ood_core 0.13.0 → 0.16.1

data/lib/ood_core/job/adapters/kubernetes/helper.rb

@@ -0,0 +1,299 @@
+class OodCore::Job::Adapters::Kubernetes::Helper
+
+  require_relative 'resources'
+  require_relative 'k8s_job_info'
+  require 'resolv'
+  require 'base64'
+  require 'active_support/core_ext/hash'
+
+  class K8sDataError < StandardError; end
+
+  # Extract info from json data. The data is expected to be from the kubectl
+  # command and conform to kubernetes' datatype structures.
+  #
+  # Returns K8sJobInfo in the in lieu of writing a connection.yml
+  #
+  # @param pod_json [#to_h]
+  #   the pod data returned from 'kubectl get pod abc-123'
+  # @param service_json [#to_h]
+  #   the service data returned from 'kubectl get service abc-123-service'
+  # @param secret_json [#to_h]
+  #   the secret data returned from 'kubectl get secret abc-123-secret'
+  # @param ns_prefix [#to_s]
+  #   the namespace prefix so that namespaces can be converted back to usernames
+  # @return [OodCore::Job::Adapters::Kubernetes::K8sJobInfo]
+  def info_from_json(pod_json: nil, service_json: nil, secret_json: nil, ns_prefix: nil)
+    pod_hash = pod_info_from_json(pod_json, ns_prefix: ns_prefix)
+    service_hash = service_info_from_json(service_json)
+    secret_hash = secret_info_from_json(secret_json)
+
+    pod_hash.deep_merge!(service_hash)
+    pod_hash.deep_merge!(secret_hash)
+    OodCore::Job::Adapters::Kubernetes::K8sJobInfo.new(pod_hash)
+  rescue NoMethodError
+    raise K8sDataError, "unable to read data correctly from json"
+  end
+
+  # Turn a container hash into a Kubernetes::Resources::Container
+  #
+  # @param container [#to_h]
+  #   the input container hash
+  # @param default_env [#to_h]
+  #   Default env to merge with defined env
+  # @return  [OodCore::Job::Adapters::Kubernetes::Resources::Container]
+  def container_from_native(container, default_env)
+    env = container.fetch(:env, {}).to_h.symbolize_keys
+    OodCore::Job::Adapters::Kubernetes::Resources::Container.new(
+      container[:name],
+      container[:image],
+      command: parse_command(container[:command]),
+      port: container[:port],
+      env: default_env.merge(env),
+      memory: container[:memory],
+      cpu: container[:cpu],
+      working_dir: container[:working_dir],
+      restart_policy: container[:restart_policy],
+      image_pull_secret: container[:image_pull_secret]
+    )
+  end
+
+  # Parse a command string given from a user and return an array.
+  # If given an array, the input is simply returned back.
+  #
+  # @param cmd [#to_s]
+  #   the command to parse
+  # @return [Array<#to_s>]
+  #   the command parsed into an array of arguements
+  def parse_command(cmd)
+    if cmd&.is_a?(Array)
+      cmd
+    else
+      Shellwords.split(cmd.to_s)
+    end
+  end
+
+  # Turn a configmap hash into a Kubernetes::Resources::ConfigMap
+  # that can be used in templates. Needs an id so that the resulting
+  # configmap has a known name.
+  #
+  # @param native [#to_h]
+  #   the input configmap hash
+  # @param id [#to_s]
+  #   the id to use for giving the configmap a name
+  # @return  [OodCore::Job::Adapters::Kubernetes::Resources::ConfigMap]
+  def configmap_from_native(native, id)
+    configmap = native.fetch(:configmap, nil)
+    return nil if configmap.nil?
+
+    OodCore::Job::Adapters::Kubernetes::Resources::ConfigMap.new(
+      configmap_name(id),
+      (configmap[:files] || [])
+    )
+  end
+
+  # parse initialization containers from native data
+  #
+  # @param native_data [#to_h]
+  #   the native data to parse. Expected key init_ctrs and for that
+  #   key to be an array of hashes.
+  # @param default_env [#to_h]
+  #   Default env to merge with defined env
+  # @return [Array<OodCore::Job::Adapters::Kubernetes::Resources::Container>]
+  #   the array of init containers
+  def init_ctrs_from_native(ctrs, default_env)
+    init_ctrs = []
+
+    ctrs&.each do |ctr_raw|
+      ctr = container_from_native(ctr_raw, default_env)
+      init_ctrs.push(ctr)
+    end
+
+    init_ctrs
+  end
+
+  def service_name(id)
+    id + '-service'
+  end
+
+  def secret_name(id)
+    id + '-secret'
+  end
+
+  def configmap_name(id)
+    id + '-configmap'
+  end
+
+  def seconds_to_duration(s)
+    "%02dh%02dm%02ds" % [s / 3600, s / 60 % 60, s % 60]
+  end
+
+  # Extract pod info from json data. The data is expected to be from the kubectl
+  # command and conform to kubernetes' datatype structures.
+  #
+  # @param json_data [#to_h]
+  #   the pod data returned from 'kubectl get pod abc-123'
+  # @param ns_prefix [#to_s]
+  #   the namespace prefix so that namespaces can be converted back to usernames
+  # @return [#to_h]
+  #   the hash of info expected from adapters
+  def pod_info_from_json(json_data, ns_prefix: nil)
+    {
+      id: json_data.dig(:metadata, :name).to_s,
+      job_name: name_from_metadata(json_data.dig(:metadata)),
+      status: pod_status_from_json(json_data),
+      job_owner: job_owner_from_json(json_data, ns_prefix),
+      submission_time: submission_time(json_data),
+      dispatch_time: dispatch_time(json_data),
+      wallclock_time: wallclock_time(json_data),
+      ood_connection_info: { host: get_host(json_data.dig(:status, :hostIP)) },
+      procs: procs_from_json(json_data)
+    }
+  rescue NoMethodError
+    # gotta raise an error because Info.new will throw an error if id is undefined
+    raise K8sDataError, "unable to read data correctly from json"
+  end
+
+  private
+
+  def get_host(ip)
+    Resolv.getname(ip)
+  rescue Resolv::ResolvError
+    ip
+  end
+
+  def name_from_metadata(metadata)
+    name = metadata.dig(:labels, :'app.kubernetes.io/name')
+    name = metadata.dig(:labels, :'k8s-app') if name.nil?
+    name = metadata.dig(:name) if name.nil? # pod-id but better than nil?
+    name
+  end
+
+  def service_info_from_json(json_data)
+    # all we need is the port - .spec.ports[0].nodePort
+    ports = json_data.dig(:spec, :ports)
+    { ood_connection_info: { port: ports[0].dig(:nodePort) } }
+  rescue
+    {}
+  end
+
+  def secret_info_from_json(json_data)
+    raw = json_data.dig(:data, :password)
+    { ood_connection_info: { password: Base64.decode64(raw) } }
+  rescue
+    {}
+  end
+
+  def dispatch_time(json_data)
+    status = pod_status_from_json(json_data)
+    container_statuses = json_data.dig(:status, :containerStatuses)
+    return nil if container_statuses.nil?
+
+    state_data = container_statuses[0].dig(:state)
+    date_string = nil
+
+    if status == 'completed'
+      date_string = state_data.dig(:terminated, :startedAt)
+    elsif status == 'running'
+      date_string = state_data.dig(:running, :startedAt)
+    end
+
+    date_string.nil? ? nil : DateTime.parse(date_string).to_time.to_i
+  end
+
+  def wallclock_time(json_data)
+    status = pod_status_from_json(json_data)
+    container_statuses = json_data.dig(:status, :containerStatuses)
+    return nil if container_statuses.nil?
+
+    state_data = container_statuses[0].dig(:state)
+    start_time = dispatch_time(json_data)
+    return nil if start_time.nil?
+
+    et = end_time(status, state_data)
+
+    et.nil? ? nil : et - start_time
+  end
+
+  def end_time(status, state_data)
+    if status == 'completed'
+      end_time_string = state_data.dig(:terminated, :finishedAt)
+      et = DateTime.parse(end_time_string).to_time.to_i
+    elsif status == 'running'
+      et = DateTime.now.to_time.to_i
+    else
+      et = nil
+    end
+
+    et
+  end
+
+  def submission_time(json_data)
+    status = json_data.dig(:status)
+    start = status.dig(:startTime)
+
+    if start.nil?
+      # the pod is in some pending state limbo
+      conditions = status.dig(:conditions)
+      # best guess to start time is just the first condition's
+      # transition time
+      str = conditions[0].dig(:lastTransitionTime)
+    else
+      str = start
+    end
+
+    DateTime.parse(str).to_time.to_i
+  end
+
+  def pod_status_from_json(json_data)
+    phase = json_data.dig(:status, :phase)
+    state = case phase
+            when "Running"
+              "running"
+            when "Pending"
+              "queued"
+            when "Failed"
+              "suspended"
+            when "Succeeded"
+              "completed"
+            when "Unknown"
+              "undetermined"
+            else
+              "undetermined"
+            end
+
+    OodCore::Job::Status.new(state: state)
+  end
+
+  def terminated_state(status)
+    reason = status.dig(:terminated, :reason)
+    if reason == 'Error'
+      'suspended'
+    else
+      'completed'
+    end
+  end
+
+  def procs_from_json(json_data)
+    containers = json_data.dig(:spec, :containers)
+    resources = containers[0].dig(:resources)
+
+    cpu = resources.dig(:limits, :cpu)
+    millicores_rex = /(\d+)m/
+
+    # ok to return string bc nil.to_i == 0 and we'd rather return
+    # nil (undefined) than 0 which is confusing.
+    if millicores_rex.match?(cpu)
+      millicores =  millicores_rex.match(cpu)[1].to_i
+
+      # have to return at least 1 bc 200m could be 0
+      ((millicores + 1000) / 1000).to_s
+    else
+      cpu
+    end
+  end
+
+  def job_owner_from_json(json_data = {}, ns_prefix = nil)
+    namespace = json_data.dig(:metadata, :namespace).to_s
+    namespace.delete_prefix(ns_prefix.to_s)
+  end
+end

data/lib/ood_core/job/adapters/kubernetes/k8s_job_info.rb

@@ -0,0 +1,9 @@
+# An object that describes a submitted kubernetes job with extended information
+class OodCore::Job::Adapters::Kubernetes::K8sJobInfo < OodCore::Job::Info
+  attr_reader :ood_connection_info
+
+  def initialize(ood_connection_info: {}, **options)
+    super(options)
+    @ood_connection_info = ood_connection_info
+  end
+end

data/lib/ood_core/job/adapters/kubernetes/resources.rb

@@ -0,0 +1,82 @@
+module OodCore::Job::Adapters::Kubernetes::Resources
+
+  class ConfigMap
+    attr_accessor :name, :files
+
+    def initialize(name, files)
+      @name = name
+      @files = []
+      files.each do |f|
+        @files << ConfigMapFile.new(f)
+      end
+    end
+
+    def mounts?
+      @files.any? { |f| f.mount_path }
+    end
+
+    def init_mounts?
+      @files.any? { |f| f.init_mount_path }
+    end
+  end
+
+  class ConfigMapFile
+    attr_accessor :filename, :data, :mount_path, :sub_path, :init_mount_path, :init_sub_path
+
+    def initialize(data)
+      @filename = data[:filename]
+      @data = data[:data]
+      @mount_path = data[:mount_path]
+      @sub_path = data[:sub_path]
+      @init_mount_path = data[:init_mount_path]
+      @init_sub_path = data[:init_sub_path]
+    end
+  end
+
+  class Container
+    attr_accessor :name, :image, :command, :port, :env, :memory, :cpu, :working_dir,
+                  :restart_policy, :image_pull_secret, :supplemental_groups
+
+    def initialize(
+        name, image, command: [], port: nil, env: {}, memory: "4Gi", cpu: "1",
+        working_dir: "", restart_policy: "Never", image_pull_secret: nil, supplemental_groups: []
+      )
+      raise ArgumentError, "containers need valid names and images" unless name && image
+
+      @name = name
+      @image = image
+      @command = command.nil? ? [] : command
+      @port = port&.to_i
+      @env = env.nil? ? {} : env
+      @memory = memory.nil? ? "4Gi" : memory
+      @cpu = cpu.nil? ? "1" : cpu
+      @working_dir = working_dir.nil? ? "" : working_dir
+      @restart_policy = restart_policy.nil? ? "Never" : restart_policy
+      @image_pull_secret = image_pull_secret
+      @supplemental_groups = supplemental_groups.nil? ? [] : supplemental_groups
+    end
+
+    def ==(other)
+      name == other.name &&
+        image == other.image &&
+        command == other.command &&
+        port == other.port &&
+        env == other.env &&
+        memory == other.memory &&
+        cpu == other.cpu &&
+        working_dir == other.working_dir &&
+        restart_policy == other.restart_policy &&
+        image_pull_secret == other.image_pull_secret &&
+        supplemental_groups == other.supplemental_groups
+    end
+  end
+
+  class PodSpec
+    attr_accessor :container, :init_containers
+    def initialize(container, init_containers: nil)
+      @container = container
+      @init_containers = init_containers
+    end
+  end
+  
+end

data/lib/ood_core/job/adapters/kubernetes/templates/pod.yml.erb

@@ -0,0 +1,188 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: <%= namespace %>
+  name: <%= id %>
+  labels:
+    job: <%= id %>
+    app.kubernetes.io/name: <%= container.name %>
+    app.kubernetes.io/managed-by: open-ondemand
+    <%- if !script.accounting_id.nil? && script.accounting_id != "" -%>
+    account: <%= script.accounting_id %>
+    <%- end -%>
+  annotations:
+    <%- unless script.wall_time.nil? -%>
+    pod.kubernetes.io/lifetime: <%= helper.seconds_to_duration(script.wall_time) %>
+    <%- end -%>
+spec:
+  restartPolicy: <%= spec.container.restart_policy %>
+  securityContext:
+    runAsUser: <%= run_as_user %>
+    runAsGroup: <%= run_as_group %>
+    runAsNonRoot: true
+    <%- if spec.container.supplemental_groups.empty? -%>
+    supplementalGroups: []
+    <%- else -%>
+    supplementalGroups:
+    <%- spec.container.supplemental_groups.each do |supplemental_group| -%>
+    - "<%= supplemental_group %>"
+    <%- end -%>
+    <%- end -%>
+    fsGroup: <%= fs_group %>
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  <%- unless spec.container.image_pull_secret.nil? -%>
+  imagePullSecrets:
+  - name: <%= spec.container.image_pull_secret %>
+  <%- end -%>
+  containers:
+  - name: "<%= spec.container.name %>"
+    image: <%= spec.container.image %>
+    imagePullPolicy: IfNotPresent
+    <%- unless spec.container.working_dir.empty? -%>
+    workingDir: "<%= spec.container.working_dir %>"
+    <%- end -%>
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    <%- spec.container.env.each_pair do |name, value| -%>
+    - name: <%= name %>
+      value: "<%= value %>"
+    <%- end # for each env -%>
+    <%- unless spec.container.command.empty? -%>
+    command:
+    <%- spec.container.command.each do |cmd| -%>
+    - "<%= cmd %>"
+    <%- end # for each command -%>
+    <%- end # unless command is nil -%>
+    <%- unless spec.container.port.nil? -%>
+    ports:
+    - containerPort: <%= spec.container.port %>
+    <%- end -%>
+    <%- if configmap.mounts? || !all_mounts.empty? -%>
+    volumeMounts:
+    <%- configmap.files.each do |file| -%>
+      <%- next if file.mount_path.nil? -%>
+    - name: configmap-volume
+      mountPath: <%= file.mount_path %>
+      <%- unless file.sub_path.nil? -%>
+      subPath: <%= file.sub_path %>
+      <%- end # end unless file.sub_path.nil? -%>
+    <%- end # end configmap.files.each -%>
+    <%- all_mounts.each do |mount| -%>
+    - name: <%= mount[:name] %>
+      mountPath: <%= mount[:destination_path] %>
+    <%- end # for each mount -%>
+    <%- end # configmap mounts? and all_mounts not empty -%>
+    resources:
+      limits:
+        memory: "<%= spec.container.memory %>"
+        cpu: "<%= spec.container.cpu %>"
+      requests:
+        memory: "<%= spec.container.memory %>"
+        cpu: "<%= spec.container.cpu %>"
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - all
+      privileged: false
+  <%- unless spec.init_containers.nil? -%>
+  initContainers:
+  <%- spec.init_containers.each do |ctr| -%>
+  - name: "<%= ctr.name %>"
+    image: "<%= ctr.image %>"
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    <%- ctr.env.each_pair do |name, value| -%>
+    - name: <%= name %>
+      value: "<%= value %>"
+    <%- end # for each env -%>
+    command:
+    <%- ctr.command.each do |cmd| -%>
+    - "<%= cmd %>"
+    <%- end # command loop -%>
+    <%- if configmap.init_mounts? || !all_mounts.empty? -%>
+    volumeMounts:
+    <%- configmap.files.each do |file| -%>
+    <%- next if file.init_mount_path.nil? -%>
+    - name: configmap-volume
+      mountPath: <%= file.init_mount_path %>
+      <%- unless file.init_sub_path.nil? -%>
+      subPath: <%= file.init_sub_path %>
+      <%- end # end unless file.sub_path.nil? -%>
+    <%- end # end configmap.files.each -%>
+    <%- all_mounts.each do |mount| -%>
+    - name: <%= mount[:name] %>
+      mountPath: <%= mount[:destination_path] %>
+    <%- end # for each mount -%>
+    <%- end # if config_map init mounts and all_mounts not empty -%>
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - all
+      privileged: false
+  <%- end # init container loop -%>
+  <%- end # if init containers -%>
+  <%- unless (configmap.to_s.empty? && all_mounts.empty?) -%>
+  volumes:
+  <%- unless configmap.to_s.empty? -%>
+  - name: configmap-volume
+    configMap:
+      name: <%= configmap_name(id) %>
+  <%- end -%>
+  <%- all_mounts.each do |mount| -%>
+  <%- if mount[:type] == 'nfs' -%>
+  - name: <%= mount[:name] %>
+    nfs:
+      server: <%= mount[:host] %>
+      path: <%= mount[:path] %>
+  <%- elsif mount[:type] == 'host' -%>
+  - name: <%= mount[:name] %>
+    hostPath:
+      path: <%= mount[:path] %>
+      type: <%= mount[:host_type] %>
+  <%- end # if mount is [host,nfs] -%>
+  <%- end # for each mount -%>
+  <%- end # (configmap.to_s.empty? || all_mounts.empty?) -%>
+---
+<%- unless spec.container.port.nil? -%>
+apiVersion: v1
+kind: Service
+metadata:
+  name: <%= service_name(id) %>
+  namespace: <%= namespace %>
+  labels:
+    job: <%= id %>
+spec:
+  selector:
+    job: <%= id %>
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: <%= spec.container.port %>
+  type: NodePort
+<%- end # end for service -%>
+---
+<%- unless configmap.nil? -%>
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: <%= configmap_name(id) %>
+  namespace: <%= namespace %>
+  labels:
+    job: <%= id %>
+data:
+<%- configmap.files.each do |file| -%>
+  <%- next if file.data.nil? || file.filename.nil? -%>
+  <%= file.filename %>: |
+    <% config_data_lines(file.data).each do |line| %><%= line %><% end %>
+<%- end # end for configmap files -%>
+<%- end # end configmap.nil? %>