mina-kubernetes 2.2.4 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f827c6cd9bd3a95016a4a551824566ec4bb7d1d40e0477458a237381171d6341
-  data.tar.gz: 8a81174a1c647b9ff55e8081b4b2a4e4cbea834a78fd6839192935f6c5a7b62e
+  metadata.gz: 3a40a0047704517ce7a6e10daf7373ca3fe7398d0f655280992f3bb76ba8fff0
+  data.tar.gz: d7efeb94f504ece35b47829c927429b502112f511b91b552ca9c03df20d0e28d
 SHA512:
-  metadata.gz: 61bd2dd21d29ccff1c57850d614a1c2957f62180d551b363fc03fd15fbac92462f24e2712f8c1b5575c4341e8cf49cd1cee82ff81d35b586997ef892e96426a0
-  data.tar.gz: 1228cb9ff013d0a90d822cb4854cbf4d485a4f7a3323479d092b9149bea197a49b49b58e6d58c90c6a0d5200bb8eac696f721a7e60b0f4cc1e5beecce8a2c496
+  metadata.gz: 3aaf4c5a80be9b84e75be8d2b15be9e79622ff58ed75e43ae90cde743ba944071707fee26d47e95ae6f8a504ceaa85225c18ed3c8eba5833bc3a6ff84ccbde04
+  data.tar.gz: 5045d3eeaae653fede93ae8bdba3631d8cdcd3297210ec8d8d3add742fbd9e5a0a062af5eaf85edd579604275e80cb89215ed97f3ad96cc84e50ba4cf2ffa67c

data/CHANGELOG.md

@@ -1,3 +1,41 @@
+## 2.7.0
+
+*Enhancements*
+
+- `kubernetes:command` allows to choose pod name
+- `kubernetes:command` offers to kill & start fresh pod or start other pod with different name if pod already exists
+
+## 2.6.0
+
+*Fixes*
+
+- Update krane gem to ~> 2.1 for compatibility with k8s >= 1.17
+
+## 2.5.0
+
+*Enhancements*
+
+- `kubernetes:command` starts pod with identifiable name and allows session reconnection
+- `kubernetes:command` accepts a `kubectl_pod_overrides` option
+
+## 2.4.1
+
+*Fixes*
+
+- Security: update rake dependency
+
+## 2.4.0
+
+*Enhancements*
+
+- Use `secrets.ejson` if present
+
+## 2.3.0
+
+*Enhancements*
+
+- Allow using a proxy to connect to a Kubernetes cluster
+
 ## 2.2.4
 
 *Fixes*

data/README.md

@@ -1,16 +1,16 @@
 # mina-kubernetes
-Plugin for the [mina](https://github.com/mina-deploy/mina) deployment tool to streamline deployment of resources to Kubernetes clusters, using the [krane](https://github.com/Shopify/krane) gem and [mina-multistage](https://github.com/endoze/mina-multistage) plugin.
+ mina-kubernetes is a plugin for the [mina](https://github.com/mina-deploy/mina) deployment tool to streamline deployment of resources to Kubernetes clusters, using the [krane](https://github.com/Shopify/krane) gem with the [mina-multistage](https://github.com/endoze/mina-multistage) plugin.
 
-Requires local Docker and [kubectl](https://cloud.google.com/kubernetes-engine/docs/quickstart) with local authentication set up to connect to the destination Kubernetes cluster as context in your local KUBE_CONFIG. See https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#generate_kubeconfig_entry for example with Google Kubernetes Engine.
+It requires local Docker and [kubectl](https://cloud.google.com/kubernetes-engine/docs/quickstart) with local authentication set up to connect to the destination Kubernetes cluster as context in your local KUBE_CONFIG. See https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#generate_kubeconfig_entry for example with Google Kubernetes Engine.
 
-NB: `docker manifest inspect` is used to check whether the Docker image with requested tag is available. This requires experimental features to be enabled in your local Docker config by adding `"experimental": "enabled"` to `~/.docker/config.json`.
-If the image repository is not public authentication will need to be set up for your local Docker, for instance see https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper for images hosted on the Google Cloud Registry
+NB: `docker manifest inspect` is used to check whether the Docker image with requested tag is available. At the time of writing this is still an experimental feature that needs to be enabled in your local Docker config by adding `"experimental": "enabled"` to `~/.docker/config.json`.
+If the image to deploy is in a private repository authentication will have to be set up for your local Docker, for instance see https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper for images hosted on the Google Cloud Registry.
 
 ## Usage
 
 Add `mina-kubernetes` to your local Gemfile.
 
-Create a configuration file for mina in `config/deploy.rb` like the one below:
+Create a configuration file for mina in `config/deploy.rb` similar to the one below (which replaces the default deploy task):
 ```ruby
 require "mina/default"
 require "mina/multistage"
@@ -28,9 +28,9 @@ set :image_repo, "gcr.io/project-id/myapp"
 set :kubernetes_context, "kubernetes_context_name"
 ```
 
-If `set :image_tag, "my_image_tag"` is also defined, it'll be used to deploy the image tagged with this tag on the repository. Otherwise you'll be prompted to pick a branch from current working Git repository and the image to deploy will be assumed to be tagged with the Git commit hash, i.e. `gcr.io/project-123456/my_app:abcd1234`.
+If `set :image_tag, "my_image_tag"` is also defined, it'll be used to deploy the image tagged with this tag on the repository. Otherwise you'll be prompted to pick a branch from the current Git repository and the image to deploy will be assumed to be tagged with the commit hash of that branch, i.e. `gcr.io/project-id/myapp:abcd1234`.
 
-Then add `*.yml.erb` Kubernetes resource definition files in the stage folder, i.e. `config/deploy/production/app.yml.erb`. Occurences of `<%= image_repo %>` and `<%= current_sha %>` in these files will be dynamically replaced on deploy by the image repository URL and the latest commit hash of the selected branch on its git origin.
+Then add `*.yml.erb` Kubernetes resource definition files in the stage folder, for instance `config/deploy/production/webserver.yml.erb` and `config/deploy/production/backgroundjobs.yml.erb`. Occurences of `<%= image_repo %>` and `<%= current_sha %>` in these files will be dynamically replaced on deploy by the image repository URL and the latest commit hash of the selected branch on its git origin.
 
 You can also get the RAILS_MASTER_KEY for encrypted credentials deployed as a Kubernetes secrets by adding a secrets.yml.erb like below:
 ```yml
@@ -42,9 +42,14 @@ data:
   RAILS_MASTER_KEY: <%= Base64.strict_encode64(File.read("#{Dir.pwd}/config/credentials/production.key").strip) %>
 ```
 
-When running `mina production deploy`, it'll prompt for a branch and check the image tagged with current commit hash from selected branch is available on the repository. Then the `krane` executable is called to fill in the variables in the resource templates and apply them all to the cluster under the given namespace (see https://github.com/Shopify/krane#deploy-walkthrough for more details)
+When running `mina production deploy`, it'll check the image is available on the repository and then call the `krane` executable to fill in the variables in the resource templates and apply them all to the cluster under the given namespace (see https://github.com/Shopify/krane#deploy-walkthrough for more details)
 
-### Passing options to krane
+### EJSON Encrypted secrets
+
+Krane can dynamically generate Kubernetes secrets from an encrypted EJSON file, see: https://github.com/Shopify/krane#deploying-kubernetes-secrets-from-ejson. As per current Krane documentation "The ejson file must be included in the resources passed to --filenames, it can not be read through stdin.", so
+following convention-over-configuration principles `mina-kubernetes` checks for the presence of a file named `secrets.ejson` in the stage folder and uses it if available.
+
+### Passing custom options to krane
 
 ```ruby
   invoke :"kubernetes:deploy", "--no-prune"
@@ -52,11 +57,11 @@ When running `mina production deploy`, it'll prompt for a branch and check the i
 
 Refer to https://github.com/Shopify/krane#usage for a complete set of options
 
-### Tasks available
+## Tasks available
 
 #### `kubernetes:deploy`
 
-Creates namespace on cluster and assigns it to a local kubectl context, prompts for git branch if no image tag specified, applies all resources to cluster after checking tagged image is available.
+Creates the namespace on cluster if it doesn't exist, prompts for a git branch if no image tag is already specified in stage file, then applies all resources to cluster after checking tagged image is available.
 
 #### `kubernetes:bash`
 
@@ -64,8 +69,26 @@ Prompts for branch unless image tag is set, then spins up a temporary pod with t
 
 #### `kubernetes:command`
 
-Prompts for branch unless image tag is set, then spins up a temporary pod with the image and run command given by task variable `command`, for instance with `set :command, "rails console"`. Environment variables can also be given by defining`env_hash`, i.e. `set :env_hash, {"RAILS_ENV" => "production", "MY_VAR" => "abcd123"}`
+Prompts for branch unless image tag is set, then spins up a temporary pod with the image and runs the command given in the task variable `command`, for instance with `set :command, "rails console"`. Environment variables can also be passed by defining`env_hash`, i.e. `set :env_hash, {"RAILS_ENV" => "production", "MY_VAR" => "abcd123"}`
+
+The pod will be named `command-username-branch`, and can be reattached/killed in case of disconnection.
+
+A `kubectl_pod_overrides` task option is available to pass a value to the `overrides` option of the `kubectl run` command.
 
 #### `kubernetes:delete`
 
 Confirms and delete all resources on cluster under namespace.
+
+## Example use: run rails console on non-preemptible GKE node
+
+Add the following to your `deploy.rb`
+``` ruby
+task :console do
+  set :command, "rails console"
+  set :env_hash, "RAILS_ENV" => fetch(:stage), "RAILS_MASTER_KEY" => File.read("#{Dir.pwd}/config/credentials/#{fetch(:stage)}.key").strip
+  set :kubectl_pod_overrides, '{"spec": {"affinity": {"nodeAffinity": {"requiredDuringSchedulingIgnoredDuringExecution": {"nodeSelectorTerms": [{"matchExpressions": [{"key": "cloud.google.com/gke-preemptible", "operator": "DoesNotExist"} ] } ] } } } } }'
+
+  invoke :'kubernetes:command'
+end
+```
+You can now run `mina production console` to open a rails console in production environment with the image of your choice!

data/lib/mina/kubernetes.rb

@@ -1,13 +1,13 @@
 require "tty-prompt"
 require "tty-spinner"
-require "securerandom"
 require "json"
-require "base64"
+require "time"
 
 # required by mina
 set :execution_mode, :pretty
 
 namespace :kubernetes do
+  set :proxy, nil
 
   task :deploy, [:options] do |task, args|
     desc "Set image tag to be latest commit of prompted branch (unless provided) then applies resources to cluster"
@@ -25,9 +25,9 @@ namespace :kubernetes do
   end
 
   task :command do
+    set :skip_report_time, true
     desc "Spins up temporary pod with image and runs given command in interactive shell, passing given environment variable"
     set_tag_from_branch_commit unless fetch(:image_tag)
-    wait_until_image_ready(fetch(:image_tag))
     run_command(fetch(:command), env_hash_arg)
   end
 
@@ -51,7 +51,7 @@ end
 
 def set_tag_from_branch_commit
   run :local do
-    comment "Updating Git branches..."
+    comment "Refreshing Git branches..."
   end
   remote_branches = `git fetch --prune && git branch -r --no-merged master --sort=-committerdate | grep origin`.split("\n").collect { |b| b.strip.gsub("origin/", "") }.reject { |b| b == "master" }
   set :branch, TTY::Prompt.new.select("Which branch?", ["master"].concat(remote_branches))
@@ -61,13 +61,14 @@ end
 def create_namespace_on_cluster
   run :local do
     comment "Create/update namespace on Kubernetes cluster..."
-    command "kubectl create namespace #{fetch(:namespace)} --dry-run -o yaml | kubectl apply -f - --context=#{fetch(:kubernetes_context)}"
+    proxy_env = "HTTPS_PROXY=#{fetch(:proxy)}" if fetch(:proxy)
+    command "kubectl create namespace #{fetch(:namespace)} --dry-run -o yaml | #{proxy_env} kubectl apply -f - --context=#{fetch(:kubernetes_context)}"
   end
 end
 
 def wait_until_image_ready(commit)
   run :local do
-    comment "Check image #{fetch(:image_repo)}:#{commit} is available..."
+    comment "Checking image #{fetch(:image_repo)}:#{commit} is available..."
   end
   spinner = TTY::Spinner.new
   spinner.auto_spin
@@ -83,18 +84,68 @@ end
 
 def run_command(command, env_hash = {})
   env = env_hash.collect{|k,v| "--env #{k}=#{v}" }.join(" ")
-  label = command.downcase.gsub(" ", "-").gsub(":", "-")
-  # using system instead of mina's command so tty opens successfully
-  system "kubectl run #{label}-#{SecureRandom.hex(4)} --rm -i --tty --restart=Never --context=#{fetch(:kubernetes_context)} --namespace=#{fetch(:namespace)} --image #{fetch(:image_repo)}:#{fetch(:image_tag)} #{env} -- #{command}"
+  proxy_env = "HTTPS_PROXY=#{fetch(:proxy)}" if fetch(:proxy)
+
+  default_pod_name = "#{`whoami`.strip}-#{command}-#{fetch(:branch)}".downcase.gsub(" ", "-").gsub(":", "-")
+  pod_name = TTY::Prompt.new.ask("What name for the pod?", :value => default_pod_name)
+
+  run :local do
+    comment "Lauching pod #{color(pod_name, 36)} to run #{color(command, 36)}"
+  end
+
+  pod_run_command = "#{proxy_env} kubectl run #{pod_name} --rm -i --tty --restart=Never --overrides='#{fetch(:kubectl_pod_overrides)}' --context=#{fetch(:kubernetes_context)} --namespace=#{fetch(:namespace)} --image #{fetch(:image_repo)}:#{fetch(:image_tag)} #{env}"
+  running_pod_info = `#{proxy_env} kubectl get pod #{pod_name} -o json --ignore-not-found --context=#{fetch(:kubernetes_context)} --namespace=#{fetch(:namespace)}`
+
+  if running_pod_info.empty?
+    wait_for_image_and_run_command("#{pod_run_command} -- #{command}")
+  else
+    started_at = Time.parse(JSON.parse(running_pod_info)["status"]["startTime"]).strftime('%b %e, %H:%M')
+    choice = TTY::Prompt.new.select(
+      "Pod already exists, running since #{started_at} UTC, what would you like to do?",
+      {
+        "Reattach to its container" => :attach,
+        "Kill it and launch a fresh one" => :replace,
+        "Keep it and start one with a different name" => :other,
+      }
+    )
+    
+    delete_command = "#{proxy_env} kubectl delete pod #{pod_name} --context=#{fetch(:kubernetes_context)} --namespace=#{fetch(:namespace)}"
+    
+    case choice
+    when :attach
+      attach_command = "#{proxy_env} kubectl attach #{pod_name} -i --tty -c #{pod_name} --context=#{fetch(:kubernetes_context)} --namespace=#{fetch(:namespace)}"
+      system "#{attach_command} && #{delete_command}"
+    when :replace
+      system delete_command
+      run :local do
+        comment "Lauching Pod #{color(pod_name, 36)} to run #{color(command, 36)}"
+      end
+      wait_for_image_and_run_command("#{pod_run_command} -- #{command}")
+    when :other
+      run_command(command, env_hash)
+    end
+  end
+end
+
+def wait_for_image_and_run_command(command)
+  wait_until_image_ready(fetch(:image_tag))
+  system command
 end
 
 def apply_kubernetes_resources(options)
   run :local do
-    comment "Apply all Kubernetes resources..."
+    comment "Applying all Kubernetes resources..."
+
+    proxy_env = "HTTPS_PROXY=#{fetch(:proxy)}" if fetch(:proxy)
     filepaths = options&.[](:filepaths) || "config/deploy/#{fetch(:stage)}"
-    render_cmd = "krane render --bindings=image_repo=#{fetch(:image_repo)},image_tag=#{fetch(:image_tag)},namespace=#{fetch(:namespace)} --current_sha #{fetch(:image_tag)} -f #{filepaths}"
-    deploy_cmd = "krane deploy #{fetch(:namespace)} #{fetch(:kubernetes_context)} --stdin "
+
+    render_cmd = "#{proxy_env} krane render --bindings=image_repo=#{fetch(:image_repo)},image_tag=#{fetch(:image_tag)},namespace=#{fetch(:namespace)} --current_sha #{fetch(:image_tag)} -f #{filepaths}"
+    deploy_cmd = "#{proxy_env} krane deploy #{fetch(:namespace)} #{fetch(:kubernetes_context)} --stdin "
     deploy_cmd += options[:deployment_options] if options&.[](:deployment_options)
+
+    ejson_secrets_path = "#{filepaths}/secrets.ejson"
+    deploy_cmd += " --filenames #{ejson_secrets_path}" if File.exists?(ejson_secrets_path)
+
     command "#{render_cmd} | #{deploy_cmd}"
   end
 end

data/lib/mina/kubernetes/version.rb

@@ -1,5 +1,5 @@
 module Mina
   module Kubernetes
-    VERSION = "2.2.4"
+    VERSION = "2.7.0"
   end
 end

data/mina-kubernetes.gemspec

@@ -20,11 +20,11 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency 'bundler', '~> 1.11'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '>= 12.3.3'
 
   spec.add_runtime_dependency 'mina', '~> 1.0'
   spec.add_runtime_dependency 'mina-multistage', '~> 1.0'
-  spec.add_runtime_dependency 'krane', '~> 1.0'
+  spec.add_runtime_dependency 'krane', '~> 2.1'
   spec.add_runtime_dependency 'tty-prompt'
   spec.add_runtime_dependency 'tty-spinner'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mina-kubernetes
 version: !ruby/object:Gem::Version
-  version: 2.2.4
+  version: 2.7.0
 platform: ruby
 authors:
 - Antoine Sabourin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-13 00:00:00.000000000 Z
+date: 2020-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -28,16 +28,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: mina
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: tty-prompt
   requirement: !ruby/object:Gem::Requirement
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Mina plugin to streamline deployment of resources to Kubernetes cluster