tobsch-krane 1.0.0

data/lib/krane/rollout_conditions.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+module Krane
+  class RolloutConditionsError < StandardError
+  end
+
+  class RolloutConditions
+    VALID_FAILURE_CONDITION_KEYS = [:path, :value, :error_msg_path, :custom_error_msg]
+    VALID_SUCCESS_CONDITION_KEYS = [:path, :value]
+
+    class << self
+      def from_annotation(conditions_string)
+        return new(default_conditions) if conditions_string.downcase.strip == "true"
+
+        conditions = JSON.parse(conditions_string).slice('success_conditions', 'failure_conditions')
+        conditions.deep_symbolize_keys!
+
+        # Create JsonPath objects
+        conditions[:success_conditions]&.each do |query|
+          query.slice!(*VALID_SUCCESS_CONDITION_KEYS)
+          query[:path] = JsonPath.new(query[:path]) if query.key?(:path)
+        end
+        conditions[:failure_conditions]&.each do |query|
+          query.slice!(*VALID_FAILURE_CONDITION_KEYS)
+          query[:path] = JsonPath.new(query[:path]) if query.key?(:path)
+          query[:error_msg_path] = JsonPath.new(query[:error_msg_path]) if query.key?(:error_msg_path)
+        end
+
+        new(conditions)
+      rescue JSON::ParserError => e
+        raise RolloutConditionsError, "Rollout conditions are not valid JSON: #{e}"
+      rescue StandardError => e
+        raise RolloutConditionsError,
+          "Error parsing rollout conditions. " \
+          "This is most likely caused by an invalid JsonPath expression. Failed with: #{e}"
+      end
+
+      def default_conditions
+        {
+          success_conditions: [
+            {
+              path: JsonPath.new('$.status.conditions[?(@.type == "Ready")].status'),
+              value: "True",
+            },
+          ],
+          failure_conditions: [
+            {
+              path: JsonPath.new('$.status.conditions[?(@.type == "Failed")].status'),
+              value: "True",
+              error_msg_path: JsonPath.new('$.status.conditions[?(@.type == "Failed")].message'),
+            },
+          ],
+        }
+      end
+    end
+
+    def initialize(conditions)
+      @success_conditions = conditions.fetch(:success_conditions, [])
+      @failure_conditions = conditions.fetch(:failure_conditions, [])
+    end
+
+    def rollout_successful?(instance_data)
+      @success_conditions.all? do |query|
+        query[:path].first(instance_data) == query[:value]
+      end
+    end
+
+    def rollout_failed?(instance_data)
+      @failure_conditions.any? do |query|
+        query[:path].first(instance_data) == query[:value]
+      end
+    end
+
+    def failure_messages(instance_data)
+      @failure_conditions.map do |query|
+        next unless query[:path].first(instance_data) == query[:value]
+        query[:custom_error_msg].presence || query[:error_msg_path]&.first(instance_data)
+      end.compact
+    end
+
+    def validate!
+      errors = validate_conditions(@success_conditions, 'success_conditions')
+      errors += validate_conditions(@failure_conditions, 'failure_conditions', required: false)
+      raise RolloutConditionsError, errors.join(", ") unless errors.empty?
+    end
+
+    private
+
+    def validate_conditions(conditions, source_key, required: true)
+      return [] unless conditions.present? || required
+      errors = []
+      errors << "#{source_key} should be Array but found #{conditions.class}" unless conditions.is_a?(Array)
+      return errors if errors.present?
+      errors << "#{source_key} must contain at least one entry" if conditions.empty?
+      return errors if errors.present?
+
+      conditions.each do |query|
+        missing = [:path, :value].reject { |k| query.key?(k) }
+        errors << "Missing required key(s) for #{source_key.singularize}: #{missing}" if missing.present?
+      end
+      errors
+    end
+  end
+end

data/lib/krane/runner_task.rb

@@ -0,0 +1,212 @@
+# frozen_string_literal: true
+require 'tempfile'
+
+require 'krane/common'
+require 'krane/kubeclient_builder'
+require 'krane/kubectl'
+require 'krane/resource_cache'
+require 'krane/resource_watcher'
+require 'krane/kubernetes_resource'
+require 'krane/kubernetes_resource/pod'
+require 'krane/runner_task_config_validator'
+
+module Krane
+  # Run a pod that exits upon completing a task
+  class RunnerTask
+    class TaskTemplateMissingError < TaskConfigurationError; end
+
+    attr_reader :pod_name
+
+    # Initializes the runner task
+    #
+    # @param namespace [String] Kubernetes namespace (*required*)
+    # @param context [String] Kubernetes context / cluster (*required*)
+    # @param logger [Object] Logger object (defaults to an instance of Krane::FormattedLogger)
+    # @param global_timeout [Integer] Timeout in seconds
+    def initialize(namespace:, context:, logger: nil, global_timeout: nil)
+      @logger = logger || Krane::FormattedLogger.build(namespace, context)
+      @task_config = Krane::TaskConfig.new(context, namespace, @logger)
+      @namespace = namespace
+      @context = context
+      @global_timeout = global_timeout
+    end
+
+    # Runs the task, returning a boolean representing success or failure
+    #
+    # @return [Boolean]
+    def run(*args)
+      run!(*args)
+      true
+    rescue DeploymentTimeoutError, FatalDeploymentError
+      false
+    end
+
+    # Runs the task, raising exceptions in case of issues
+    #
+    # @param template [String] The filename of the template you'll be rendering (*required*)
+    # @param command [Array<String>] Override the default command in the container image
+    # @param arguments [Array<String>] Override the default arguments for the command
+    # @param env_vars [Array<String>] List of env vars
+    # @param verify_result [Boolean] Wait for completion and verify pod success
+    #
+    # @return [nil]
+    def run!(template:, command:, arguments:, env_vars: [], verify_result: true)
+      start = Time.now.utc
+      @logger.reset
+
+      @logger.phase_heading("Initializing task")
+
+      @logger.info("Validating configuration")
+      verify_config!(template)
+      @logger.info("Using namespace '#{@namespace}' in context '#{@context}'")
+
+      pod = build_pod(template, command, arguments, env_vars, verify_result)
+      validate_pod(pod)
+
+      @logger.phase_heading("Running pod")
+      create_pod(pod)
+
+      if verify_result
+        @logger.phase_heading("Streaming logs")
+        watch_pod(pod)
+      else
+        record_status_once(pod)
+      end
+      StatsD.client.distribution('task_runner.duration', StatsD.duration(start), tags: statsd_tags('success'))
+      @logger.print_summary(:success)
+    rescue DeploymentTimeoutError
+      StatsD.client.distribution('task_runner.duration', StatsD.duration(start), tags: statsd_tags('timeout'))
+      @logger.print_summary(:timed_out)
+      raise
+    rescue FatalDeploymentError
+      StatsD.client.distribution('task_runner.duration', StatsD.duration(start), tags: statsd_tags('failure'))
+      @logger.print_summary(:failure)
+      raise
+    end
+
+    private
+
+    def create_pod(pod)
+      @logger.info("Creating pod '#{pod.name}'")
+      pod.deploy_started_at = Time.now.utc
+      kubeclient.create_pod(pod.to_kubeclient_resource)
+      @pod_name = pod.name
+      @logger.info("Pod creation succeeded")
+    rescue Kubeclient::HttpError => e
+      msg = "Failed to create pod: #{e.class.name}: #{e.message}"
+      @logger.summary.add_paragraph(msg)
+      raise FatalDeploymentError, msg
+    end
+
+    def build_pod(template_name, command, args, env_vars, verify_result)
+      task_template = get_template(template_name)
+      @logger.info("Using template '#{template_name}'")
+      pod_template = build_pod_definition(task_template)
+      set_container_overrides!(pod_template, command, args, env_vars)
+      ensure_valid_restart_policy!(pod_template, verify_result)
+      Pod.new(namespace: @namespace, context: @context, logger: @logger, stream_logs: true,
+                    definition: pod_template.to_hash.deep_stringify_keys, statsd_tags: [])
+    end
+
+    def validate_pod(pod)
+      pod.validate_definition(kubectl)
+    end
+
+    def watch_pod(pod)
+      rw = ResourceWatcher.new(resources: [pod], timeout: @global_timeout,
+        operation_name: "run", task_config: @task_config)
+      rw.run(delay_sync: 1, reminder_interval: 30.seconds)
+      raise DeploymentTimeoutError if pod.deploy_timed_out?
+      raise FatalDeploymentError if pod.deploy_failed?
+    end
+
+    def record_status_once(pod)
+      cache = ResourceCache.new(@task_config)
+      pod.sync(cache)
+      warning = <<~STRING
+        #{ColorizedString.new('Result verification is disabled for this task.').yellow}
+        The following status was observed immediately after pod creation:
+        #{pod.pretty_status}
+      STRING
+      @logger.summary.add_paragraph(warning)
+    end
+
+    def verify_config!(task_template)
+      task_config_validator = RunnerTaskConfigValidator.new(task_template, @task_config, kubectl,
+        kubeclient_builder)
+      unless task_config_validator.valid?
+        @logger.summary.add_action("Configuration invalid")
+        @logger.summary.add_paragraph([task_config_validator.errors].map { |err| "- #{err}" }.join("\n"))
+        raise Krane::TaskConfigurationError
+      end
+    end
+
+    def get_template(template_name)
+      pod_template = kubeclient.get_pod_template(template_name, @namespace)
+      pod_template.template
+    rescue Kubeclient::ResourceNotFoundError
+      msg = "Pod template `#{template_name}` not found in namespace `#{@namespace}`, context `#{@context}`"
+      @logger.summary.add_paragraph(msg)
+      raise TaskTemplateMissingError, msg
+    rescue Kubeclient::HttpError => error
+      raise FatalKubeAPIError, "Error retrieving pod template: #{error.class.name}: #{error.message}"
+    end
+
+    def build_pod_definition(base_template)
+      pod_definition = base_template.dup
+      pod_definition.kind = 'Pod'
+      pod_definition.apiVersion = 'v1'
+      pod_definition.metadata.namespace = @namespace
+
+      unique_name = pod_definition.metadata.name + "-" + SecureRandom.hex(8)
+      @logger.warn("Name is too long, using '#{unique_name[0..62]}'") if unique_name.length > 63
+      pod_definition.metadata.name = unique_name[0..62]
+
+      pod_definition
+    end
+
+    def set_container_overrides!(pod_definition, command, args, env_vars)
+      container = pod_definition.spec.containers.find { |cont| cont.name == 'task-runner' }
+      if container.nil?
+        message = "Pod spec does not contain a template container called 'task-runner'"
+        @logger.summary.add_paragraph(message)
+        raise TaskConfigurationError, message
+      end
+
+      container.command = command if command
+      container.args = args if args
+
+      env_args = env_vars.map do |env|
+        key, value = env.split('=', 2)
+        { name: key, value: value }
+      end
+      container.env ||= []
+      container.env = container.env.map(&:to_h) + env_args
+    end
+
+    def ensure_valid_restart_policy!(template, verify)
+      restart_policy = template.spec.restartPolicy
+      if verify && restart_policy != "Never"
+        @logger.warn("Changed Pod RestartPolicy from '#{restart_policy}' to 'Never'. Disable "\
+          "result verification to use '#{restart_policy}'.")
+        template.spec.restartPolicy = "Never"
+      end
+    end
+
+    def kubectl
+      @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
+    end
+
+    def kubeclient
+      @kubeclient ||= kubeclient_builder.build_v1_kubeclient(@context)
+    end
+
+    def kubeclient_builder
+      @kubeclient_builder ||= KubeclientBuilder.new
+    end
+
+    def statsd_tags(status)
+      %W(namespace:#{@namespace} context:#{@context} status:#{status})
+    end
+  end
+end

data/lib/krane/runner_task_config_validator.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Krane
+  class RunnerTaskConfigValidator < TaskConfigValidator
+    def initialize(template, *arguments)
+      super(*arguments)
+      @template = template
+      @validations += %i(validate_template)
+    end
+
+    private
+
+    def validate_template
+      if @template.blank?
+        @errors << "Task template name can't be nil"
+      end
+    end
+  end
+end

data/lib/krane/statsd.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+require 'statsd-instrument'
+require 'logger'
+
+module Krane
+  class StatsD
+    PREFIX = "Krane"
+
+    def self.duration(start_time)
+      (Time.now.utc - start_time).round(1)
+    end
+
+    def self.client
+      @client ||= begin
+        sink = if ::StatsD::Instrument::Environment.current.env.fetch('STATSD_ENV', nil) == 'development'
+          ::StatsD::Instrument::LogSink.new(Logger.new($stderr))
+        elsif (addr = ::StatsD::Instrument::Environment.current.env.fetch('STATSD_ADDR', nil))
+          ::StatsD::Instrument::UDPSink.for_addr(addr)
+        else
+          ::StatsD::Instrument::NullSink.new
+        end
+        ::StatsD::Instrument::Client.new(prefix: PREFIX, sink: sink, default_sample_rate: 1.0)
+      end
+    end
+
+    module MeasureMethods
+      def measure_method(method_name, metric = nil)
+        unless method_defined?(method_name) || private_method_defined?(method_name)
+          raise NotImplementedError, "Cannot instrument undefined method #{method_name}"
+        end
+
+        unless const_defined?("InstrumentationProxy")
+          const_set("InstrumentationProxy", Module.new)
+          should_prepend = true
+        end
+
+        metric ||= "#{method_name}.duration"
+        self::InstrumentationProxy.send(:define_method, method_name) do |*args, &block|
+          begin
+            start_time = Time.now.utc
+            super(*args, &block)
+          rescue
+            error = true
+            raise
+          ensure
+            dynamic_tags = send(:statsd_tags) if respond_to?(:statsd_tags, true)
+            dynamic_tags ||= {}
+            if error
+              dynamic_tags[:error] = error if dynamic_tags.is_a?(Hash)
+              dynamic_tags << "error:#{error}" if dynamic_tags.is_a?(Array)
+            end
+
+            Krane::StatsD.client.distribution(
+              metric,
+              Krane::StatsD.duration(start_time),
+              tags: dynamic_tags
+            )
+          end
+        end
+
+        prepend(self::InstrumentationProxy) if should_prepend
+      end
+    end
+  end
+end

data/lib/krane/task_config.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'krane/cluster_resource_discovery'
+
+module Krane
+  class TaskConfig
+    attr_reader :context, :namespace, :logger
+
+    def initialize(context, namespace, logger = nil)
+      @context = context
+      @namespace = namespace
+      @logger = logger || FormattedLogger.build(@namespace, @context)
+    end
+
+    def global_kinds
+      @global_kinds ||= begin
+        cluster_resource_discoverer = ClusterResourceDiscovery.new(task_config: self)
+        cluster_resource_discoverer.fetch_resources(namespaced: false).map { |g| g["kind"] }
+      end
+    end
+  end
+end

data/lib/krane/task_config_validator.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+module Krane
+  class TaskConfigValidator
+    DEFAULT_VALIDATIONS = %i(
+      validate_kubeconfig
+      validate_context_exists_in_kubeconfig
+      validate_context_reachable
+      validate_server_version
+      validate_namespace_exists
+    ).freeze
+
+    delegate :context, :namespace, :logger, to: :@task_config
+
+    def initialize(task_config, kubectl, kubeclient_builder, only: nil)
+      @task_config = task_config
+      @kubectl = kubectl
+      @kubeclient_builder = kubeclient_builder
+      @errors = nil
+      @validations = only || DEFAULT_VALIDATIONS
+    end
+
+    def valid?
+      @errors = []
+      @validations.each do |validator_name|
+        break if @errors.present?
+        send(validator_name)
+      end
+      @errors.empty?
+    end
+
+    def errors
+      valid?
+      @errors
+    end
+
+    private
+
+    def validate_kubeconfig
+      @errors += @kubeclient_builder.validate_config_files
+    end
+
+    def validate_context_exists_in_kubeconfig
+      unless context.present?
+        return @errors << "Context can not be blank"
+      end
+
+      _, err, st = @kubectl.run("config", "get-contexts", context, "-o", "name",
+        use_namespace: false, use_context: false, log_failure: false)
+
+      unless st.success?
+        @errors << if err.match("error: context #{context} not found")
+          "Context #{context} missing from your kubeconfig file(s)"
+        else
+          "Something went wrong. #{err} "
+        end
+      end
+    end
+
+    def validate_context_reachable
+      _, err, st = @kubectl.run("get", "namespaces", "-o", "name",
+        use_namespace: false, log_failure: false)
+
+      unless st.success?
+        @errors << "Something went wrong connecting to #{context}. #{err} "
+      end
+    end
+
+    def validate_namespace_exists
+      unless namespace.present?
+        return @errors << "Namespace can not be blank"
+      end
+
+      _, err, st = @kubectl.run("get", "namespace", "-o", "name", namespace,
+        use_namespace: false, log_failure: false)
+
+      unless st.success?
+        @errors << if err.match("Error from server [(]NotFound[)]: namespace")
+          "Could not find Namespace: #{namespace} in Context: #{context}"
+        else
+          "Could not connect to kubernetes cluster. #{err}"
+        end
+      end
+    end
+
+    def validate_server_version
+      if @kubectl.server_version < Gem::Version.new(MIN_KUBE_VERSION)
+        logger.warn(server_version_warning(@kubectl.server_version))
+      end
+    end
+
+    def server_version_warning(server_version)
+      "Minimum cluster version requirement of #{MIN_KUBE_VERSION} not met. "\
+      "Using #{server_version} could result in unexpected behavior as it is no longer tested against"
+    end
+  end
+end