RubyGems - tobsch-krane - Versions diffs - 1.0.0 - Mend

tobsch-krane 1.0.0

Files changed (99) hide show

checksums.yaml +7 -0
data/.buildkite/pipeline.nightly.yml +43 -0
data/.github/probots.yml +2 -0
data/.gitignore +20 -0
data/.rubocop.yml +17 -0
data/.shopify-build/VERSION +1 -0
data/.shopify-build/kubernetes-deploy.yml +53 -0
data/1.0-Upgrade.md +185 -0
data/CHANGELOG.md +431 -0
data/CODE_OF_CONDUCT.md +46 -0
data/CONTRIBUTING.md +164 -0
data/Gemfile +16 -0
data/ISSUE_TEMPLATE.md +25 -0
data/LICENSE.txt +21 -0
data/README.md +655 -0
data/Rakefile +36 -0
data/bin/ci +21 -0
data/bin/setup +16 -0
data/bin/test +47 -0
data/dev.yml +28 -0
data/dev/flamegraph-from-tests +35 -0
data/exe/krane +5 -0
data/krane.gemspec +44 -0
data/lib/krane.rb +7 -0
data/lib/krane/bindings_parser.rb +88 -0
data/lib/krane/cli/deploy_command.rb +75 -0
data/lib/krane/cli/global_deploy_command.rb +54 -0
data/lib/krane/cli/krane.rb +91 -0
data/lib/krane/cli/render_command.rb +41 -0
data/lib/krane/cli/restart_command.rb +34 -0
data/lib/krane/cli/run_command.rb +54 -0
data/lib/krane/cli/version_command.rb +13 -0
data/lib/krane/cluster_resource_discovery.rb +113 -0
data/lib/krane/common.rb +23 -0
data/lib/krane/concerns/template_reporting.rb +29 -0
data/lib/krane/concurrency.rb +18 -0
data/lib/krane/container_logs.rb +106 -0
data/lib/krane/deferred_summary_logging.rb +95 -0
data/lib/krane/delayed_exceptions.rb +14 -0
data/lib/krane/deploy_task.rb +363 -0
data/lib/krane/deploy_task_config_validator.rb +29 -0
data/lib/krane/duration_parser.rb +27 -0
data/lib/krane/ejson_secret_provisioner.rb +154 -0
data/lib/krane/errors.rb +28 -0
data/lib/krane/formatted_logger.rb +57 -0
data/lib/krane/global_deploy_task.rb +210 -0
data/lib/krane/global_deploy_task_config_validator.rb +12 -0
data/lib/krane/kubeclient_builder.rb +156 -0
data/lib/krane/kubectl.rb +120 -0
data/lib/krane/kubernetes_resource.rb +621 -0
data/lib/krane/kubernetes_resource/cloudsql.rb +43 -0
data/lib/krane/kubernetes_resource/config_map.rb +22 -0
data/lib/krane/kubernetes_resource/cron_job.rb +18 -0
data/lib/krane/kubernetes_resource/custom_resource.rb +87 -0
data/lib/krane/kubernetes_resource/custom_resource_definition.rb +98 -0
data/lib/krane/kubernetes_resource/daemon_set.rb +90 -0
data/lib/krane/kubernetes_resource/deployment.rb +213 -0
data/lib/krane/kubernetes_resource/horizontal_pod_autoscaler.rb +65 -0
data/lib/krane/kubernetes_resource/ingress.rb +18 -0
data/lib/krane/kubernetes_resource/job.rb +60 -0
data/lib/krane/kubernetes_resource/network_policy.rb +22 -0
data/lib/krane/kubernetes_resource/persistent_volume_claim.rb +80 -0
data/lib/krane/kubernetes_resource/pod.rb +269 -0
data/lib/krane/kubernetes_resource/pod_disruption_budget.rb +23 -0
data/lib/krane/kubernetes_resource/pod_set_base.rb +71 -0
data/lib/krane/kubernetes_resource/pod_template.rb +20 -0
data/lib/krane/kubernetes_resource/replica_set.rb +92 -0
data/lib/krane/kubernetes_resource/resource_quota.rb +22 -0
data/lib/krane/kubernetes_resource/role.rb +22 -0
data/lib/krane/kubernetes_resource/role_binding.rb +22 -0
data/lib/krane/kubernetes_resource/secret.rb +24 -0
data/lib/krane/kubernetes_resource/service.rb +104 -0
data/lib/krane/kubernetes_resource/service_account.rb +22 -0
data/lib/krane/kubernetes_resource/stateful_set.rb +70 -0
data/lib/krane/label_selector.rb +42 -0
data/lib/krane/oj.rb +4 -0
data/lib/krane/options_helper.rb +39 -0
data/lib/krane/remote_logs.rb +60 -0
data/lib/krane/render_task.rb +118 -0
data/lib/krane/renderer.rb +118 -0
data/lib/krane/resource_cache.rb +68 -0
data/lib/krane/resource_deployer.rb +265 -0
data/lib/krane/resource_watcher.rb +171 -0
data/lib/krane/restart_task.rb +228 -0
data/lib/krane/rollout_conditions.rb +103 -0
data/lib/krane/runner_task.rb +212 -0
data/lib/krane/runner_task_config_validator.rb +18 -0
data/lib/krane/statsd.rb +65 -0
data/lib/krane/task_config.rb +22 -0
data/lib/krane/task_config_validator.rb +96 -0
data/lib/krane/template_sets.rb +173 -0
data/lib/krane/version.rb +4 -0
data/pull_request_template.md +8 -0
data/screenshots/deploy-demo.gif +0 -0
data/screenshots/migrate-logs.png +0 -0
data/screenshots/missing-secret-fail.png +0 -0
data/screenshots/success.png +0 -0
data/screenshots/test-output.png +0 -0
metadata +375 -0

data/lib/krane/kubernetes_resource/pod_disruption_budget.rb ADDED

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module Krane
+  class PodDisruptionBudget < KubernetesResource
+    TIMEOUT = 10.seconds
+    def status
+      exists? ? "Available" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists? && observed_generation == current_generation
+    end
+    def deploy_method
+      # Required until https://github.com/kubernetes/kubernetes/issues/45398 changes
+      uses_generate_name? ? :create : :replace_force
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/pod_set_base.rb ADDED

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+require 'krane/kubernetes_resource/pod'
+module Krane
+  class PodSetBase < KubernetesResource
+    def failure_message
+      pods.map(&:failure_message).compact.uniq.join("\n")
+    end
+    def timeout_message
+      pods.map(&:timeout_message).compact.uniq.join("\n")
+    end
+    def fetch_events(kubectl)
+      own_events = super
+      return own_events unless pods.present?
+      most_useful_pod = pods.find(&:deploy_failed?) || pods.find(&:deploy_timed_out?) || pods.first
+      own_events.merge(most_useful_pod.fetch_events(kubectl))
+    end
+    def fetch_debug_logs
+      logs = Krane::RemoteLogs.new(
+        logger: @logger,
+        parent_id: id,
+        container_names: container_names,
+        namespace: @namespace,
+        context: @context
+      )
+      logs.sync
+      logs
+    end
+    def print_debug_logs?
+      pods.present? # the kubectl command times out if no pods exist
+    end
+    private
+    def pods
+      raise NotImplementedError, "Subclasses must define a `pods` accessor"
+    end
+    def parent_of_pod?(_)
+      raise NotImplementedError, "Subclasses must define a `parent_of_pod?` method"
+    end
+    def container_names
+      regular_containers = @definition["spec"]["template"]["spec"]["containers"].map { |c| c["name"] }
+      init_containers = @definition["spec"]["template"]["spec"].fetch("initContainers", {}).map { |c| c["name"] }
+      regular_containers + init_containers
+    end
+    def find_pods(cache)
+      all_pods = cache.get_all(Pod.kind, @instance_data["spec"]["selector"]["matchLabels"])
+      all_pods.each_with_object([]) do |pod_data, relevant_pods|
+        next unless parent_of_pod?(pod_data)
+        pod = Pod.new(
+          namespace: namespace,
+          context: context,
+          definition: pod_data,
+          logger: @logger,
+          parent: "#{name.capitalize} #{type}",
+          deploy_started_at: @deploy_started_at
+        )
+        pod.sync(cache)
+        relevant_pods << pod
+      end
+    end
+  end
+end

data/lib/krane/kubernetes_resource/pod_template.rb ADDED

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+module Krane
+  class PodTemplate < KubernetesResource
+    def status
+      exists? ? "Available" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/replica_set.rb ADDED

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+require 'krane/kubernetes_resource/pod_set_base'
+module Krane
+  class ReplicaSet < PodSetBase
+    TIMEOUT = 5.minutes
+    attr_reader :pods
+    def initialize(namespace:, context:, definition:, logger:, statsd_tags: nil,
+      parent: nil, deploy_started_at: nil)
+      @parent = parent
+      @deploy_started_at = deploy_started_at
+      @pods = []
+      super(namespace: namespace, context: context, definition: definition,
+            logger: logger, statsd_tags: statsd_tags)
+    end
+    def sync(cache)
+      super
+      @pods = fetch_pods_if_needed(cache) || []
+    end
+    def status
+      return super unless rollout_data.present?
+      rollout_data.map { |state_replicas, num| "#{num} #{state_replicas.chop.pluralize(num)}" }.join(", ")
+    end
+    def deploy_succeeded?
+      return false if stale_status?
+      desired_replicas == rollout_data["availableReplicas"].to_i &&
+      desired_replicas == rollout_data["readyReplicas"].to_i
+    end
+    def deploy_failed?
+      pods.present? &&
+      pods.all?(&:deploy_failed?) &&
+      !stale_status?
+    end
+    def desired_replicas
+      return -1 unless exists?
+      @instance_data["spec"]["replicas"].to_i
+    end
+    def ready_replicas
+      return -1 unless exists?
+      rollout_data['readyReplicas'].to_i
+    end
+    def available_replicas
+      return -1 unless exists?
+      rollout_data["availableReplicas"].to_i
+    end
+    private
+    def stale_status?
+      observed_generation != current_generation
+    end
+    def fetch_pods_if_needed(cache)
+      # If the ReplicaSet doesn't exist, its pods won't either
+      return unless exists?
+      # If the status hasn't been updated yet, we're not going to make a determination anyway
+      return if stale_status?
+      # If we don't want any pods at all, we don't need to look for them
+      return if desired_replicas == 0
+      # We only need to fetch pods so that deploy_failed? can check that they aren't ALL bad.
+      # If we can already tell some pods are ok from the RS data, don't bother fetching them (which can be expensive)
+      # Lower numbers here make us more susceptible to being fooled by replicas without probes briefly appearing ready
+      return if ready_replicas > 1
+      find_pods(cache)
+    end
+    def rollout_data
+      return { "replicas" => 0 } unless exists?
+      { "replicas" => 0 }.merge(
+        @instance_data["status"].slice("replicas", "availableReplicas", "readyReplicas")
+      )
+    end
+    def parent_of_pod?(pod_data)
+      return false unless pod_data.dig("metadata", "ownerReferences")
+      pod_data["metadata"]["ownerReferences"].any? { |ref| ref["uid"] == @instance_data["metadata"]["uid"] }
+    end
+    def unmanaged?
+      @parent.blank?
+    end
+  end
+end

data/lib/krane/kubernetes_resource/resource_quota.rb ADDED

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Krane
+  class ResourceQuota < KubernetesResource
+    TIMEOUT = 30.seconds
+    def status
+      exists? ? "In effect" : "Not Found"
+    end
+    def deploy_succeeded?
+      @instance_data.dig("spec", "hard") == @instance_data.dig("status", "hard")
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/role.rb ADDED

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Krane
+  class Role < KubernetesResource
+    TIMEOUT = 30.seconds
+    def status
+      exists? ? "Created" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/role_binding.rb ADDED

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Krane
+  class RoleBinding < KubernetesResource
+    TIMEOUT = 30.seconds
+    def status
+      exists? ? "Created" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/secret.rb ADDED

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module Krane
+  class Secret < KubernetesResource
+    TIMEOUT = 30.seconds
+    SENSITIVE_TEMPLATE_CONTENT = true
+    SERVER_DRY_RUNNABLE = true
+    def status
+      exists? ? "Available" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/service.rb ADDED

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+require 'krane/kubernetes_resource/pod'
+module Krane
+  class Service < KubernetesResource
+    TIMEOUT = 7.minutes
+    def sync(cache)
+      super
+      if exists? && selector.present?
+        @related_pods = cache.get_all(Pod.kind, selector)
+        @related_workloads = fetch_related_workloads(cache)
+      else
+        @related_pods = []
+        @related_workloads = []
+      end
+    end
+    def status
+      if !exists?
+        "Not found"
+      elsif requires_publishing? && !published?
+        "LoadBalancer IP address is not provisioned yet"
+      elsif !requires_endpoints?
+        "Doesn't require any endpoints"
+      elsif selects_some_pods?
+        "Selects at least 1 pod"
+      else
+        "Selects 0 pods"
+      end
+    end
+    def deploy_succeeded?
+      return false unless exists?
+      return published? if requires_publishing?
+      return exists? unless requires_endpoints?
+      # We can't use endpoints if we want the service to be able to fail fast when the pods are down
+      exposes_zero_replica_workload? || selects_some_pods?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      "This service does not seem to select any pods and this is likely invalid. "\
+      "Please confirm the spec.selector is correct and the targeted workload is healthy."
+    end
+    private
+    def fetch_related_workloads(cache)
+      related_deployments = cache.get_all(Deployment.kind)
+      related_statefulsets = cache.get_all(StatefulSet.kind)
+      (related_deployments + related_statefulsets).select do |workload|
+        selector.all? { |k, v| workload['spec']['template']['metadata']['labels'][k] == v }
+      end
+    end
+    def exposes_zero_replica_workload?
+      return false unless related_replica_count
+      related_replica_count == 0
+    end
+    def requires_endpoints?
+      # services of type External don't have endpoints
+      return false if external_name_svc?
+      # problem counting replicas - by default, assume endpoints are required
+      return true if related_replica_count.blank?
+      related_replica_count > 0
+    end
+    def selects_some_pods?
+      return false unless selector.present?
+      @related_pods.present?
+    end
+    def selector
+      @definition["spec"].fetch("selector", {})
+    end
+    def related_replica_count
+      return 0 unless selector.present?
+      if @related_workloads.present?
+        @related_workloads.inject(0) { |sum, d| sum + d["spec"]["replicas"].to_i }
+      end
+    end
+    def external_name_svc?
+      @definition["spec"]["type"] == "ExternalName"
+    end
+    def requires_publishing?
+      @definition["spec"]["type"] == "LoadBalancer"
+    end
+    def published?
+      @instance_data.dig('status', 'loadBalancer', 'ingress').present?
+    end
+  end
+end

data/lib/krane/kubernetes_resource/service_account.rb ADDED

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Krane
+  class ServiceAccount < KubernetesResource
+    TIMEOUT = 30.seconds
+    def status
+      exists? ? "Created" : "Not Found"
+    end
+    def deploy_succeeded?
+      exists?
+    end
+    def deploy_failed?
+      false
+    end
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/stateful_set.rb ADDED

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+require 'krane/kubernetes_resource/pod_set_base'
+module Krane
+  class StatefulSet < PodSetBase
+    TIMEOUT = 10.minutes
+    ONDELETE = 'OnDelete'
+    attr_reader :pods
+    def sync(cache)
+      super
+      @pods = exists? ? find_pods(cache) : []
+    end
+    def status
+      return super unless @instance_data["status"].present?
+      rollout_data = @instance_data["status"].slice("replicas", "readyReplicas", "currentReplicas")
+      rollout_data.map { |state_replicas, num| "#{num} #{state_replicas.chop.pluralize(num)}" }.join(", ")
+    end
+    def deploy_succeeded?
+      if update_strategy == ONDELETE
+        # Gem cannot monitor update since it doesn't occur until delete
+        unless @success_assumption_warning_shown
+          @logger.warn("WARNING: Your StatefulSet's updateStrategy is set to OnDelete, "\
+                       "which means updates will not be applied until its pods are deleted. "\
+                       "Consider switching to rollingUpdate.")
+          @success_assumption_warning_shown = true
+        end
+        true
+      else
+        observed_generation == current_generation &&
+        status_data['currentRevision'] == status_data['updateRevision'] &&
+        desired_replicas == status_data['readyReplicas'].to_i &&
+        desired_replicas == status_data['currentReplicas'].to_i
+      end
+    end
+    def deploy_failed?
+      return false if update_strategy == ONDELETE
+      pods.present? && pods.any?(&:deploy_failed?) &&
+      observed_generation == current_generation
+    end
+    private
+    def update_strategy
+      if exists?
+        @instance_data['spec']['updateStrategy']['type']
+      else
+        'Unknown'
+      end
+    end
+    def status_data
+      return { 'readyReplicas' => '-1', 'currentReplicas' => '-2' } unless exists?
+      @instance_data["status"]
+    end
+    def desired_replicas
+      return -1 unless exists?
+      @instance_data["spec"]["replicas"].to_i
+    end
+    def parent_of_pod?(pod_data)
+      return false unless pod_data.dig("metadata", "ownerReferences")
+      pod_data["metadata"]["ownerReferences"].any? { |ref| ref["uid"] == @instance_data["metadata"]["uid"] } &&
+      @instance_data["status"]["currentRevision"] == pod_data["metadata"]["labels"]["controller-revision-hash"]
+    end
+  end
+end