RubyGems - kuby-core - Versions diffs - 0.17.0 → 0.18.0 - Mend

kuby-core 0.17.0 → 0.18.0

Files changed (91) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +44 -0
data/Gemfile +6 -2
data/Rakefile +5 -3
data/bin/tapioca +29 -0
data/kuby-core.gemspec +9 -11
data/lib/kuby/basic_logger.rb +34 -34
data/lib/kuby/cli_base.rb +43 -43
data/lib/kuby/commands.rb +94 -11
data/lib/kuby/definition.rb +12 -12
data/lib/kuby/dependable.rb +20 -0
data/lib/kuby/dependency.rb +14 -0
data/lib/kuby/docker/alpine.rb +10 -10
data/lib/kuby/docker/app_image.rb +11 -11
data/lib/kuby/docker/app_phase.rb +36 -0
data/lib/kuby/docker/assets_phase.rb +2 -2
data/lib/kuby/docker/bundler_phase.rb +42 -40
data/lib/kuby/docker/cli.rb +71 -43
data/lib/kuby/docker/copy_phase.rb +7 -7
data/lib/kuby/docker/credentials.rb +1 -0
data/lib/kuby/docker/debian.rb +10 -10
data/lib/kuby/docker/distro.rb +13 -13
data/lib/kuby/docker/docker_uri.rb +20 -20
data/lib/kuby/docker/dockerfile.rb +48 -39
data/lib/kuby/docker/image.rb +66 -54
data/lib/kuby/docker/inline_layer.rb +4 -4
data/lib/kuby/docker/layer.rb +6 -6
data/lib/kuby/docker/layer_stack.rb +35 -35
data/lib/kuby/docker/local_tags.rb +16 -16
data/lib/kuby/docker/package_list.rb +16 -16
data/lib/kuby/docker/package_phase.rb +16 -16
data/lib/kuby/docker/packages/managed_package.rb +13 -13
data/lib/kuby/docker/packages/nodejs.rb +5 -5
data/lib/kuby/docker/packages/package.rb +8 -8
data/lib/kuby/docker/packages/simple_managed_package.rb +7 -7
data/lib/kuby/docker/packages/yarn.rb +6 -6
data/lib/kuby/docker/remote_tags.rb +16 -16
data/lib/kuby/docker/setup_phase.rb +18 -20
data/lib/kuby/docker/spec.rb +93 -72
data/lib/kuby/docker/timestamp_tag.rb +16 -11
data/lib/kuby/docker/timestamped_image.rb +59 -40
data/lib/kuby/docker/webserver_phase.rb +20 -20
data/lib/kuby/docker/yarn_phase.rb +29 -5
data/lib/kuby/docker.rb +2 -1
data/lib/kuby/kubernetes/bare_metal_provider.rb +9 -9
data/lib/kuby/kubernetes/deployer.rb +22 -10
data/lib/kuby/kubernetes/docker_config.rb +1 -0
data/lib/kuby/kubernetes/provider.rb +1 -0
data/lib/kuby/kubernetes/spec.rb +47 -7
data/lib/kuby/plugin.rb +22 -1
data/lib/kuby/plugins/nginx_ingress.rb +8 -6
data/lib/kuby/plugins/rails_app/assets.rb +16 -4
data/lib/kuby/plugins/rails_app/assets_image.rb +17 -8
data/lib/kuby/plugins/rails_app/crdb/plugin.rb +473 -0
data/lib/kuby/plugins/rails_app/crdb.rb +9 -0
data/lib/kuby/plugins/rails_app/database.rb +12 -8
data/lib/kuby/plugins/rails_app/generators/kuby.rb +17 -16
data/lib/kuby/plugins/rails_app/plugin.rb +29 -18
data/lib/kuby/plugins/rails_app/sqlite.rb +7 -3
data/lib/kuby/plugins/rails_app/tasks.rake +25 -12
data/lib/kuby/plugins/rails_app.rb +1 -0
data/lib/kuby/plugins/system.rb +16 -0
data/lib/kuby/plugins.rb +1 -0
data/lib/kuby/railtie.rb +31 -1
data/lib/kuby/tasks.rb +72 -5
data/lib/kuby/trailing_hash.rb +2 -2
data/lib/kuby/utils/sem_ver/constraint.rb +68 -0
data/lib/kuby/utils/sem_ver/constraint_set.rb +25 -0
data/lib/kuby/utils/sem_ver/version.rb +49 -0
data/lib/kuby/utils/sem_ver.rb +17 -0
data/lib/kuby/utils/which.rb +65 -0
data/lib/kuby/utils.rb +7 -1
data/lib/kuby/version.rb +1 -1
data/lib/kuby.rb +37 -2
data/rbi/kuby-core.rbi +2128 -0
data/spec/docker/spec_spec.rb +50 -26
data/spec/dummy/app/channels/application_cable/channel.rb +2 -1
data/spec/dummy/app/channels/application_cable/connection.rb +2 -1
data/spec/dummy/app/controllers/application_controller.rb +2 -1
data/spec/dummy/app/jobs/application_job.rb +2 -1
data/spec/dummy/app/mailers/application_mailer.rb +2 -1
data/spec/dummy/app/models/application_record.rb +2 -1
data/spec/dummy/config/application.rb +2 -1
data/spec/dummy/config/initializers/wrap_parameters.rb +2 -1
data/spec/dummy/config/routes.rb +2 -1
data/spec/dummy/test/application_system_test_case.rb +2 -1
data/spec/dummy/test/channels/application_cable/connection_test.rb +2 -1
data/spec/spec_helper.rb +13 -1
metadata +44 -39
data/lib/kuby/plugins/rails_app/mysql.rb +0 -158
data/lib/kuby/plugins/rails_app/postgres.rb +0 -163

data/lib/kuby/plugins/rails_app/crdb/plugin.rb ADDED Viewed

@@ -0,0 +1,473 @@
+# typed: ignore
+require 'fileutils'
+require 'kuby/crdb'
+require 'kube-dsl'
+module Kuby
+  module Plugins
+    module RailsApp
+      module CRDB
+        class Plugin < ::Kuby::Plugin
+          ROLE = 'web'.freeze
+          VERSION = '21.1.11'.freeze
+          BOOTSTRAP_TIMEOUT_INTERVAL = 2
+          BOOTSTRAP_TIMEOUT_TOTAL = 60
+          CLIENT_PERMISSIONS = %w(create drop select insert delete update).freeze
+          attr_reader :environment, :configs
+          def initialize(environment, configs)
+            @environment = environment
+            @configs = configs
+            add_client_user('root')
+            add_client_user(client_username)
+          end
+          def add_client_user(username, &block)
+            crdb = self
+            safe_username = slugify(username)
+            client_certs[username] ||= Kuby::CertManager.certificate do
+              api_version 'cert-manager.io/v1'
+              metadata do
+                name "#{crdb.base_name}-crdb-#{safe_username}-cert"
+                namespace crdb.kubernetes.namespace.metadata.name
+              end
+              spec do
+                common_name username
+                secret_name "#{crdb.base_name}-crdb-client-#{safe_username}-cert"
+                subject do
+                  organizations ['Kuby']
+                end
+                usages ['client auth']
+                duration "#{5 * 365 * 24}h"  # 5 years validity (in hours)
+                private_key do
+                  algorithm 'RSA'
+                  size 2048
+                end
+                issuer_ref do
+                  name crdb.issuer.metadata.name
+                  kind 'Issuer'
+                  group 'cert-manager.io'
+                end
+              end
+            end
+            client_certs[username].instance_eval(&block) if block
+            client_certs[username]
+          end
+          alias_method :configure_client_user, :add_client_user
+          def client_certs
+            @client_certs ||= {}
+          end
+          def name
+            :cockroachdb
+          end
+          def resources
+            @resources ||= [
+              database,
+              cluster_issuer, issuer,
+              ca_cert, node_cert, *client_certs.values
+            ]
+          end
+          def after_configuration
+            environment.docker.package_phase.add(:postgres_dev)
+            environment.docker.package_phase.add(:postgres_client)
+            environment.kubernetes.add_plugin(:crdb)
+            environment.kubernetes.add_plugin(:cert_manager)
+          end
+          def bootstrap
+            require 'pg'
+            config = configs[environment.name]
+            database_name = config['database']
+            start_time = Time.now
+            conn = loop do
+              Kuby.logger.info('Waiting for successful database connection...')
+              begin
+                conn = PG.connect(
+                  dbname: database_name,
+                  user: 'root',
+                  host: host,
+                  port: 26257,
+                  sslmode: 'require',
+                  sslrootcert: '/cockroach/cockroach-certs/ca.crt',
+                  sslcert: '/cockroach/cockroach-certs/client.root.crt',
+                  sslkey: '/cockroach/cockroach-certs/client.root.key',
+                  connect_timeout: BOOTSTRAP_TIMEOUT_INTERVAL
+                )
+              rescue PG::ConnectionBad => e
+                if (Time.now - start_time) > BOOTSTRAP_TIMEOUT_TOTAL
+                  Kuby.logger.fatal("Database connection failed, waited #{BOOTSTRAP_TIMEOUT_TOTAL}")
+                  raise e
+                end
+                sleep 1  # breathe!
+              else
+                Kuby.logger.info('Database connection succeeded')
+                break conn
+              end
+            end
+            existing_databases = conn.exec('show databases').to_a
+            if existing_databases.none? { |db| db['database_name'] == database_name }
+              conn.exec("create database #{database_name}")
+            end
+            existing_users = conn.exec('show users').to_a.map { |u| u['username'] }
+            client_certs.each do |username, _cert|
+              unless existing_users.include?(username)
+                conn.exec("create user #{username}")
+              end
+              conn.exec(
+                "grant #{CLIENT_PERMISSIONS.join(',')} "\
+                  "on database #{database_name} "\
+                  "to #{username}"
+              )
+            end
+          end
+          def kubernetes_cli
+            provider.kubernetes_cli
+          end
+          def provider
+            environment.kubernetes.provider
+          end
+          def configure_pod_spec(pod_spec)
+            crdb = self
+            pod_spec.containers.each do |container|
+              configure_container(container)
+            end
+            pod_spec.init_containers.each do |init_container|
+              configure_container(init_container)
+            end
+            pod_spec.volume do
+              name "#{crdb.base_name}-crdb-certs"
+              projected do
+                source do
+                  secret do
+                    name crdb.node_cert.spec.secret_name
+                    item do
+                      key 'ca.crt'
+                      path 'ca.crt'
+                    end
+                  end
+                end
+                crdb.client_certs.each do |username, cert|
+                  source do
+                    secret do
+                      name cert.spec.secret_name
+                      item do
+                        key 'tls.crt'
+                        path "client.#{username}.crt"
+                      end
+                      item do
+                        key 'tls.key'
+                        path "client.#{username}.key"
+                      end
+                    end
+                  end
+                end
+                # read-only for user
+                # http://permissions-calculator.org/decode/0400/
+                default_mode 0400
+              end
+            end
+          end
+          def configure_container(container)
+            crdb = self
+            container.volume_mount do
+              name "#{crdb.base_name}-crdb-certs"
+              mount_path '/cockroach/cockroach-certs/'
+            end
+          end
+          def host
+            # host is the same as the name thanks to k8s DNS
+            @host ||= "#{database.metadata.name}-public"
+          end
+          def rewritten_configs
+            # deep dup
+            @rewritten_configs ||= Marshal.load(Marshal.dump(configs)).tap do |new_configs|
+              new_config = new_configs[environment.name]
+              new_config.delete('password')
+              new_config.merge!(
+                'username' => client_username,
+                'host' => host,
+                'port' => 26257,
+                'sslmode' => 'require',
+                'sslrootcert' => '/cockroach/cockroach-certs/ca.crt',
+                'sslcert' => "/cockroach/cockroach-certs/client.#{client_username}.crt",
+                'sslkey' => "/cockroach/cockroach-certs/client.#{client_username}.key"
+              )
+            end
+          end
+          def storage(amount)
+            database do
+              spec do
+                data_store do
+                  pvc do
+                    spec do
+                      resources do
+                        requests do
+                          set :storage, amount
+                        end
+                      end
+                    end
+                  end
+                end
+              end
+            end
+          end
+          def database(&block)
+            crdb = self
+            @database ||= Kuby::CRDB.crdb_cluster do
+              metadata do
+                # this translates to the name of the statefulset that is created
+                name "#{crdb.base_name}-crdb"
+                namespace crdb.kubernetes.namespace.metadata.name
+              end
+              spec do
+                data_store do
+                  pvc do
+                    spec do
+                      access_modes ['ReadWriteOnce']
+                      resources do
+                        requests do
+                          add :storage, '10Gi'
+                        end
+                      end
+                      volume_mode 'Filesystem'
+                    end
+                  end
+                end
+                resources do
+                  requests do
+                    add :cpu, '200m'
+                    add :memory, '1Gi'
+                  end
+                  limits do
+                    add :cpu, '200m'
+                    add :memory, '1Gi'
+                  end
+                end
+                tls_enabled true
+                client_tls_secret crdb.client_certs['root'].spec.secret_name
+                node_tls_secret crdb.node_cert.spec.secret_name
+                image do
+                  name "cockroachdb/cockroach:v#{VERSION}"
+                end
+                # this is unfortunately the minimum
+                nodes 3
+              end
+            end
+          end
+          def cluster_issuer
+            crdb = self
+            @cluster_issuer ||= Kuby::CertManager.cluster_issuer do
+              api_version 'cert-manager.io/v1'
+              metadata do
+                name "#{crdb.base_name}-crdb-ca-issuer"
+              end
+              spec do
+                self_signed
+              end
+            end
+          end
+          def issuer
+            crdb = self
+            @issuer ||= Kuby::CertManager.issuer do
+              api_version 'cert-manager.io/v1'
+              metadata do
+                name "#{crdb.base_name}-crdb-issuer"
+                namespace crdb.kubernetes.namespace.metadata.name
+              end
+              spec do
+                ca do
+                  secret_name crdb.ca_cert.spec.secret_name
+                end
+              end
+            end
+          end
+          def ca_cert
+            crdb = self
+            @ca_cert ||= Kuby::CertManager.certificate do
+              api_version 'cert-manager.io/v1'
+              metadata do
+                name "#{crdb.base_name}-crdb-ca-cert"
+                namespace crdb.kubernetes.namespace.metadata.name
+              end
+              spec do
+                is_ca true
+                common_name 'ca'
+                secret_name "#{crdb.base_name}-crdb-ca-cert"
+                subject do
+                  organizations ['Kuby']
+                end
+                usages ['digital signature', 'key encipherment', 'cert sign', 'crl sign']
+                duration "#{5 * 365 * 24}h"  # 5 years validity (in hours)
+                private_key do
+                  algorithm 'RSA'
+                  size 2048
+                end
+                issuer_ref do
+                  name crdb.cluster_issuer.metadata.name
+                  kind 'ClusterIssuer'
+                  group 'cert-manager.io'
+                end
+              end
+            end
+          end
+          def node_cert
+            crdb = self
+            ns = kubernetes.namespace.metadata.name
+            @node_cert ||= Kuby::CertManager.certificate do
+              api_version 'cert-manager.io/v1'
+              metadata do
+                name "#{crdb.base_name}-crdb-node-cert"
+                namespace ns
+              end
+              spec do
+                common_name 'node'
+                secret_name "#{crdb.base_name}-crdb-node-cert"
+                subject do
+                  organizations ['Kuby']
+                end
+                usages ['client auth', 'server auth']
+                duration "#{5 * 365 * 24}h"  # 5 years validity (in hours)
+                svc_name = "#{crdb.base_name}-crdb"
+                dns_names [
+                  'localhost',
+                  "#{svc_name}-public",
+                  "#{svc_name}-public.#{ns}",
+                  "#{svc_name}-public.#{ns}.svc.cluster.local",
+                  "*.#{svc_name}",
+                  "*.#{svc_name}.#{ns}",
+                  "*.#{svc_name}.#{ns}.svc.cluster.local",
+                ]
+                ip_addresses ['127.0.0.1']
+                private_key do
+                  algorithm 'RSA'
+                  size 2048
+                end
+                issuer_ref do
+                  name crdb.issuer.metadata.name
+                  kind 'Issuer'
+                  group 'cert-manager.io'
+                end
+              end
+            end
+          end
+          def client_username
+            @client_username ||= slugify(kubernetes.selector_app)
+          end
+          # replaces all non-ascii characters with an underscore
+          def slugify(str)
+            str.gsub(/\W/, '_')
+          end
+          def base_name
+            @base_name ||= "#{kubernetes.selector_app}-#{ROLE}"
+          end
+          def kubernetes
+            environment.kubernetes
+          end
+          def rails_app
+            kubernetes.plugin(:rails_app)
+          end
+          private
+          def config
+            configs[environment.name]
+          end
+        end
+      end
+    end
+  end
+end
+Kuby.register_package(:postgres_dev,
+  debian: 'postgresql-client',
+  alpine: 'postgresql-dev'
+)
+Kuby.register_package(:postgres_client,
+  debian: 'postgresql-client',
+  alpine: 'postgresql-client'
+)

data/lib/kuby/plugins/rails_app/crdb.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module Kuby
+  module Plugins
+    module RailsApp
+      module CRDB
+        autoload :Plugin, 'kuby/plugins/rails_app/crdb/plugin'
+      end
+    end
+  end
+end

data/lib/kuby/plugins/rails_app/database.rb CHANGED Viewed

@@ -1,4 +1,5 @@
-# typed: false
+# typed: ignore
 require 'yaml'
 module Kuby
@@ -7,11 +8,8 @@ module Kuby
       class UnsupportedDatabaseError < StandardError; end
       class Database
-        ADAPTER_MAP = {
-          sqlite3: Sqlite,
-          mysql2: MySQL,
-          postgresql: Postgres
-        }.freeze
+        # only support cockroach for now
+        ADAPTER_MAP = { cockroachdb: CRDB::Plugin, sqlite3: Sqlite }.freeze
         def self.get(rails_app)
           if rails_app.manage_database?
@@ -21,7 +19,7 @@ module Kuby
         def self.get_adapter(adapter_name)
           ADAPTER_MAP.fetch(adapter_name) do
-            raise UnsupportedDatabaseError, "Kuby does not support the '#{adapter}' "\
+            raise UnsupportedDatabaseError, "Kuby does not support the '#{adapter_name}' "\
               'database adapter'
           end
         end
@@ -51,7 +49,13 @@ module Kuby
         end
         def db_configs
-          @db_configs ||= YAML.load(File.read(db_config_path))
+          @db_configs ||= begin
+            if Psych::VERSION > '4'
+              YAML.load(File.read(db_config_path), aliases: true)
+            else ArgumentError
+              YAML.load(File.read(db_config_path))
+            end
+          end
         end
         def db_config_path

data/lib/kuby/plugins/rails_app/generators/kuby.rb CHANGED Viewed

@@ -1,4 +1,5 @@
-# typed: true
+# typed: false
 require 'rails/generators'
 require 'rails/generators/base'
@@ -14,14 +15,6 @@ class KubyGenerator < Rails::Generators::Base
   end
   def create_config_file
-    app_class = Rails.application.class
-    app_name = if app_class.respond_to?(:module_parent_name)
-      app_class.module_parent_name
-    else
-      app_class.parent_name
-    end
     create_file(
       'kuby.rb',
       <<~END
@@ -59,13 +52,7 @@ class KubyGenerator < Rails::Generators::Base
             kubernetes do
               # Add a plugin that facilitates deploying a Rails app.
-              add_plugin :rails_app do
-                # configure database credentials
-                database do
-                  user app_creds[:KUBY_DB_USER]
-                  password app_creds[:KUBY_DB_PASSWORD]
-                end
-              end
+              add_plugin :rails_app
               # Use Docker Desktop as the provider.
               # See: https://www.docker.com/products/docker-desktop
@@ -121,4 +108,18 @@ class KubyGenerator < Rails::Generators::Base
       END
     )
   end
+  private
+  def app_name
+    @app_name ||= begin
+      app_class = Rails.application.class
+      if app_class.respond_to?(:module_parent_name)
+        app_class.module_parent_name
+      else
+        app_class.parent_name
+      end
+    end
+  end
 end

data/lib/kuby/plugins/rails_app/plugin.rb CHANGED Viewed

@@ -1,4 +1,5 @@
-# typed: false
+# typed: ignore
 require 'kube-dsl'
 require 'kuby/cert-manager'
@@ -6,6 +7,8 @@ module Kuby
   module Plugins
     module RailsApp
       class Plugin < ::Kuby::Plugin
+        depends_on :kubernetes, '>= 1.20'
         extend ::KubeDSL::ValueFields
         WEB_ROLE = 'web'.freeze
@@ -18,8 +21,7 @@ module Kuby
         DEFAULT_ASSET_PATH = './public'.freeze
         value_field :root, default: '.'
-        value_fields :hostname, :tls_enabled
-        value_fields :manage_database, :database, :replicas
+        value_fields :hostname, :tls_enabled, :manage_database, :replicas
         value_fields :asset_url, :packs_url, :asset_path
         alias_method :manage_database?, :manage_database
@@ -45,11 +47,12 @@ module Kuby
           if manage_database? && @database = Database.get(self)
             @database.plugin.instance_eval(&@database_block) if @database_block
             environment.kubernetes.plugins[@database.plugin_name] = @database.plugin
-            environment.kubernetes.add_plugin(:kube_db)
             environment.docker do
               insert :rewrite_db_config, RewriteDbConfig.new, after: :copy_phase
             end
+            @database.plugin.configure_pod_spec(deployment.spec.template.spec)
           end
           environment.kubernetes.add_plugin(:nginx_ingress)
@@ -87,6 +90,15 @@ module Kuby
           spec = self
           deployment do
+            metadata do
+              annotations do
+                add(
+                  'getkuby.io/dockerfile-checksum',
+                  spec.environment.docker.image.dockerfile.checksum
+                )
+              end
+            end
             spec do
               template do
                 spec do
@@ -229,13 +241,6 @@ module Kuby
                 add :app, kube_spec.selector_app
                 add :role, kube_spec.role
               end
-              annotations do
-                add(
-                  'getkuby.io/dockerfile-checksum',
-                  kube_spec.environment.docker.image.dockerfile.checksum
-                )
-              end
             end
             spec do
@@ -305,7 +310,7 @@ module Kuby
                   init_container(:create_db) do
                     name "#{kube_spec.selector_app}-create-db"
-                    command %w(bundle exec rake kuby:rails_app:db:create_unless_exists)
+                    command %w(bundle exec rake kuby:rails_app:db:bootstrap)
                     env_from do
                       config_map_ref do
@@ -322,7 +327,7 @@ module Kuby
                   init_container(:migrate_db) do
                     name "#{kube_spec.selector_app}-migrate-db"
-                    command %w(bundle exec rake db:migrate)
+                    command %w(bundle exec rake kuby:rails_app:db:migrate)
                     env_from do
                       config_map_ref do
@@ -356,7 +361,7 @@ module Kuby
           spec = self
           tls_enabled = @tls_enabled
-          @ingress ||= KubeDSL::DSL::Extensions::V1beta1::Ingress.new do
+          @ingress ||= KubeDSL::DSL::Networking::V1::Ingress.new do
             metadata do
               name "#{spec.selector_app}-ingress"
               namespace spec.namespace.metadata.name
@@ -373,10 +378,16 @@ module Kuby
                 http do
                   path do
                     path '/'
+                    path_type 'Prefix'
                     backend do
-                      service_name spec.service.metadata.name
-                      service_port spec.service.spec.ports.first.port
+                      service do
+                        name spec.service.metadata.name
+                        port do
+                          name spec.service.spec.ports.first.name
+                        end
+                      end
                     end
                   end
                 end
@@ -402,8 +413,8 @@ module Kuby
             config_map,
             app_secrets,
             deployment,
-            ingress,
-            *database&.plugin&.resources
+            *database&.plugin&.resources,
+            ingress
           ]
         end