tobsch-krane 1.0.0

data/lib/krane/kubernetes_resource/cloudsql.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module Krane
+  class Cloudsql < KubernetesResource
+    TIMEOUT = 10.minutes
+
+    def sync(cache)
+      super
+      @proxy_deployment = cache.get_instance(Deployment.kind, "cloudsql-#{cloudsql_resource_uuid}")
+      @proxy_service = cache.get_instance(Service.kind, "cloudsql-#{@name}")
+    end
+
+    def status
+      deploy_succeeded? ? "Provisioned" : "Unknown"
+    end
+
+    def deploy_succeeded?
+      proxy_deployment_ready? && proxy_service_ready?
+    end
+
+    def deploy_failed?
+      false
+    end
+
+    private
+
+    def proxy_deployment_ready?
+      return false unless (status = @proxy_deployment["status"])
+      # all cloudsql-proxy pods are running
+      status.fetch("availableReplicas", -1) == status.fetch("replicas", 0)
+    end
+
+    def proxy_service_ready?
+      return false unless @proxy_service.present?
+      # the service has an assigned cluster IP and is therefore functioning
+      @proxy_service.dig("spec", "clusterIP").present?
+    end
+
+    def cloudsql_resource_uuid
+      return unless @instance_data
+      @instance_data.dig("metadata", "uid")
+    end
+  end
+end

data/lib/krane/kubernetes_resource/config_map.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Krane
+  class ConfigMap < KubernetesResource
+    TIMEOUT = 30.seconds
+
+    def deploy_succeeded?
+      exists?
+    end
+
+    def status
+      exists? ? "Available" : "Not Found"
+    end
+
+    def deploy_failed?
+      false
+    end
+
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/cron_job.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Krane
+  class CronJob < KubernetesResource
+    TIMEOUT = 30.seconds
+
+    def deploy_succeeded?
+      exists?
+    end
+
+    def deploy_failed?
+      !exists?
+    end
+
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/custom_resource.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+require 'jsonpath'
+
+module Krane
+  class CustomResource < KubernetesResource
+    TIMEOUT_MESSAGE_DIFFERENT_GENERATIONS = <<~MSG
+      This resource's status could not be used to determine rollout success because it is not up-to-date
+      (.metadata.generation != .status.observedGeneration).
+    MSG
+
+    def initialize(namespace:, context:, definition:, logger:, statsd_tags: [], crd:)
+      super(namespace: namespace, context: context, definition: definition,
+            logger: logger, statsd_tags: statsd_tags)
+      @crd = crd
+    end
+
+    def timeout
+      timeout_override || @crd.timeout_for_instance || TIMEOUT
+    end
+
+    def deploy_succeeded?
+      return super unless rollout_conditions
+      return false unless observed_generation == current_generation
+
+      rollout_conditions.rollout_successful?(@instance_data)
+    end
+
+    def deploy_failed?
+      return super unless rollout_conditions
+      return false unless observed_generation == current_generation
+
+      rollout_conditions.rollout_failed?(@instance_data)
+    end
+
+    def failure_message
+      return super unless rollout_conditions
+      messages = rollout_conditions.failure_messages(@instance_data)
+      messages.join("\n") if messages.present?
+    end
+
+    def timeout_message
+      if rollout_conditions && current_generation != observed_generation
+        TIMEOUT_MESSAGE_DIFFERENT_GENERATIONS
+      else
+        super
+      end
+    end
+
+    def status
+      if !exists? || rollout_conditions.nil?
+        super
+      elsif deploy_succeeded?
+        "Healthy"
+      elsif deploy_failed?
+        "Unhealthy"
+      else
+        "Unknown"
+      end
+    end
+
+    def type
+      kind
+    end
+
+    def validate_definition(*)
+      super
+
+      @crd.validate_rollout_conditions
+    rescue RolloutConditionsError => e
+      @validation_errors << "The CRD that specifies this resource is using invalid rollout conditions. " \
+      "Krane will not be able to continue until those rollout conditions are fixed.\n" \
+      "Rollout conditions can be found on the CRD that defines this resource (#{@crd.name}), " \
+      "under the annotation #{CustomResourceDefinition::ROLLOUT_CONDITIONS_ANNOTATION}.\n" \
+      "Validation failed with: #{e}"
+    end
+
+    private
+
+    def kind
+      @definition["kind"]
+    end
+
+    def rollout_conditions
+      @crd.rollout_conditions
+    end
+  end
+end

data/lib/krane/kubernetes_resource/custom_resource_definition.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+module Krane
+  class CustomResourceDefinition < KubernetesResource
+    TIMEOUT = 2.minutes
+    ROLLOUT_CONDITIONS_ANNOTATION_SUFFIX = "instance-rollout-conditions"
+    ROLLOUT_CONDITIONS_ANNOTATION = "krane.shopify.io/#{ROLLOUT_CONDITIONS_ANNOTATION_SUFFIX}"
+    TIMEOUT_FOR_INSTANCE_ANNOTATION = "krane.shopify.io/instance-timeout"
+    GLOBAL = true
+
+    def deploy_succeeded?
+      names_accepted_status == "True"
+    end
+
+    def deploy_failed?
+      names_accepted_status == "False"
+    end
+
+    def timeout_message
+      "The names this CRD is attempting to register were neither accepted nor rejected in time"
+    end
+
+    def timeout_for_instance
+      timeout = krane_annotation_value("instance-timeout")
+      DurationParser.new(timeout).parse!.to_i
+    rescue DurationParser::ParsingError
+      nil
+    end
+
+    def status
+      if !exists?
+        super
+      elsif deploy_succeeded?
+        "Names accepted"
+      else
+        "#{names_accepted_condition['reason']} (#{names_accepted_condition['message']})"
+      end
+    end
+
+    def group_version_kind
+      group = @definition.dig("spec", "group")
+      version = @definition.dig("spec", "version")
+      "#{group}/#{version}/#{kind}"
+    end
+
+    def kind
+      @definition.dig("spec", "names", "kind")
+    end
+
+    def prunable?
+      prunable = krane_annotation_value("prunable")
+      prunable == "true"
+    end
+
+    def predeployed?
+      predeployed = krane_annotation_value("predeployed")
+      predeployed.nil? || predeployed == "true"
+    end
+
+    def rollout_conditions
+      return @rollout_conditions if defined?(@rollout_conditions)
+
+      @rollout_conditions = if krane_annotation_value(ROLLOUT_CONDITIONS_ANNOTATION_SUFFIX)
+        RolloutConditions.from_annotation(krane_annotation_value(ROLLOUT_CONDITIONS_ANNOTATION_SUFFIX))
+      end
+    rescue RolloutConditionsError
+      @rollout_conditions = nil
+    end
+
+    def validate_definition(*)
+      super
+
+      validate_rollout_conditions
+    rescue RolloutConditionsError => e
+      @validation_errors << "Annotation #{krane_annotation_key(ROLLOUT_CONDITIONS_ANNOTATION_SUFFIX)} "\
+        "on #{name} is invalid: #{e}"
+    end
+
+    def validate_rollout_conditions
+      if krane_annotation_value(ROLLOUT_CONDITIONS_ANNOTATION_SUFFIX) && @rollout_conditions_validated.nil?
+        conditions = RolloutConditions.from_annotation(krane_annotation_value(ROLLOUT_CONDITIONS_ANNOTATION_SUFFIX))
+        conditions.validate!
+      end
+
+      @rollout_conditions_validated = true
+    end
+
+    private
+
+    def names_accepted_condition
+      conditions = @instance_data.dig("status", "conditions") || []
+      conditions.detect { |c| c["type"] == "NamesAccepted" } || {}
+    end
+
+    def names_accepted_status
+      names_accepted_condition["status"]
+    end
+  end
+end

data/lib/krane/kubernetes_resource/daemon_set.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+require "krane/kubernetes_resource/pod_set_base"
+module Krane
+  class DaemonSet < PodSetBase
+    TIMEOUT = 5.minutes
+    attr_reader :pods
+
+    def sync(cache)
+      super
+      @pods = exists? ? find_pods(cache) : []
+      @nodes = find_nodes(cache) if @nodes.blank?
+    end
+
+    def status
+      return super unless exists?
+      rollout_data.map { |state_replicas, num| "#{num} #{state_replicas}" }.join(", ")
+    end
+
+    def deploy_succeeded?
+      return false unless exists?
+      current_generation == observed_generation &&
+        rollout_data["desiredNumberScheduled"].to_i == rollout_data["updatedNumberScheduled"].to_i &&
+        relevant_pods_ready?
+    end
+
+    def deploy_failed?
+      pods.present? && pods.any?(&:deploy_failed?) &&
+      observed_generation == current_generation
+    end
+
+    def fetch_debug_logs
+      most_useful_pod = pods.find(&:deploy_failed?) || pods.find(&:deploy_timed_out?) || pods.first
+      most_useful_pod.fetch_debug_logs
+    end
+
+    def print_debug_logs?
+      pods.present? # the kubectl command times out if no pods exist
+    end
+
+    private
+
+    class Node
+      attr_reader :name
+
+      class << self
+        def kind
+          name.demodulize
+        end
+      end
+
+      def initialize(definition:)
+        @name = definition.dig("metadata", "name").to_s
+        @definition = definition
+      end
+    end
+
+    def relevant_pods_ready?
+      return true if rollout_data["desiredNumberScheduled"].to_i == rollout_data["numberReady"].to_i # all pods ready
+      relevant_node_names = @nodes.map(&:name)
+      considered_pods = @pods.select { |p| relevant_node_names.include?(p.node_name) }
+      @logger.debug("DaemonSet is reporting #{rollout_data['numberReady']} pods ready." \
+        " Considered #{considered_pods.size} pods out of #{@pods.size} for #{@nodes.size} nodes.")
+      considered_pods.present? &&
+        considered_pods.all?(&:deploy_succeeded?) &&
+        rollout_data["numberReady"].to_i >= considered_pods.length
+    end
+
+    def find_nodes(cache)
+      all_nodes = cache.get_all(Node.kind)
+      all_nodes.map { |node_data| Node.new(definition: node_data) }
+    end
+
+    def rollout_data
+      return { "currentNumberScheduled" => 0 } unless exists?
+      @instance_data["status"]
+        .slice("updatedNumberScheduled", "desiredNumberScheduled", "numberReady")
+    end
+
+    def parent_of_pod?(pod_data)
+      return false unless pod_data.dig("metadata", "ownerReferences")
+
+      template_generation = @instance_data.dig("spec", "templateGeneration") ||
+        @instance_data.dig("metadata", "annotations", "deprecated.daemonset.template.generation")
+      return false unless template_generation.present?
+
+      pod_data["metadata"]["ownerReferences"].any? { |ref| ref["uid"] == @instance_data["metadata"]["uid"] } &&
+      pod_data["metadata"]["labels"]["pod-template-generation"].to_i == template_generation.to_i
+    end
+  end
+end

data/lib/krane/kubernetes_resource/deployment.rb

@@ -0,0 +1,213 @@
+# frozen_string_literal: true
+require 'krane/kubernetes_resource/replica_set'
+
+module Krane
+  class Deployment < KubernetesResource
+    TIMEOUT = 7.minutes
+    REQUIRED_ROLLOUT_ANNOTATION_SUFFIX = "required-rollout"
+    REQUIRED_ROLLOUT_ANNOTATION_DEPRECATED = "kubernetes-deploy.shopify.io/#{REQUIRED_ROLLOUT_ANNOTATION_SUFFIX}"
+    REQUIRED_ROLLOUT_ANNOTATION = "krane.shopify.io/#{REQUIRED_ROLLOUT_ANNOTATION_SUFFIX}"
+    REQUIRED_ROLLOUT_TYPES = %w(maxUnavailable full none).freeze
+    DEFAULT_REQUIRED_ROLLOUT = 'full'
+
+    def sync(cache)
+      super
+      @latest_rs = exists? ? find_latest_rs(cache) : nil
+    end
+
+    def status
+      return super unless exists?
+      rollout_data.map { |state_replicas, num| "#{num} #{state_replicas.chop.pluralize(num)}" }.join(", ")
+    end
+
+    def fetch_events(kubectl)
+      own_events = super
+      return own_events unless @latest_rs.present?
+      own_events.merge(@latest_rs.fetch_events(kubectl))
+    end
+
+    def print_debug_logs?
+      @latest_rs.present?
+    end
+
+    def fetch_debug_logs
+      @latest_rs.fetch_debug_logs
+    end
+
+    def deploy_succeeded?
+      return false unless exists? && @latest_rs.present?
+      return false unless observed_generation == current_generation
+
+      if required_rollout == 'full'
+        @latest_rs.deploy_succeeded? &&
+        @latest_rs.desired_replicas == desired_replicas && # latest RS fully scaled up
+        rollout_data["updatedReplicas"].to_i == desired_replicas &&
+        rollout_data["updatedReplicas"].to_i == rollout_data["availableReplicas"].to_i
+      elsif required_rollout == 'none'
+        true
+      elsif required_rollout == 'maxUnavailable' || percent?(required_rollout)
+        minimum_needed = min_available_replicas
+
+        @latest_rs.desired_replicas >= minimum_needed &&
+        @latest_rs.ready_replicas >= minimum_needed &&
+        @latest_rs.available_replicas >= minimum_needed
+      else
+        raise FatalDeploymentError, rollout_annotation_err_msg
+      end
+    end
+
+    def deploy_failed?
+      @latest_rs&.deploy_failed? &&
+      observed_generation == current_generation
+    end
+
+    def failure_message
+      return unless @latest_rs.present?
+      "Latest ReplicaSet: #{@latest_rs.name}\n\n#{@latest_rs.failure_message}"
+    end
+
+    def timeout_message
+      reason_msg = if timeout_override
+        STANDARD_TIMEOUT_MESSAGE
+      elsif progress_condition.present?
+        "Timeout reason: #{progress_condition['reason']}"
+      else
+        "Timeout reason: hard deadline for #{type}"
+      end
+      return reason_msg unless @latest_rs.present?
+      "#{reason_msg}\nLatest ReplicaSet: #{@latest_rs.name}\n\n#{@latest_rs.timeout_message}"
+    end
+
+    def pretty_timeout_type
+      if timeout_override
+        "timeout override: #{timeout_override}s"
+      elsif progress_deadline.present?
+        "progress deadline: #{progress_deadline}s"
+      else
+        super
+      end
+    end
+
+    def deploy_timed_out?
+      return false if deploy_failed?
+      return super if timeout_override
+
+      # Do not use the hard timeout if progress deadline is set
+      progress_condition.present? ? deploy_failing_to_progress? : super
+    end
+
+    def validate_definition(*)
+      super
+
+      unless REQUIRED_ROLLOUT_TYPES.include?(required_rollout) || percent?(required_rollout)
+        @validation_errors << rollout_annotation_err_msg
+      end
+
+      strategy = @definition.dig('spec', 'strategy', 'type').to_s
+      if required_rollout.downcase == 'maxunavailable' && strategy.present? && strategy.downcase != 'rollingupdate'
+        @validation_errors << "'#{krane_annotation_key(REQUIRED_ROLLOUT_ANNOTATION_SUFFIX)}: #{required_rollout}' "\
+          "is incompatible with strategy '#{strategy}'"
+      end
+
+      @validation_errors.empty?
+    end
+
+    private
+
+    def current_generation
+      return -2 unless exists? # different default than observed
+      @instance_data.dig('metadata', 'generation')
+    end
+
+    def observed_generation
+      return -1 unless exists? # different default than current
+      @instance_data.dig('status', 'observedGeneration')
+    end
+
+    def desired_replicas
+      return -1 unless exists?
+      @instance_data["spec"]["replicas"].to_i
+    end
+
+    def rollout_data
+      return { "replicas" => 0 } unless exists?
+      { "replicas" => 0 }.merge(@instance_data["status"]
+        .slice("replicas", "updatedReplicas", "availableReplicas", "unavailableReplicas"))
+    end
+
+    def progress_condition
+      return unless exists?
+      conditions = @instance_data.fetch("status", {}).fetch("conditions", [])
+      conditions.find { |condition| condition['type'] == 'Progressing' }
+    end
+
+    def progress_deadline
+      if exists?
+        @instance_data['spec']['progressDeadlineSeconds']
+      else
+        @definition['spec']['progressDeadlineSeconds']
+      end
+    end
+
+    def rollout_annotation_err_msg
+      "'#{krane_annotation_key(REQUIRED_ROLLOUT_ANNOTATION_SUFFIX)}: #{required_rollout}' is invalid. "\
+        "Acceptable values: #{REQUIRED_ROLLOUT_TYPES.join(', ')}"
+    end
+
+    def deploy_failing_to_progress?
+      return false unless progress_condition.present?
+
+      # This assumes that when the controller bumps the observed generation, it also updates/clears all the status
+      # conditions. Specifically, it assumes the progress condition is immediately set to True if a rollout is starting.
+      deploy_started? &&
+      current_generation == observed_generation &&
+      progress_condition["status"] == 'False'
+    end
+
+    def find_latest_rs(cache)
+      all_rs_data = cache.get_all(ReplicaSet.kind, @instance_data["spec"]["selector"]["matchLabels"])
+      current_revision = @instance_data["metadata"]["annotations"]["deployment.kubernetes.io/revision"]
+
+      latest_rs_data = all_rs_data.find do |rs|
+        rs["metadata"]["ownerReferences"].any? { |ref| ref["uid"] == @instance_data["metadata"]["uid"] } &&
+        rs["metadata"]["annotations"]["deployment.kubernetes.io/revision"] == current_revision
+      end
+
+      return unless latest_rs_data.present?
+
+      rs = ReplicaSet.new(
+        namespace: namespace,
+        context: context,
+        definition: latest_rs_data,
+        logger: @logger,
+        parent: "#{@name.capitalize} deployment",
+        deploy_started_at: @deploy_started_at
+      )
+      rs.sync(cache)
+      rs
+    end
+
+    def min_available_replicas
+      if percent?(required_rollout)
+        (desired_replicas * required_rollout.to_i / 100.0).ceil
+      elsif max_unavailable =~ /%/
+        (desired_replicas * (100 - max_unavailable.to_i) / 100.0).ceil
+      else
+        desired_replicas - max_unavailable.to_i
+      end
+    end
+
+    def max_unavailable
+      source = exists? ? @instance_data : @definition
+      source.dig('spec', 'strategy', 'rollingUpdate', 'maxUnavailable')
+    end
+
+    def required_rollout
+      krane_annotation_value("required-rollout") || DEFAULT_REQUIRED_ROLLOUT
+    end
+
+    def percent?(value)
+      value =~ /\d+%/
+    end
+  end
+end