tobsch-krane 1.0.0

data/lib/krane/kubernetes_resource/horizontal_pod_autoscaler.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module Krane
+  class HorizontalPodAutoscaler < KubernetesResource
+    TIMEOUT = 3.minutes
+    RECOVERABLE_CONDITION_PREFIX = "FailedGet"
+
+    def deploy_succeeded?
+      scaling_active_condition["status"] == "True" || scaling_disabled?
+    end
+
+    def deploy_failed?
+      return false unless exists?
+      return false if scaling_disabled?
+      scaling_active_condition["status"] == "False" &&
+      !scaling_active_condition.fetch("reason", "").start_with?(RECOVERABLE_CONDITION_PREFIX)
+    end
+
+    def kubectl_resource_type
+      'hpa.v2beta1.autoscaling'
+    end
+
+    def status
+      if !exists?
+        super
+      elsif scaling_disabled?
+        "ScalingDisabled"
+      elsif deploy_succeeded?
+        "Configured"
+      elsif scaling_active_condition.present? || able_to_scale_condition.present?
+        condition = scaling_active_condition.presence || able_to_scale_condition
+        condition['reason']
+      else
+        "Unknown"
+      end
+    end
+
+    def failure_message
+      condition = scaling_active_condition.presence || able_to_scale_condition.presence || {}
+      condition['message']
+    end
+
+    def timeout_message
+      failure_message.presence || super
+    end
+
+    private
+
+    def scaling_disabled?
+      scaling_active_condition["status"] == "False" &&
+      scaling_active_condition["reason"] == "ScalingDisabled"
+    end
+
+    def conditions
+      @instance_data.dig("status", "conditions") || []
+    end
+
+    def able_to_scale_condition
+      conditions.detect { |c| c["type"] == "AbleToScale" } || {}
+    end
+
+    def scaling_active_condition
+      conditions.detect { |c| c["type"] == "ScalingActive" } || {}
+    end
+  end
+end

data/lib/krane/kubernetes_resource/ingress.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Krane
+  class Ingress < KubernetesResource
+    TIMEOUT = 30.seconds
+
+    def status
+      exists? ? "Created" : "Not Found"
+    end
+
+    def deploy_succeeded?
+      exists?
+    end
+
+    def deploy_failed?
+      false
+    end
+  end
+end

data/lib/krane/kubernetes_resource/job.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+module Krane
+  class Job < KubernetesResource
+    TIMEOUT = 10.minutes
+
+    def deploy_succeeded?
+      # Don't block deploys for long running jobs,
+      # Instead report success when there is at least 1 active
+      return false unless deploy_started?
+      done? || running?
+    end
+
+    def deploy_failed?
+      return false unless deploy_started?
+      return true if failed_status_condition
+      return false unless @instance_data.dig("spec", "backoffLimit").present?
+      (@instance_data.dig("status", "failed") || 0) >= @instance_data.dig("spec", "backoffLimit")
+    end
+
+    def status
+      if !exists?
+        super
+      elsif done?
+        "Succeeded"
+      elsif running?
+        "Started"
+      elsif deploy_failed?
+        "Failed"
+      else
+        "Unknown"
+      end
+    end
+
+    def failure_message
+      if (condition = failed_status_condition.presence)
+        "#{condition['reason']} (#{condition['message']})"
+      end
+    end
+
+    private
+
+    def failed_status_condition
+      @instance_data.dig("status", "conditions")&.detect do |condition|
+        condition["type"] == 'Failed' && condition['status'] == "True"
+      end
+    end
+
+    def done?
+      (@instance_data.dig("status", "succeeded") || 0) == @instance_data.dig("spec", "completions")
+    end
+
+    def running?
+      now = Time.now.utc
+      start_time = @instance_data.dig("status", "startTime")
+      # Wait 5 seconds to ensure job doesn't immediately fail.
+      return false if !start_time.present? || now - Time.parse(start_time) < 5.second
+      (@instance_data.dig("status", "active") || 0) >= 1
+    end
+  end
+end

data/lib/krane/kubernetes_resource/network_policy.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Krane
+  class NetworkPolicy < KubernetesResource
+    TIMEOUT = 30.seconds
+
+    def status
+      exists? ? "Created" : "Not Found"
+    end
+
+    def deploy_succeeded?
+      exists?
+    end
+
+    def deploy_failed?
+      false
+    end
+
+    def timeout_message
+      UNUSUAL_FAILURE_MESSAGE
+    end
+  end
+end

data/lib/krane/kubernetes_resource/persistent_volume_claim.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+module Krane
+  class PersistentVolumeClaim < KubernetesResource
+    TIMEOUT = 5.minutes
+
+    def sync(cache)
+      super
+      @storage_classes = cache.get_all("StorageClass").map { |sc| StorageClass.new(sc) }
+    end
+
+    def status
+      exists? ? @instance_data["status"]["phase"] : "Not Found"
+    end
+
+    def deploy_succeeded?
+      return true if status == "Bound"
+
+      # if the StorageClass has volumeBindingMode: WaitForFirstConsumer,
+      # it won't bind until after a Pod mounts it. But it must be pre-deployed,
+      # as the Pod requires it. So 'Pending' must be treated as a 'Success' state
+      if storage_class&.volume_binding_mode == "WaitForFirstConsumer"
+        return status == "Pending" || status == "Bound"
+      end
+      false
+    end
+
+    def deploy_failed?
+      status == "Lost" || failure_message.present?
+    end
+
+    def failure_message
+      if storage_class_name.nil? && @storage_classes.count(&:default?) > 1
+        "PVC has no StorageClass specified and there are multiple StorageClasses " \
+        "annotated as default. This is an invalid cluster configuration."
+      end
+    end
+
+    def timeout_message
+      return STANDARD_TIMEOUT_MESSAGE unless storage_class_name.present? && !storage_class
+      "PVC specified a StorageClass of #{storage_class_name} but the resource does not exist"
+    end
+
+    private
+
+    def storage_class_name
+      @definition.dig("spec", "storageClassName")
+    end
+
+    def storage_class
+      if storage_class_name.present?
+        @storage_classes.detect { |sc| sc.name == storage_class_name }
+      # storage_class_name = "" is an explicit request for no storage class
+      # storage_class_name = nil is an impplicit request for default storage class
+      elsif storage_class_name != ""
+        @storage_classes.detect(&:default?)
+      end
+    end
+
+    class StorageClass < KubernetesResource
+      DEFAULT_CLASS_ANNOTATION = "storageclass.kubernetes.io/is-default-class"
+      DEFAULT_CLASS_BETA_ANNOTATION = "storageclass.beta.kubernetes.io/is-default-class"
+
+      attr_reader :name
+
+      def initialize(definition)
+        @definition = definition
+        @name = definition.dig("metadata", "name").to_s
+      end
+
+      def volume_binding_mode
+        @definition.dig("volumeBindingMode")
+      end
+
+      def default?
+        @definition.dig("metadata", "annotations", DEFAULT_CLASS_ANNOTATION) == "true" ||
+        @definition.dig("metadata", "annotations", DEFAULT_CLASS_BETA_ANNOTATION) == "true"
+      end
+    end
+  end
+end

data/lib/krane/kubernetes_resource/pod.rb

@@ -0,0 +1,269 @@
+# frozen_string_literal: true
+module Krane
+  class Pod < KubernetesResource
+    TIMEOUT = 10.minutes
+
+    FAILED_PHASE_NAME = "Failed"
+    TRANSIENT_FAILURE_REASONS = %w(
+      Evicted
+      Preempting
+    )
+
+    attr_accessor :stream_logs
+
+    def initialize(namespace:, context:, definition:, logger:,
+      statsd_tags: nil, parent: nil, deploy_started_at: nil, stream_logs: false)
+      @parent = parent
+      @deploy_started_at = deploy_started_at
+
+      @containers = definition.fetch("spec", {}).fetch("containers", []).map { |c| Container.new(c) }
+      unless @containers.present?
+        logger.summary.add_paragraph("Rendered template content:\n#{definition.to_yaml}")
+        raise FatalDeploymentError, "Template is missing required field spec.containers"
+      end
+      @containers += definition["spec"].fetch("initContainers", []).map { |c| Container.new(c, init_container: true) }
+      @stream_logs = stream_logs
+      super(namespace: namespace, context: context, definition: definition,
+            logger: logger, statsd_tags: statsd_tags)
+    end
+
+    def sync(_cache)
+      super
+      raise_predates_deploy_error if exists? && unmanaged? && !deploy_started?
+
+      if exists?
+        logs.sync if unmanaged?
+        update_container_statuses(@instance_data["status"])
+      else # reset
+        @containers.each(&:reset_status)
+      end
+    end
+
+    def after_sync
+      if @stream_logs
+        logs.print_latest
+      elsif unmanaged? && deploy_succeeded?
+        logs.print_all
+      end
+    end
+
+    def status
+      return phase if reason.blank?
+      "#{phase} (Reason: #{reason})"
+    end
+
+    def deploy_succeeded?
+      if unmanaged?
+        phase == "Succeeded"
+      else
+        phase == "Running" && ready?
+      end
+    end
+
+    def deploy_failed?
+      failure_message.present?
+    end
+
+    def timeout_message
+      if readiness_probe_failure?
+        probe_failure_msgs = @containers.map(&:readiness_fail_reason).compact
+        header = "The following containers have not passed their readiness probes on at least one pod:\n"
+        header + probe_failure_msgs.join("\n")
+      elsif failed_schedule_reason.present?
+        "Pod could not be scheduled because #{failed_schedule_reason}"
+      else
+        STANDARD_TIMEOUT_MESSAGE
+      end
+    end
+
+    def failure_message
+      doomed_containers = @containers.select(&:doomed?)
+      if doomed_containers.present?
+        container_problems = if unmanaged?
+          "The following containers encountered errors:\n"
+        else
+          "The following containers are in a state that is unlikely to be recoverable:\n"
+        end
+        doomed_containers.each do |c|
+          red_name = ColorizedString.new(c.name).red
+          container_problems += "> #{red_name}: #{c.doom_reason}\n"
+        end
+      end
+      "#{phase_failure_message} #{container_problems}".strip.presence
+    end
+
+    def fetch_debug_logs
+      logs.sync
+      logs
+    end
+
+    def print_debug_logs?
+      exists? && !@stream_logs # don't print them a second time
+    end
+
+    def node_name
+      @instance_data.dig('spec', 'nodeName')
+    end
+
+    private
+
+    def failed_schedule_reason
+      if phase == "Pending"
+        conditions = @instance_data.dig('status', 'conditions') || []
+        unschedulable = conditions.find do |condition|
+          condition["type"] == "PodScheduled" && condition["status"] == "False"
+        end
+        unschedulable&.dig('message')
+      end
+    end
+
+    def failed_phase?
+      phase == FAILED_PHASE_NAME
+    end
+
+    def transient_failure_reason?
+      return false if unmanaged?
+      TRANSIENT_FAILURE_REASONS.include?(reason)
+    end
+
+    def phase_failure_message
+      if failed_phase? && !transient_failure_reason?
+        return "Pod status: #{status}."
+      end
+
+      return unless unmanaged?
+
+      if terminating?
+        "Pod status: Terminating."
+      elsif disappeared?
+        "Pod status: Disappeared."
+      end
+    end
+
+    def logs
+      @logs ||= Krane::RemoteLogs.new(
+        logger: @logger,
+        parent_id: id,
+        container_names: @containers.map(&:name),
+        namespace: @namespace,
+        context: @context
+      )
+    end
+
+    def phase
+      @instance_data.dig("status", "phase") || "Unknown"
+    end
+
+    def reason
+      @instance_data.dig('status', 'reason')
+    end
+
+    def readiness_probe_failure?
+      return false if ready? || unmanaged?
+      return false if phase != "Running"
+      @containers.any?(&:readiness_fail_reason)
+    end
+
+    def ready?
+      return false unless (status_data = @instance_data["status"])
+      ready_condition = status_data.fetch("conditions", []).find { |condition| condition["type"] == "Ready" }
+      ready_condition.present? && (ready_condition["status"] == "True")
+    end
+
+    def update_container_statuses(status_data)
+      @containers.each do |c|
+        key = c.init_container? ? "initContainerStatuses" : "containerStatuses"
+        if status_data.key?(key)
+          data = status_data[key].find { |st| st["name"] == c.name }
+          c.update_status(data)
+        else
+          c.reset_status
+        end
+      end
+    end
+
+    def unmanaged?
+      @parent.blank?
+    end
+
+    def raise_predates_deploy_error
+      example_color = :green
+      msg = <<-STRING.strip_heredoc
+        Unmanaged pods like #{id} must have unique names on every deploy in order to work as intended.
+        The recommended way to achieve this is to include "<%= deployment_id %>" in the pod's name, like this:
+          #{ColorizedString.new('kind: Pod').colorize(example_color)}
+          #{ColorizedString.new('metadata:').colorize(example_color)}
+            #{ColorizedString.new("name: #{@name}-<%= deployment_id %>").colorize(example_color)}
+      STRING
+      @logger.summary.add_paragraph(msg)
+      raise FatalDeploymentError, "#{id} existed before the deploy started"
+    end
+
+    class Container
+      attr_reader :name
+
+      def initialize(definition, init_container: false)
+        @init_container = init_container
+        @name = definition["name"]
+        @image = definition["image"]
+        @http_probe_location = definition.dig("readinessProbe", "httpGet", "path")
+        @exec_probe_command = definition.dig("readinessProbe", "exec", "command")
+        @status = {}
+      end
+
+      def doomed?
+        doom_reason.present?
+      end
+
+      def doom_reason
+        limbo_reason = @status.dig("state", "waiting", "reason")
+        limbo_message = @status.dig("state", "waiting", "message")
+
+        if @status.dig("lastState", "terminated", "reason") == "ContainerCannotRun"
+          # ref: https://github.com/kubernetes/kubernetes/blob/562e721ece8a16e05c7e7d6bdd6334c910733ab2/pkg/kubelet/dockershim/docker_container.go#L353
+          exit_code = @status.dig('lastState', 'terminated', 'exitCode')
+          "Failed to start (exit #{exit_code}): #{@status.dig('lastState', 'terminated', 'message')}"
+        elsif @status.dig("state", "terminated", "reason") == "ContainerCannotRun"
+          exit_code = @status.dig('state', 'terminated', 'exitCode')
+          "Failed to start (exit #{exit_code}): #{@status.dig('state', 'terminated', 'message')}"
+        elsif limbo_reason == "CrashLoopBackOff"
+          exit_code = @status.dig('lastState', 'terminated', 'exitCode')
+          "Crashing repeatedly (exit #{exit_code}). See logs for more information."
+        elsif limbo_reason == "ErrImagePull" && limbo_message.match(/not found/i)
+          "Failed to pull image #{@image}. "\
+          "Did you wait for it to be built and pushed to the registry before deploying?"
+        elsif limbo_reason == "CreateContainerConfigError"
+          "Failed to generate container configuration: #{limbo_message}"
+        end
+      end
+
+      def readiness_fail_reason
+        return if ready? || init_container?
+        return unless (@http_probe_location || @exec_probe_command).present?
+
+        yellow_name = ColorizedString.new(name).yellow
+        if @http_probe_location
+          "> #{yellow_name} must respond with a good status code at '#{@http_probe_location}'"
+        elsif @exec_probe_command
+          "> #{yellow_name} must exit 0 from the following command: '#{@exec_probe_command.join(' ')}'"
+        end
+      end
+
+      def ready?
+        @status['ready'] == true
+      end
+
+      def init_container?
+        @init_container
+      end
+
+      def update_status(data)
+        @status = data || {}
+      end
+
+      def reset_status
+        @status = {}
+      end
+    end
+  end
+end