeploy
         @logger.info("  - #{secret.id} (from ejson)")
       end
 
-      if (global = resources.select(&:global?).presence)
-        @logger.warn("Detected non-namespaced #{'resource'.pluralize(global.count)} which will never be pruned:")
-        global.each { |r| @logger.warn("  - #{r.id}") }
-      end
       resources.sort
     rescue InvalidTemplateError => e
       record_invalid_template(err: e.message, filename: e.filename, content: e.content)
@@ -331,36 +376,17 @@ module KubernetesDeploy
     end
 
     def validate_configuration(allow_protected_ns:, prune:)
+      task_config_validator = DeployTaskConfigValidator.new(@protected_namespaces, allow_protected_ns, prune,
+        @task_config, kubectl, kubeclient_builder)
       errors = []
-      errors += kubeclient_builder.validate_config_files
+      errors += task_config_validator.errors
       errors += @template_sets.validate
-
-      if @namespace.blank?
-        errors << "Namespace must be specified"
-      elsif @protected_namespaces.include?(@namespace)
-        if allow_protected_ns && prune
-          errors << "Refusing to deploy to protected namespace '#{@namespace}' with pruning enabled"
-        elsif allow_protected_ns
-          @logger.warn("You're deploying to protected namespace #{@namespace}, which cannot be pruned.")
-          @logger.warn("Existing resources can only be removed manually with kubectl. " \
-            "Removing templates from the set deployed will have no effect.")
-          @logger.warn("***Please do not deploy to #{@namespace} unless you really know what you are doing.***")
-        else
-          errors << "Refusing to deploy to protected namespace '#{@namespace}'"
-        end
-      end
-
-      if @context.blank?
-        errors << "Context must be specified"
-      end
-
       unless errors.empty?
+        @logger.summary.add_action("Configuration invalid")
         @logger.summary.add_paragraph(errors.map { |err| "- #{err}" }.join("\n"))
-        raise FatalDeploymentError, "Configuration invalid"
+        raise KubernetesDeploy::TaskConfigurationError
       end
 
-      confirm_context_exists
-      confirm_namespace_exists
       confirm_ejson_keys_not_prunable if prune
       @logger.info("Using resource selector #{@selector}") if @selector
       @namespace_tags |= tags_from_namespace_labels
@@ -415,8 +441,8 @@ module KubernetesDeploy
       apply_all(applyables, prune)
 
       if verify
-        watcher = ResourceWatcher.new(resources: resources, logger: @logger, deploy_started_at: deploy_started_at,
-          timeout: @max_watch_seconds, namespace: @namespace, context: @context, sha: @current_sha)
+        watcher = ResourceWatcher.new(resources: resources, deploy_started_at: deploy_started_at,
+          timeout: @max_watch_seconds, task_config: @task_config, sha: @current_sha)
         watcher.run(record_summary: record_summary)
       end
     end
@@ -528,37 +554,6 @@ module KubernetesDeploy
       end
     end
 
-    def confirm_context_exists
-      out, err, st = kubectl.run("config", "get-contexts", "-o", "name",
-        use_namespace: false, use_context: false, log_failure: false)
-      available_contexts = out.split("\n")
-      if !st.success?
-        raise FatalDeploymentError, err
-      elsif !available_contexts.include?(@context)
-        raise FatalDeploymentError, "Context #{@context} is not available. Valid contexts: #{available_contexts}"
-      end
-      confirm_cluster_reachable
-      @logger.info("Context #{@context} found")
-    end
-
-    def confirm_cluster_reachable
-      success = false
-      with_retries(2) do
-        begin
-          success = kubectl.version_info
-        rescue KubectlError
-          success = false
-        end
-      end
-      raise FatalDeploymentError, "Failed to reach server for #{@context}" unless success
-      TaskConfigValidator.new(@task_config, kubectl, kubeclient_builder, only: [:validate_server_version]).valid?
-    end
-
-    def confirm_namespace_exists
-      raise FatalDeploymentError, "Namespace #{@namespace} not found" unless namespace_definition.present?
-      @logger.info("Namespace #{@namespace} found")
-    end
-
     def namespace_definition
       @namespace_definition ||= begin
         definition, _err, st = kubectl.run("get", "namespace", @namespace, use_namespace: false,
@@ -587,7 +582,7 @@ module KubernetesDeploy
     end
 
     def kubectl
-      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: true)
+      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
     end
 
     def ejson_keys_secret

data/lib/kubernetes-deploy/deploy_task_config_validator.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  class DeployTaskConfigValidator < TaskConfigValidator
+    def initialize(protected_namespaces, allow_protected_ns, prune, *arguments)
+      super(*arguments)
+      @protected_namespaces = protected_namespaces
+      @allow_protected_ns = allow_protected_ns
+      @prune = prune
+      @validations += %i(validate_protected_namespaces)
+    end
+
+    private
+
+    def validate_protected_namespaces
+      if @protected_namespaces.include?(namespace)
+        if @allow_protected_ns && @prune
+          @errors << "Refusing to deploy to protected namespace '#{namespace}' with pruning enabled"
+        elsif @allow_protected_ns
+          logger.warn("You're deploying to protected namespace #{namespace}, which cannot be pruned.")
+          logger.warn("Existing resources can only be removed manually with kubectl. " \
+            "Removing templates from the set deployed will have no effect.")
+          logger.warn("***Please do not deploy to #{namespace} unless you really know what you are doing.***")
+        else
+          @errors << "Refusing to deploy to protected namespace '#{namespace}'"
+        end
+      end
+    end
+  end
+end

data/lib/kubernetes-deploy/duration_parser.rb

@@ -3,12 +3,10 @@
 require 'active_support/duration'
 
 module KubernetesDeploy
-  ##
   # This class is a less strict extension of ActiveSupport::Duration::ISO8601Parser.
   # In addition to full ISO8601 durations, it can parse unprefixed ISO8601 time components (e.g. '1H').
   # It is also case-insensitive.
   # For example, this class considers the values "1H", "1h" and "PT1H" to be valid and equivalent.
-
   class DurationParser
     class ParsingError < ArgumentError; end
 

data/lib/kubernetes-deploy/ejson_secret_provisioner.rb

@@ -16,19 +16,16 @@ module KubernetesDeploy
     EJSON_SECRET_KEY = "kubernetes_secrets"
     EJSON_SECRETS_FILE = "secrets.ejson"
     EJSON_KEYS_SECRET = "ejson-keys"
+    delegate :namespace, :context, :logger, to: :@task_config
 
-    def initialize(namespace:, context:, ejson_keys_secret:, ejson_file:, logger:, statsd_tags:, selector: nil)
-      @namespace = namespace
-      @context = context
+    def initialize(task_config:, ejson_keys_secret:, ejson_file:, statsd_tags:, selector: nil)
       @ejson_keys_secret = ejson_keys_secret
       @ejson_file = ejson_file
-      @logger = logger
       @statsd_tags = statsd_tags
       @selector = selector
+      @task_config = task_config
       @kubectl = Kubectl.new(
-        namespace: @namespace,
-        context: @context,
-        logger: @logger,
+        task_config: @task_config,
         log_failure_by_default: false,
         output_is_sensitive_default: true # output may contain ejson secrets
       )
@@ -48,7 +45,7 @@ module KubernetesDeploy
       with_decrypted_ejson do |decrypted|
         secrets = decrypted[EJSON_SECRET_KEY]
         unless secrets.present?
-          @logger.warn("#{EJSON_SECRETS_FILE} does not have key #{EJSON_SECRET_KEY}."\
+          logger.warn("#{EJSON_SECRETS_FILE} does not have key #{EJSON_SECRET_KEY}."\
             "No secrets will be created.")
           return []
         end
@@ -108,14 +105,14 @@ module KubernetesDeploy
         'metadata' => {
           "name" => secret_name,
           "labels" => labels,
-          "namespace" => @namespace,
+          "namespace" => namespace,
           "annotations" => { EJSON_SECRET_ANNOTATION => "true" },
         },
         "data" => encoded_data,
       }
 
       KubernetesDeploy::Secret.build(
-        namespace: @namespace, context: @context, logger: @logger, definition: secret, statsd_tags: @statsd_tags,
+        namespace: namespace, context: context, logger: logger, definition: secret, statsd_tags: @statsd_tags,
       )
     end
 

data/lib/kubernetes-deploy/kubectl.rb

@@ -13,30 +13,28 @@ module KubernetesDeploy
 
     class ResourceNotFoundError < StandardError; end
 
-    def initialize(namespace:, context:, logger:, log_failure_by_default:, default_timeout: DEFAULT_TIMEOUT,
+    delegate :namespace, :context, :logger, to: :@task_config
+
+    def initialize(task_config:, log_failure_by_default:, default_timeout: DEFAULT_TIMEOUT,
       output_is_sensitive_default: false)
-      @namespace = namespace
-      @context = context
-      @logger = logger
+      @task_config = task_config
       @log_failure_by_default = log_failure_by_default
       @default_timeout = default_timeout
       @output_is_sensitive_default = output_is_sensitive_default
-
-      raise ArgumentError, "namespace is required" if namespace.blank?
-      raise ArgumentError, "context is required" if context.blank?
     end
 
     def run(*args, log_failure: nil, use_context: true, use_namespace: true, output: nil,
       raise_if_not_found: false, attempts: 1, output_is_sensitive: nil, retry_whitelist: nil)
+      raise ArgumentError, "namespace is required" if namespace.blank? && use_namespace
       log_failure = @log_failure_by_default if log_failure.nil?
       output_is_sensitive = @output_is_sensitive_default if output_is_sensitive.nil?
       cmd = build_command_from_options(args, use_namespace, use_context, output)
       out, err, st = nil
 
       (1..attempts).to_a.each do |current_attempt|
-        @logger.debug("Running command (attempt #{current_attempt}): #{cmd.join(' ')}")
+        logger.debug("Running command (attempt #{current_attempt}): #{cmd.join(' ')}")
         out, err, st = Open3.capture3(*cmd)
-        @logger.debug("Kubectl out: " + out.gsub(/\s+/, ' ')) unless output_is_sensitive
+        logger.debug("Kubectl out: " + out.gsub(/\s+/, ' ')) unless output_is_sensitive
 
         break if st.success?
         raise(ResourceNotFoundError, err) if err.match(ERROR_MATCHERS[:not_found]) && raise_if_not_found
@@ -49,12 +47,12 @@ module KubernetesDeploy
           else
             "The following command failed and cannot be retried"
           end
-          @logger.warn("#{warning}: #{Shellwords.join(cmd)}")
-          @logger.warn(err) unless output_is_sensitive
+          logger.warn("#{warning}: #{Shellwords.join(cmd)}")
+          logger.warn(err) unless output_is_sensitive
         else
-          @logger.debug("Kubectl err: #{output_is_sensitive ? '<suppressed sensitive output>' : err}")
+          logger.debug("Kubectl err: #{output_is_sensitive ? '<suppressed sensitive output>' : err}")
         end
-        StatsD.increment('kubectl.error', 1, tags: { context: @context, namespace: @namespace, cmd: cmd[1] })
+        StatsD.increment('kubectl.error', 1, tags: { context: context, namespace: namespace, cmd: cmd[1] })
 
         break unless retriable_err?(err, retry_whitelist) && current_attempt < attempts
         sleep(retry_delay(current_attempt))
@@ -93,8 +91,8 @@ module KubernetesDeploy
 
     def build_command_from_options(args, use_namespace, use_context, output)
       cmd = ["kubectl"] + args
-      cmd.push("--namespace=#{@namespace}")              if use_namespace
-      cmd.push("--context=#{@context}")                  if use_context
+      cmd.push("--namespace=#{namespace}")              if use_namespace
+      cmd.push("--context=#{context}")                  if use_context
       cmd.push("--output=#{output}")                     if output
       cmd.push("--request-timeout=#{@default_timeout}")  if @default_timeout
       cmd

data/lib/kubernetes-deploy/kubernetes_resource.rb

@@ -10,7 +10,7 @@ require 'kubernetes-deploy/rollout_conditions'
 module KubernetesDeploy
   class KubernetesResource
     attr_reader :name, :namespace, :context
-    attr_writer :type, :deploy_started_at
+    attr_writer :type, :deploy_started_at, :global
 
     GLOBAL = false
     TIMEOUT = 5.minutes
@@ -40,7 +40,7 @@ module KubernetesDeploy
     SERVER_DRY_RUNNABLE = false
 
     class << self
-      def build(namespace:, context:, definition:, logger:, statsd_tags:, crd: nil)
+      def build(namespace:, context:, definition:, logger:, statsd_tags:, crd: nil, global_names: [])
         validate_definition_essentials(definition)
         opts = { namespace: namespace, context: context, definition: definition, logger: logger,
                  statsd_tags: statsd_tags }
@@ -50,8 +50,10 @@ module KubernetesDeploy
         if crd
           CustomResource.new(crd: crd, **opts)
         else
+          type = definition["kind"]
           inst = new(**opts)
-          inst.type = definition["kind"]
+          inst.type = type
+          inst.global = global_names.map(&:downcase).include?(type.downcase)
           inst
         end
       end
@@ -416,7 +418,7 @@ module KubernetesDeploy
     end
 
     def global?
-      self.class::GLOBAL
+      @global || self.class::GLOBAL
     end
 
     private

data/lib/kubernetes-deploy/kubernetes_resource/daemon_set.rb

@@ -8,6 +8,7 @@ module KubernetesDeploy
     def sync(cache)
       super
       @pods = exists? ? find_pods(cache) : []
+      @nodes = find_nodes(cache) if @nodes.blank?
     end
 
     def status
@@ -17,9 +18,9 @@ module KubernetesDeploy
 
     def deploy_succeeded?
       return false unless exists?
-      rollout_data["desiredNumberScheduled"].to_i == rollout_data["updatedNumberScheduled"].to_i &&
-      rollout_data["desiredNumberScheduled"].to_i == rollout_data["numberReady"].to_i &&
-      current_generation == observed_generation
+      current_generation == observed_generation &&
+        rollout_data["desiredNumberScheduled"].to_i == rollout_data["updatedNumberScheduled"].to_i &&
+        relevant_pods_ready?
     end
 
     def deploy_failed?
@@ -38,6 +39,34 @@ module KubernetesDeploy
 
     private
 
+    class Node
+      attr_reader :name
+
+      class << self
+        def kind
+          name.demodulize
+        end
+      end
+
+      def initialize(definition:)
+        @name = definition.dig("metadata", "name").to_s
+        @definition = definition
+      end
+    end
+
+    def relevant_pods_ready?
+      return true if rollout_data["desiredNumberScheduled"].to_i == rollout_data["numberReady"].to_i # all pods ready
+      relevant_node_names = @nodes.map(&:name)
+      considered_pods = @pods.select { |p| relevant_node_names.include?(p.node_name) }
+      @logger.debug("Considered #{considered_pods.size} pods out of #{@pods.size} for #{@nodes.size} nodes")
+      considered_pods.present? && considered_pods.all?(&:deploy_succeeded?)
+    end
+
+    def find_nodes(cache)
+      all_nodes = cache.get_all(Node.kind)
+      all_nodes.map { |node_data| Node.new(definition: node_data) }
+    end
+
     def rollout_data
       return { "currentNumberScheduled" => 0 } unless exists?
       @instance_data["status"]

data/lib/kubernetes-deploy/kubernetes_resource/pod.rb

@@ -101,6 +101,10 @@ module KubernetesDeploy
       exists? && !@stream_logs # don't print them a second time
     end
 
+    def node_name
+      @instance_data.dig('spec', 'nodeName')
+    end
+
     private
 
     def failed_schedule_reason

data/lib/kubernetes-deploy/render_task.rb

@@ -6,7 +6,15 @@ require 'kubernetes-deploy/renderer'
 require 'kubernetes-deploy/template_sets'
 
 module KubernetesDeploy
+  # Render templates
   class RenderTask
+    # Initializes the render task
+    #
+    # @param logger [Object] Logger object (defaults to an instance of KubernetesDeploy::FormattedLogger)
+    # @param current_sha [String] The SHA of the commit
+    # @param template_dir [String] Path to a directory with templates to render (deprecated)
+    # @param template_paths [Array<String>] An array of template paths to render
+    # @param bindings [Hash] Bindings parsed by KubernetesDeploy::BindingsParser
     def initialize(logger: nil, current_sha:, template_dir: nil, template_paths: [], bindings:)
       @logger = logger || KubernetesDeploy::FormattedLogger.build
       @template_dir = template_dir
@@ -15,6 +23,9 @@ module KubernetesDeploy
       @current_sha = current_sha
     end
 
+    # Runs the task, returning a boolean representing success or failure
+    #
+    # @return [Boolean]
     def run(*args)
       run!(*args)
       true
@@ -22,6 +33,12 @@ module KubernetesDeploy
       false
     end
 
+    # Runs the task, raising exceptions in case of issues
+    #
+    # @param stream [IO] Place to stream the output to
+    # @param only_filenames [Array<String>] List of filenames to render
+    #
+    # @return [nil]
     def run!(stream, only_filenames = [])
       @logger.reset
       @logger.phase_heading("Initializing render task")

data/lib/kubernetes-deploy/resource_cache.rb

@@ -4,14 +4,14 @@ require 'concurrent/hash'
 
 module KubernetesDeploy
   class ResourceCache
-    def initialize(namespace, context, logger)
-      @namespace = namespace
-      @context = context
-      @logger = logger
+    delegate :namespace, :context, :logger, to: :@task_config
+
+    def initialize(task_config)
+      @task_config = task_config
 
       @kind_fetcher_locks = Concurrent::Hash.new { |hash, key| hash[key] = Mutex.new }
       @data = Concurrent::Hash.new
-      @kubectl = Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: false)
+      @kubectl = Kubectl.new(task_config: @task_config, log_failure_by_default: false)
     end
 
     def get_instance(kind, resource_name, raise_if_not_found: false)
@@ -39,7 +39,7 @@ module KubernetesDeploy
     private
 
     def statsd_tags
-      { namespace: @namespace, context: @context }
+      { namespace: namespace, context: context }
     end
 
     def use_or_populate_cache(kind)

data/lib/kubernetes-deploy/resource_watcher.rb

@@ -6,18 +6,17 @@ require 'kubernetes-deploy/resource_cache'
 module KubernetesDeploy
   class ResourceWatcher
     extend KubernetesDeploy::StatsD::MeasureMethods
+    delegate :namespace, :context, :logger, to: :@task_config
 
-    def initialize(resources:, logger:, context:, namespace:,
-      deploy_started_at: Time.now.utc, operation_name: "deploy", timeout: nil, sha: nil)
+    def initialize(resources:, task_config:, deploy_started_at: Time.now.utc,
+      operation_name: "deploy", timeout: nil, sha: nil)
       unless resources.is_a?(Enumerable)
         raise ArgumentError, <<~MSG
           ResourceWatcher expects Enumerable collection, got `#{resources.class}` instead
         MSG
       end
       @resources = resources
-      @logger = logger
-      @namespace = namespace
-      @context = context
+      @task_config = task_config
       @deploy_started_at = deploy_started_at
       @operation_name = operation_name
       @timeout = timeout
@@ -53,7 +52,7 @@ module KubernetesDeploy
     private
 
     def sync_resources(resources)
-      cache = ResourceCache.new(@namespace, @context, @logger)
+      cache = ResourceCache.new(@task_config)
       KubernetesDeploy::Concurrency.split_across_threads(resources) { |r| r.sync(cache) }
       resources.each(&:after_sync)
     end
@@ -61,8 +60,8 @@ module KubernetesDeploy
 
     def statsd_tags
       {
-        namespace: @namespace,
-        context: @context,
+        namespace: namespace,
+        context: context,
         sha: @sha,
       }
     end
@@ -83,18 +82,18 @@ module KubernetesDeploy
       watch_time = (Time.now.utc - @deploy_started_at).round(1)
       new_failures.each do |resource|
         resource.report_status_to_statsd(watch_time)
-        @logger.error("#{resource.id} failed to #{@operation_name} after #{watch_time}s")
+        logger.error("#{resource.id} failed to #{@operation_name} after #{watch_time}s")
       end
 
       new_timeouts.each do |resource|
         resource.report_status_to_statsd(watch_time)
-        @logger.error("#{resource.id} rollout timed out after #{watch_time}s")
+        logger.error("#{resource.id} rollout timed out after #{watch_time}s")
       end
 
       if new_successes.present?
         new_successes.each { |r| r.report_status_to_statsd(watch_time) }
         success_string = ColorizedString.new("Successfully #{past_tense_operation} in #{watch_time}s:").green
-        @logger.info("#{success_string} #{new_successes.map(&:id).join(', ')}")
+        logger.info("#{success_string} #{new_successes.map(&:id).join(', ')}")
       end
     end
 
@@ -102,7 +101,7 @@ module KubernetesDeploy
       return unless resources.present?
       resource_list = resources.map(&:id).join(', ')
       msg = reminder ? "Still waiting for: #{resource_list}" : "Continuing to wait for: #{resource_list}"
-      @logger.info(msg)
+      logger.info(msg)
     end
 
     def report_and_give_up(remaining_resources)
@@ -130,34 +129,34 @@ module KubernetesDeploy
         timeouts, failures = failed_resources.partition(&:deploy_timed_out?)
         timeouts += global_timeouts
         if timeouts.present?
-          @logger.summary.add_action(
+          logger.summary.add_action(
             "timed out waiting for #{timeouts.length} #{'resource'.pluralize(timeouts.length)} to #{@operation_name}"
           )
         end
 
         if failures.present?
-          @logger.summary.add_action(
+          logger.summary.add_action(
             "failed to #{@operation_name} #{failures.length} #{'resource'.pluralize(failures.length)}"
           )
         end
 
-        kubectl = Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: false)
+        kubectl = Kubectl.new(task_config: @task_config, log_failure_by_default: false)
         KubernetesDeploy::Concurrency.split_across_threads(failed_resources + global_timeouts) do |r|
           r.sync_debug_info(kubectl)
         end
 
-        failed_resources.each { |r| @logger.summary.add_paragraph(r.debug_message) }
-        global_timeouts.each { |r| @logger.summary.add_paragraph(r.debug_message(:gave_up, timeout: @timeout)) }
+        failed_resources.each { |r| logger.summary.add_paragraph(r.debug_message) }
+        global_timeouts.each { |r| logger.summary.add_paragraph(r.debug_message(:gave_up, timeout: @timeout)) }
       end
     end
 
     def record_success_statuses(successful_resources)
       success_count = successful_resources.length
       if success_count > 0
-        @logger.summary.add_action("successfully #{past_tense_operation} #{success_count} "\
+        logger.summary.add_action("successfully #{past_tense_operation} #{success_count} "\
           "#{'resource'.pluralize(success_count)}")
         final_statuses = successful_resources.map(&:pretty_status).join("\n")
-        @logger.summary.add_paragraph("#{ColorizedString.new('Successful resources').green}\n#{final_statuses}")
+        logger.summary.add_paragraph("#{ColorizedString.new('Successful resources').green}\n#{final_statuses}")
       end
     end
 

data/lib/kubernetes-deploy/restart_task.rb

@@ -7,6 +7,7 @@ require 'kubernetes-deploy/resource_watcher'
 require 'kubernetes-deploy/kubectl'
 
 module KubernetesDeploy
+  # Restart the pods in one or more deployments
   class RestartTask
     class FatalRestartError < FatalDeploymentError; end
 
@@ -21,6 +22,12 @@ module KubernetesDeploy
     HTTP_OK_RANGE = 200..299
     ANNOTATION = "shipit.shopify.io/restart"
 
+    # Initializes the restart task
+    #
+    # @param context [String] Kubernetes context / cluster
+    # @param namespace [String] Kubernetes namespace
+    # @param logger [Object] Logger object (defaults to an instance of KubernetesDeploy::FormattedLogger)
+    # @param max_watch_seconds [Integer] Timeout in seconds
     def initialize(context:, namespace:, logger: nil, max_watch_seconds: nil)
       @logger = logger || KubernetesDeploy::FormattedLogger.build(namespace, context)
       @task_config = KubernetesDeploy::TaskConfig.new(context, namespace, @logger)
@@ -29,6 +36,9 @@ module KubernetesDeploy
       @max_watch_seconds = max_watch_seconds
     end
 
+    # Runs the task, returning a boolean representing success or failure
+    #
+    # @return [Boolean]
     def run(*args)
       perform!(*args)
       true
@@ -37,6 +47,13 @@ module KubernetesDeploy
     end
     alias_method :perform, :run
 
+    # Runs the task, raising exceptions in case of issues
+    #
+    # @param deployments_names [Array<String>] Array of workload names to restart
+    # @param selector [Hash] Selector(s) parsed by KubernetesDeploy::LabelSelector
+    # @param verify_result [Boolean] Wait for completion and verify success
+    #
+    # @return [nil]
     def run!(deployments_names = nil, selector: nil, verify_result: true)
       start = Time.now.utc
       @logger.reset
@@ -169,8 +186,8 @@ module KubernetesDeploy
     end
 
     def verify_restart(resources)
-      ResourceWatcher.new(resources: resources, logger: @logger, operation_name: "restart",
-        timeout: @max_watch_seconds, namespace: @namespace, context: @context).run
+      ResourceWatcher.new(resources: resources, operation_name: "restart",
+        timeout: @max_watch_seconds, task_config: @task_config).run
       failed_resources = resources.reject(&:deploy_succeeded?)
       success = failed_resources.empty?
       if !success && failed_resources.all?(&:deploy_timed_out?)
@@ -193,7 +210,7 @@ module KubernetesDeploy
     end
 
     def kubectl
-      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: true)
+      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
     end
 
     def v1beta1_kubeclient

data/lib/kubernetes-deploy/runner_task.rb

@@ -11,11 +11,18 @@ require 'kubernetes-deploy/kubernetes_resource/pod'
 require 'kubernetes-deploy/runner_task_config_validator'
 
 module KubernetesDeploy
+  # Run a pod that exits upon completing a task
   class RunnerTask
     class TaskTemplateMissingError < TaskConfigurationError; end
 
     attr_reader :pod_name
 
+    # Initializes the runner task
+    #
+    # @param namespace [String] Kubernetes namespace
+    # @param context [String] Kubernetes context / cluster
+    # @param logger [Object] Logger object (defaults to an instance of KubernetesDeploy::FormattedLogger)
+    # @param max_watch_seconds [Integer] Timeout in seconds
     def initialize(namespace:, context:, logger: nil, max_watch_seconds: nil)
       @logger = logger || KubernetesDeploy::FormattedLogger.build(namespace, context)
       @task_config = KubernetesDeploy::TaskConfig.new(context, namespace, @logger)
@@ -24,6 +31,9 @@ module KubernetesDeploy
       @max_watch_seconds = max_watch_seconds
     end
 
+    # Runs the task, returning a boolean representing success or failure
+    #
+    # @return [Boolean]
     def run(*args)
       run!(*args)
       true
@@ -31,6 +41,15 @@ module KubernetesDeploy
       false
     end
 
+    # Runs the task, raising exceptions in case of issues
+    #
+    # @param task_template [String] The template file you'll be rendering
+    # @param entrypoint [Array<String>] Override the default command in the container image
+    # @param args [Array<String>] Override the default arguments for the command
+    # @param env_vars [Array<String>] List of env vars
+    # @param verify_result [Boolean] Wait for completion and verify pod success
+    #
+    # @return [nil]
     def run!(task_template:, entrypoint:, args:, env_vars: [], verify_result: true)
       start = Time.now.utc
       @logger.reset
@@ -94,15 +113,15 @@ module KubernetesDeploy
     end
 
     def watch_pod(pod)
-      rw = ResourceWatcher.new(resources: [pod], logger: @logger, timeout: @max_watch_seconds,
-        operation_name: "run", namespace: @namespace, context: @context)
+      rw = ResourceWatcher.new(resources: [pod], timeout: @max_watch_seconds,
+        operation_name: "run", task_config: @task_config)
       rw.run(delay_sync: 1, reminder_interval: 30.seconds)
       raise DeploymentTimeoutError if pod.deploy_timed_out?
       raise FatalDeploymentError if pod.deploy_failed?
     end
 
     def record_status_once(pod)
-      cache = ResourceCache.new(@namespace, @context, @logger)
+      cache = ResourceCache.new(@task_config)
       pod.sync(cache)
       warning = <<~STRING
         #{ColorizedString.new('Result verification is disabled for this task.').yellow}
@@ -175,7 +194,7 @@ module KubernetesDeploy
     end
 
     def kubectl
-      @kubectl ||= Kubectl.new(namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: true)
+      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
     end
 
     def kubeclient

data/lib/kubernetes-deploy/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module KubernetesDeploy
-  VERSION = "0.29.0"
+  VERSION = "0.30.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kubernetes-deploy
 version: !ruby/object:Gem::Version
-  version: 0.29.0
+  version: 0.30.0
 platform: ruby
 authors:
 - Katrina Verey
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-09-30 00:00:00.000000000 Z
+date: 2019-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -279,6 +279,7 @@ files:
 - lib/krane/cli/restart_command.rb
 - lib/krane/cli/run_command.rb
 - lib/krane/cli/version_command.rb
+- lib/krane/deploy_task.rb
 - lib/kubernetes-deploy.rb
 - lib/kubernetes-deploy/bindings_parser.rb
 - lib/kubernetes-deploy/cluster_resource_discovery.rb
@@ -288,6 +289,7 @@ files:
 - lib/kubernetes-deploy/deferred_summary_logging.rb
 - lib/kubernetes-deploy/delayed_exceptions.rb
 - lib/kubernetes-deploy/deploy_task.rb
+- lib/kubernetes-deploy/deploy_task_config_validator.rb
 - lib/kubernetes-deploy/duration_parser.rb
 - lib/kubernetes-deploy/ejson_secret_provisioner.rb
 - lib/kubernetes-deploy/errors.rb