Class: KubernetesDeploy::DeployTask

Inherits:

Object

Object
KubernetesDeploy::DeployTask

Includes:: KubeclientBuilder

Defined in:: lib/kubernetes-deploy/deploy_task.rb

Constant Summary collapse

PREDEPLOY_SEQUENCE =

%w(
  ResourceQuota
  Cloudsql
  Redis
  Memcached
  ConfigMap
  PersistentVolumeClaim
  ServiceAccount
  Pod
)

PROTECTED_NAMESPACES =

%w(
  default
  kube-system
  kube-public
)

NOT_FOUND_ERROR =

'NotFound'

Instance Method Summary collapse

#initialize(namespace:, context:, current_sha:, template_dir:, logger:, kubectl_instance: nil, bindings: {}, max_watch_seconds: nil) ⇒ DeployTask constructor

A new instance of DeployTask.
#prune_whitelist ⇒ Object

Things removed from default prune whitelist at github.com/kubernetes/kubernetes/blob/0dff56b4d88ec7551084bf89028dbeebf569620e/pkg/kubectl/cmd/apply.go#L411: core/v1/Namespace – not namespaced core/v1/PersistentVolume – not namespaced core/v1/Endpoints – managed by services core/v1/PersistentVolumeClaim – would delete data core/v1/ReplicationController – superseded by deployments/replicasets extensions/v1beta1/ReplicaSet – managed by deployments core/v1/Secret – should not committed / managed by shipit.
#run(*args) ⇒ Object
#run!(verify_result: true, allow_protected_ns: false, prune: true) ⇒ Object
#server_version ⇒ Object

Constructor Details

#initialize(namespace:, context:, current_sha:, template_dir:, logger:, kubectl_instance: nil, bindings: {}, max_watch_seconds: nil) ⇒ `DeployTask`

Returns a new instance of DeployTask.

# File 'lib/kubernetes-deploy/deploy_task.rb', line 92

def initialize(namespace:, context:, current_sha:, template_dir:, logger:, kubectl_instance: nil, bindings: {},
  max_watch_seconds: nil)
  @namespace = namespace
  @namespace_tags = []
  @context = context
  @current_sha = current_sha
  @template_dir = File.expand_path(template_dir)
  @logger = logger
  @kubectl = kubectl_instance
  @max_watch_seconds = max_watch_seconds
  @renderer = KubernetesDeploy::Renderer.new(
    current_sha: @current_sha,
    template_dir: @template_dir,
    logger: @logger,
    bindings: bindings,
  )
  @sync_mediator = SyncMediator.new(namespace: @namespace, context: @context, logger: @logger)
end

Instance Method Details

#prune_whitelist ⇒ `Object`

Things removed from default prune whitelist at github.com/kubernetes/kubernetes/blob/0dff56b4d88ec7551084bf89028dbeebf569620e/pkg/kubectl/cmd/apply.go#L411: core/v1/Namespace – not namespaced core/v1/PersistentVolume – not namespaced core/v1/Endpoints – managed by services core/v1/PersistentVolumeClaim – would delete data core/v1/ReplicationController – superseded by deployments/replicasets extensions/v1beta1/ReplicaSet – managed by deployments core/v1/Secret – should not committed / managed by shipit

# File 'lib/kubernetes-deploy/deploy_task.rb', line 66

def prune_whitelist
  wl = %w(
    core/v1/ConfigMap
    core/v1/Pod
    core/v1/Service
    core/v1/ResourceQuota
    batch/v1/Job
    extensions/v1beta1/DaemonSet
    extensions/v1beta1/Deployment
    apps/v1beta1/Deployment
    extensions/v1beta1/Ingress
    apps/v1beta1/StatefulSet
    autoscaling/v1/HorizontalPodAutoscaler
  )
  if server_version >= Gem::Version.new('1.8.0')
    wl << "batch/v1beta1/CronJob"
  end
  wl
end

#run(*args) ⇒ `Object`

# File 'lib/kubernetes-deploy/deploy_task.rb', line 111

def run(*args)
  run!(*args)
  true
rescue FatalDeploymentError
  false
end

#run!(verify_result: true, allow_protected_ns: false, prune: true) ⇒ `Object`

# File 'lib/kubernetes-deploy/deploy_task.rb', line 118

def run!(verify_result: true, allow_protected_ns: false, prune: true)
  start = Time.now.utc
  @logger.reset

  @logger.phase_heading("Initializing deploy")
  validate_configuration(allow_protected_ns: allow_protected_ns, prune: prune)
  confirm_context_exists
  confirm_namespace_exists
  @namespace_tags |= tags_from_namespace_labels
  resources = discover_resources
  validate_definitions(resources)

  @logger.phase_heading("Checking initial resource statuses")
  @sync_mediator.sync(resources)
  resources.each { |r| @logger.info(r.pretty_status) }

  ejson = EjsonSecretProvisioner.new(
    namespace: @namespace,
    context: @context,
    template_dir: @template_dir,
    logger: @logger,
    prune: prune,
  )
  if ejson.secret_changes_required?
    @logger.phase_heading("Deploying kubernetes secrets from #{EjsonSecretProvisioner::EJSON_SECRETS_FILE}")
    ejson.run
  end

  if deploy_has_priority_resources?(resources)
    @logger.phase_heading("Predeploying priority resources")
    start_priority_resource = Time.now.utc
    predeploy_priority_resources(resources)
    ::StatsD.measure('priority_resources.duration', StatsD.duration(start_priority_resource), tags: statsd_tags)
  end

  @logger.phase_heading("Deploying all resources")
  if PROTECTED_NAMESPACES.include?(@namespace) && prune
    raise FatalDeploymentError, "Refusing to deploy to protected namespace '#{@namespace}' with pruning enabled"
  end

  if verify_result
    start_normal_resource = Time.now.utc
    deploy_resources(resources, prune: prune, verify: true)
    ::StatsD.measure('normal_resources.duration', StatsD.duration(start_normal_resource), tags: statsd_tags)
    failed_resources = resources.reject(&:deploy_succeeded?)
    success = failed_resources.empty?
    if !success && failed_resources.all?(&:deploy_timed_out?)
      raise DeploymentTimeoutError
    end
    raise FatalDeploymentError unless success
  else
    deploy_resources(resources, prune: prune, verify: false)
    @logger.summary.add_action("deployed #{resources.length} #{'resource'.pluralize(resources.length)}")
    warning = <<~MSG
      Deploy result verification is disabled for this deploy.
      This means the desired changes were communicated to Kubernetes, but the deploy did not make sure they actually succeeded.
    MSG
    @logger.summary.add_paragraph(ColorizedString.new(warning).yellow)
  end
  ::StatsD.event("Deployment of #{@namespace} succeeded",
    "Successfully deployed all #{@namespace} resources to #{@context}",
    alert_type: "success", tags: statsd_tags << "status:success")
  ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:success")
  @logger.print_summary(:success)
rescue DeploymentTimeoutError
  @logger.print_summary(:timed_out)
  ::StatsD.event("Deployment of #{@namespace} timed out",
    "One or more #{@namespace} resources failed to deploy to #{@context} in time",
    alert_type: "error", tags: statsd_tags << "status:timeout")
  ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:timeout")
  raise
rescue FatalDeploymentError => error
  @logger.summary.add_action(error.message) if error.message != error.class.to_s
  @logger.print_summary(:failure)
  ::StatsD.event("Deployment of #{@namespace} failed",
    "One or more #{@namespace} resources failed to deploy to #{@context}",
    alert_type: "error", tags: statsd_tags << "status:failed")
  ::StatsD.measure('all_resources.duration', StatsD.duration(start), tags: statsd_tags << "status:failed")
  raise
end

#server_version ⇒ `Object`



86
87
88

# File 'lib/kubernetes-deploy/deploy_task.rb', line 86

def server_version
  kubectl.server_version
end

Class: KubernetesDeploy::DeployTask

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(namespace:, context:, current_sha:, template_dir:, logger:, kubectl_instance: nil, bindings: {}, max_watch_seconds: nil) ⇒ DeployTask

Instance Method Details

#prune_whitelist ⇒ Object

#run(*args) ⇒ Object

#run!(verify_result: true, allow_protected_ns: false, prune: true) ⇒ Object

#server_version ⇒ Object

#initialize(namespace:, context:, current_sha:, template_dir:, logger:, kubectl_instance: nil, bindings: {}, max_watch_seconds: nil) ⇒ `DeployTask`

#prune_whitelist ⇒ `Object`

#run(*args) ⇒ `Object`

#run!(verify_result: true, allow_protected_ns: false, prune: true) ⇒ `Object`

#server_version ⇒ `Object`