seira 0.3.7 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a66eccb73df5cd20cda9716c793546964c39698a
-  data.tar.gz: a9aa6dd6d05feff2597790ed469ad532beb19ef3
+  metadata.gz: 6bcdddd7385af9bd0c795472c6f1fe911d9586b1
+  data.tar.gz: ad65f785990edea62925605e04bba6b4d116cd93
 SHA512:
-  metadata.gz: 36eb393a778a70f2147012d9cbe9698c5293bfc743a9349e5cd2053df7a09d8fcd7cd0c28566fb607d710cee97da9a873210617066ea5c4c77a820245ad1c6e7
-  data.tar.gz: afcbbed1d2388ef1c635aa010a30f486ddacf3d11e2e100018f22e964c621a626661bde901d54b1c612562eeeac135003fabab145576f3034bb20204f1e95ecc
+  metadata.gz: a7c87cba6fa27f9debf2f11b0db52ecab602465e92e77c1a9774f875152d79c1b11b996d05dfcfbc671731a5557b2fb975031dad69c08a5709892e1b79593eb0
+  data.tar.gz: 5e8d13d180754d03d0abeb381047efae3ae65eb795bb6320f36fe3e5ce81915ac2ca530108571ae90451f1a1c0aa7dd6b760ea1b1e4ac35f9ac779acada61ae5

data/lib/helpers.rb

@@ -11,23 +11,23 @@ module Seira
         end
       end
 
-      def fetch_pods(filters:, app:)
-        filter_string = { app: app }.merge(filters).map { |k, v| "#{k}=#{v}" }.join(',')
-        output = Seira::Commands.kubectl("get pods -o json --selector=#{filter_string}", context: { app: app }, return_output: true)
+      def fetch_pods(filters:, context:)
+        filter_string = { app: context[:app] }.merge(filters).map { |k, v| "#{k}=#{v}" }.join(',')
+        output = Seira::Commands.kubectl("get pods -o json --selector=#{filter_string}", context: context, return_output: true)
         JSON.parse(output)['items']
       end
 
-      def log_link(context:, app:, query:)
+      def log_link(context:, query:)
         link = context[:settings].log_link_format
         return nil if link.nil?
-        link.gsub! 'APP', app
+        link.gsub! 'APP', context[:app]
         link.gsub! 'CLUSTER', context[:cluster]
         link.gsub! 'QUERY', query
         link
       end
 
-      def get_secret(app:, key:, context: {})
-        Secrets.new(app: app, action: 'get', args: [], context: context).get(key)
+      def get_secret(key:, context:)
+        Secrets.new(app: context[:app], action: 'get', args: [], context: context).get(key)
       end
     end
   end

data/lib/seira/app.rb

@@ -77,9 +77,16 @@ module Seira
     # Kube vanilla based upgrade
     def run_apply(restart: false)
       async = false
+      revision = nil
+      deployment = :all
+
       args.each do |arg|
         if arg == '--async'
           async = true
+        elsif arg.start_with? '--deployment='
+          deployment = arg.split('=')[1]
+        elsif revision.nil?
+          revision = arg
         else
           puts "Warning: unrecognized argument #{arg}"
         end
@@ -87,7 +94,7 @@ module Seira
 
       Dir.mktmpdir do |dir|
         destination = "#{dir}/#{context[:cluster]}/#{app}"
-        revision = args.first || ENV['REVISION']
+        revision ||= ENV['REVISION']
 
         if revision.nil?
           current_revision = ask_cluster_for_current_revision
@@ -116,12 +123,20 @@ module Seira
           replacement_hash: replacement_hash
         )
 
-        kubectl("apply -f #{destination}", context: context)
+        to_apply = destination
+        to_apply += "/#{deployment}.yaml" unless deployment == :all
+        kubectl("apply -f #{to_apply}", context: context)
 
         unless async
           puts "Monitoring rollout status..."
           # Wait for rollout of all deployments to complete (running `kubectl rollout status` in parallel via xargs)
-          exit 1 unless system("kubectl get deployments -n #{app} -o name | xargs -n1 -P10 kubectl rollout status -n #{app}")
+          rollout_wait_command =
+            if deployment == :all
+              "kubectl get deployments -n #{app} -o name | xargs -n1 -P10 kubectl rollout status -n #{app}"
+            else
+              "kubectl rollout status -n #{app} deployments/#{app}-#{deployment}"
+            end
+          exit 1 unless system(rollout_wait_command)
         end
       end
     end

data/lib/seira/db.rb

@@ -47,7 +47,7 @@ module Seira
 
     # NOTE: Relies on the pgbouncer instance being named based on the db name, as is done in create command
     def primary_instance
-      database_url = Helpers.get_secret(app: app, key: 'DATABASE_URL')
+      database_url = Helpers.get_secret(context: context, key: 'DATABASE_URL')
       return nil unless database_url
 
       primary_uri = URI.parse(database_url)
@@ -105,7 +105,7 @@ module Seira
     def run_connect
       name = args[0] || primary_instance
       puts "Connecting to #{name}..."
-      root_password = Helpers.get_secret(app: app, key: "#{name.tr('-', '_').upcase}_ROOT_PASSWORD") || "Not found in secrets"
+      root_password = Helpers.get_secret(context: context, key: "#{name.tr('-', '_').upcase}_ROOT_PASSWORD") || "Not found in secrets"
       puts "Your root password for 'postgres' user is: #{root_password}"
       system("gcloud sql connect #{name}")
     end
@@ -239,7 +239,7 @@ module Seira
       # TODO(josh): move pgbouncer naming logic here and in Create to a common location
       instance_name = primary_instance
       tier = instance_name.gsub("#{app}-", '')
-      matching_pods = Helpers.fetch_pods(app: app, filters: { tier: tier })
+      matching_pods = Helpers.fetch_pods(context: context, filters: { tier: tier })
       if matching_pods.empty?
         puts 'Could not find pgbouncer pod to connect to'
         exit 1
@@ -247,7 +247,7 @@ module Seira
       pod_name = matching_pods.first['metadata']['name']
       psql_command =
         if as_admin
-          root_password = Helpers.get_secret(app: app, key: "#{instance_name.tr('-', '_').upcase}_ROOT_PASSWORD")
+          root_password = Helpers.get_secret(context: context, key: "#{instance_name.tr('-', '_').upcase}_ROOT_PASSWORD")
           "psql postgres://postgres:#{root_password}@127.0.0.1:5432"
         else
           'psql'

data/lib/seira/db/create.rb

@@ -161,12 +161,12 @@ module Seira
           create_pgbouncer_secret(db_user: 'proxyuser', db_password: proxyuser_password)
           Secrets.new(app: app, action: 'set', args: ["#{env_name}_ROOT_PASSWORD=#{root_password}"], context: context).run
           # Set DATABASE_URL if not already set
-          write_database_env(key: "DATABASE_URL", db_user: 'proxyuser', db_password: proxyuser_password) if Helpers.get_secret(app: app, key: "DATABASE_URL").nil?
+          write_database_env(key: "DATABASE_URL", db_user: 'proxyuser', db_password: proxyuser_password) if Helpers.get_secret(context: context, key: "DATABASE_URL").nil?
           write_database_env(key: "#{env_name}_DB_URL", db_user: 'proxyuser', db_password: proxyuser_password)
         else
           # When creating a replica, we cannot manage users on the replica. We must manage the users on the primary, which the replica
           # inherits. For now we will use the same credentials that the primary uses.
-          primary_uri = URI.parse(Helpers.get_secret(app: app, key: 'DATABASE_URL'))
+          primary_uri = URI.parse(Helpers.get_secret(context: context, key: 'DATABASE_URL'))
           primary_user = primary_uri.user
           primary_password = primary_uri.password
           create_pgbouncer_secret(db_user: primary_user, db_password: primary_password)
@@ -238,7 +238,7 @@ metadata:
     tier: #{pgbouncer_tier}
     database: #{name}
 spec:
-  replicas: 1
+  replicas: 2
   minReadySeconds: 20
   strategy:
     type: RollingUpdate
@@ -281,7 +281,7 @@ spec:
           resources:
             requests:
               cpu: 100m
-              memory: 300m
+              memory: 300Mi
         - image: gcr.io/cloudsql-docker/gce-proxy:1.11    # Gcloud SQL Proxy
           name: cloudsql-proxy
           command:

data/lib/seira/jobs.rb

@@ -67,6 +67,7 @@ module Seira
 
         if arg == '--async'
           async = true
+          no_delete = true
         elsif arg == '--no-delete'
           no_delete = true
         else
@@ -76,11 +77,6 @@ module Seira
         args.shift
       end
 
-      if async && !no_delete
-        puts "Cannot delete Job after running if Job is async, since we don't know when it finishes."
-        exit(1)
-      end
-
       # TODO: Configurable CPU and memory by args such as large, small, xlarge.
       command = args.join(' ')
       unique_name = "#{app}-run-#{Random.unique_name}"
@@ -112,7 +108,7 @@ module Seira
         File.open("#{destination}/#{file_name}", 'w') { |file| file.write(new_contents) }
 
         kubectl("apply -f #{destination}", context: context)
-        log_link = Helpers.log_link(context: context, app: app, query: unique_name)
+        log_link = Helpers.log_link(context: context, query: unique_name)
         puts "View logs at: #{log_link}" unless log_link.nil?
       end
 
@@ -142,6 +138,9 @@ module Seira
           print "Job finished with status #{status}. Deleting Job from cluster for cleanup."
           kubectl("delete job #{unique_name}", context: context)
         end
+
+        # If the job did not succeed, exit nonzero so calling scripts know something went wrong
+        exit(1) unless status == "succeeded"
       end
     end
   end

data/lib/seira/pods.rb

@@ -63,110 +63,89 @@ module Seira
     end
 
     def run_connect
-      # If a pod name is specified, connect to that pod; otherwise pick a random web pod
-      target_pod_name = pod_name || Helpers.fetch_pods(app: app, filters: { tier: 'web' }).sample&.dig('metadata', 'name')
+      tier = nil
+      pod_name = nil
+      dedicated = false
+      command = 'sh'
 
-      if target_pod_name
-        connect_to_pod(target_pod_name)
-      else
-        puts "Could not find web pod to connect to"
-      end
-    end
-
-    def run_run
-      # Set defaults
-      tier = 'web'
-      clear_commands = false
-      detached = false
-      container_name = app
-
-      # Loop through args and process any that aren't just the command to run
-      loop do
-        arg = args.first
-        if arg.nil?
-          puts 'Please specify a command to run'
-          exit(1)
-        end
-        break unless arg.start_with? '--'
+      args.each do |arg|
         if arg.start_with? '--tier='
           tier = arg.split('=')[1]
-        elsif arg == '--clear-commands'
-          clear_commands = true
-        elsif arg == '--detached'
-          detached = true
-        elsif arg.start_with? '--container='
-          container_name = arg.split('=')[1]
+        elsif arg.start_with? '--pod='
+          pod_name = arg.split('=')[1]
+        elsif arg.start_with? '--command='
+          command = arg.split('=')[1..-1].join('=')
+        elsif arg == '--dedicated'
+          dedicated = true
         else
           puts "Warning: Unrecognized argument #{arg}"
         end
-        args.shift
       end
 
-      # Any remaining args are the command to run
-      command = args.join(' ')
-
-      # Find a 'template' pod from the proper tier
-      template_pod = Helpers.fetch_pods(app: app, filters: { tier: tier }).first
-      if template_pod.nil?
-        puts "Unable to find #{tier} tier pod to copy config from"
+      # If a pod name is specified, connect to that pod
+      # If a tier is specified, connect to a random pod from that tier
+      # Otherwise connect to a terminal pod
+      target_pod = pod_name || Helpers.fetch_pods(context: context, filters: { tier: tier || 'terminal' }).sample
+      if target_pod.nil?
+        puts 'Could not find pod to connect to'
         exit(1)
       end
 
-      # Use that template pod's configuration to create a new temporary pod
-      temp_name = "#{app}-temp-#{Random.unique_name}"
-      spec = template_pod['spec']
-      temp_pod = {
-        apiVersion: template_pod['apiVersion'],
-        kind: 'Pod',
-        spec: spec,
-        metadata: {
-          name: temp_name
+      if dedicated
+        # Create a dedicated temp pod to run in
+        # This is useful if you would like to have a persistent connection that doesn't get killed
+        # when someone updates the terminal deployment, or if you want to avoid noisy neighbors
+        # connected to the same pod.
+        temp_name = "temp-#{Random.unique_name}"
+
+        # Construct a spec for the temp pod
+        spec = target_pod['spec']
+        temp_pod = {
+          apiVersion: target_pod['apiVersion'],
+          kind: 'Pod',
+          spec: spec,
+          metadata: {
+            name: temp_name
+          }
         }
-      }
-      spec['restartPolicy'] = 'Never'
-      if clear_commands
+        # Don't restart the pod when it dies
+        spec['restartPolicy'] = 'Never'
+        # Overwrite container commands with something that times out, so if the client disconnects
+        # there's a limited amount of time that the temp pod is still taking up resources
+        # Note that this will break a pods which depends on containers running real commands, but
+        # for a simple terminal pod it's fine
         spec['containers'].each do |container|
-          container['command'] = ['bash', '-c', 'tail -f /dev/null']
+          container['command'] = ['sleep', '86400'] # 86400 seconds = 24 hours
         end
-      end
 
-      if detached
-        target_container = spec['containers'].find { |container| container['name'] == container_name }
-        if target_container.nil?
-          puts "Could not find container '#{container_name}' to run command in"
+        puts 'Creating dedicated pod...'
+        unless system("kubectl --namespace=#{app} create -f - <<JSON\n#{temp_pod.to_json}\nJSON")
+          puts 'Failed to create dedicated pod'
           exit(1)
         end
-        target_container['command'] = ['bash', '-c', command]
-      end
-
-      puts "Creating temporary pod #{temp_name}"
-      unless system("kubectl --namespace=#{app} create -f - <<JSON\n#{temp_pod.to_json}\nJSON")
-        puts 'Failed to create pod'
-        exit(1)
-      end
 
-      unless detached
-        # Check pod status until it's ready to connect to
-        print 'Waiting for pod to start...'
+        print 'Waiting for dedicated pod to start...'
         loop do
-          pod = JSON.parse(`kubectl --namespace=#{app} get pods/#{temp_name} -o json`)
+          pod = JSON.parse(kubectl("get pods/#{temp_name} -o json", context: context, return_output: true))
           break if pod['status']['phase'] == 'Running'
           print '.'
           sleep 1
         end
         print "\n"
 
-        # Connect to the pod, running the specified command
         connect_to_pod(temp_name, command)
 
-        # Clean up
-        unless system("kubectl --namespace=#{app} delete pod #{temp_name}")
-          puts "Warning: failed to clean up pod #{temp_name}"
+        # Clean up on disconnect so temp pod isn't taking up resources
+        unless kubectl("delete pods/#{temp_name}", context: context)
+          puts 'Failed to delete temp pod'
         end
+      else
+        # If we don't need a dedicated pod, it's way easier - just connect to the already running one
+        connect_to_pod(target_pod.dig('metadata', 'name'))
       end
     end
 
-    def connect_to_pod(name, command = 'bash')
+    def connect_to_pod(name, command = 'sh')
       puts "Connecting to #{name}..."
       system("kubectl exec -ti #{name} --namespace=#{app} -- #{command}")
     end

data/lib/seira/version.rb

@@ -1,3 +1,3 @@
 module Seira
-  VERSION = "0.3.7".freeze
+  VERSION = "0.4.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: seira
 version: !ruby/object:Gem::Version
-  version: 0.3.7
+  version: 0.4.0
 platform: ruby
 authors:
 - Scott Ringwelski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-10 00:00:00.000000000 Z
+date: 2018-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: highline