cruise-automation / isopod Goto Github PK
View Code? Open in Web Editor NEWAn expressive DSL and framework for Kubernetes configuration without YAML
License: Apache License 2.0
An expressive DSL and framework for Kubernetes configuration without YAML
License: Apache License 2.0
I've hit this a few times where I use match_addons
, but don't realize that there's an issue with the regex. It would be helpful if it could have some useful output including whether nothing matches. Another useful feature would be to have it say something like "Matched addons A, B, C".
How would you reference a proto definition for a CRD?
assert
is a reserved keyword in python and so it cannot be used as a function. So in python, there is a tricky gotcha where the following will not fail:
assert(1 == 2, "hello")
because it is equivalent to:
assert (1==2, "hello")
which is asserting the "truthiness" of a tuple, which is True
.
However, in isopod we override the assert keyword to make it a function, so the two are equivalent.
This breaks python grammar rules, which affects the ability to re-use code formatting tools like black
. It's also just confusing that something that the behavior is the opposite of the python behavior.
We should either fix the grammar to allow assert as a statement or use a different function name.
Currently the code generator just puts json strings into the data payload if the resource isn't a recognized k8s resource.
It would be more readable and more reusable if the generated code was actually Starlark structs as mentioned here
Currently the code generator creates arrays like this
blah_blah=[foobar(
something,
),
foobar(
something_else,
)]
But other code formatter actually expect this:
blah_blah=[
foobar(
something,
),
foobar(
something_else,
),
]
Currently the subcommands don't have a dedicated help:
isopod install --help
F0623 16:26:04.864009 75962 main.go:253] Failed to load clusters runtime: open --help: no such file or directory
Would be nice to have that since users expect that.
Nice to see you added some helm support as well. A tool like things shouldn't try to compete, but compliment.
It would be extremely useful if you where able to parse helm and then get a bunches of objects back that you can continue to work on using starlark..
This might be difficult to do using helm 2, and tiller.. but I think this is doable in helm v3.
There are many times I want to use helm as a base, but then do some additional parsing, stuff that you usually need the template to support..
A liveness probe like
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTPS
renders incorrectly to
livenessProbe=corev1.Probe(
),
I'm not sure if this is a bug or I'm missing something basic.
I've used isopod to s=kube.get(secret=...)
and I can print the secret and it has all the correct information. However, if I try to print s.type
I get a panic:
panic: valueToStarlark: unknown type v1.SecretType
goroutine 1 [running]:
github.com/stripe/skycfg/internal/go/skycfg.valueToStarlark({0x20c9340, 0xc0004ae3b0, 0xc00041ab18})
/Users/jschnake/go/pkg/mod/github.com/stripe/[email protected]/internal/go/skycfg/proto_message.go:307 +0x5a8
github.com/stripe/skycfg/internal/go/skycfg.(*skyProtoMessage).Attr(0xc00040e6c0, {0xc00041ab18, 0xc00040e6c0})
/Users/jschnake/go/pkg/mod/github.com/stripe/[email protected]/internal/go/skycfg/proto_message.go:162 +0x145
The protobuf code has the type field there though:
// Secret holds secret data of a certain type. The total bytes of the values in
// the Data field must be less than MaxSecretSize bytes.
message Secret {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
...
...
// Used to facilitate programmatic handling of secret data.
// +optional
optional string type = 3;
}
I feel like I must be missing something? Any help would be appreciated as I'm new to trying to utilize the protobuf code. Its mostly unnecessary for my use-case but I really wanted to utilize the kube
built-ins you wrote. If you have a suggestion there I'd be open to it. It seemed difficult to pull out the kube
built-ins on their own.
As far as I understand it, the "vault" feature is optional, i.e. as long as you don't call any vault-related functions, everything is fine.
Therefore it would be nice if isopod would not crash F1220 09:23:31.797004 11785 main.go:59] --vault_token or $VAULT_TOKEN must be set
and instead would ignore it. Currently I'm forced to export VAULT_TOKEN=none
everywhere, which is of course doable, but a bit annoying.
Kubernetes has OpenAPI schemas on CRDs now. Once we support CRDs (#5) it would be nice to validate against those schemas.
Repo cruise-automation/isopod
used the old path to import gotestyourself
indirectly.
This caused that github.com/gotestyourself/gotestyourself
and gotest.tools
coexist in this repo:
https://github.com/cruise-automation/isopod/blob/master/go.mod (Line 50 & 104)
github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
gotest.tools v2.2.0+incompatible // indirect
That’s because the gotestyourself
has already renamed it’s import path from "github.com/gotestyourself/gotestyourself" to "gotest.tools". When you use the old path "github.com/gotestyourself/gotestyourself" to import the gotestyourself
, will reintroduces gotestyourself
through the import statements "import gotest.tools" in the go source file of gotestyourself
.
https://github.com/gotestyourself/gotest.tools/blob/v2.2.0/fs/example_test.go#L8
package fs_test
import (
…
"gotest.tools/assert"
"gotest.tools/assert/cmp"
"gotest.tools/fs"
"gotest.tools/golden"
)
"github.com/gotestyourself/gotestyourself" and "gotest.tools" are the same repos. This will work in isolation, bring about potential risks and problems.
Add replace statement in the go.mod file:
replace github.com/gotestyourself/gotestyourself => gotest.tools v2.3.0
Then clean the go.mod.
Today this is supported by Git Sha only
Error seen with strimzi CRDs:
E0713 10:47:57.945154 35592 main.go:243] addons run failed: `install' execution failed: failed addon installation: <addon: kafka-operator-crd> run failed: failed to store run state for `kafka-operator-crd' addon: ConfigMap "kafka-operator-crd-run-bs69sinjlrlom279ccm0" is invalid: []: Too long: must have at most 1048576 characters
Currently a base64 string in yaml renders as byte array in Starlark code. It should just remain a string.
It would be nice if isopod supported
a) assuming a default of $HOME/.kube/config
(I have to explicitly pass that as -kubeconfig=
, else I get Failed to build kube rest config for k8s vendor <onprem: {}>
)
b) reading the $KUBECONFIG environment variable
c) chaining several kube config files (e.g. define clusters/contexts in $HOME/.kube/config
, then select the current-context
in a project-local config file)
Since kubernetes 1.18 the kube api server adds a managedFields object to created objects. This can be quite large for some objects and makes the diff unreadable. managedFields should be excluded from the diff
./bin/isopod --context cluster=kind-kind -kubeconfig=/tmp/kind-kubeconfig -dry_run install $(pwd)/local/testenv/main.ipd
Current cluster: ("kind-kind")
*** customresourcedefinition.apiextensions.k8s.io `crontabs.stable.example.com' ***
--- live
+++ head
@@ -5,90 +5,10 @@
resourceVersion: "671"
labels:
heritage: isopod
annotations:
isopod.getcruise.com/context: '{"cluster":"kind-kind","env":"dev"}'
- managedFields:
- - manager: Go-http-client
- operation: Update
- apiVersion: apiextensions.k8s.io/v1beta1
- time: "2020-05-22T17:45:33Z"
- fieldsType: FieldsV1
- fieldsV1:
- f:metadata:
- f:annotations:
- .: {}
- f:isopod.getcruise.com/context: {}
- f:labels:
- .: {}
- f:heritage: {}
- f:spec:
- f:conversion:
- .: {}
- f:strategy: {}
- f:group: {}
- f:names:
- f:kind: {}
- f:listKind: {}
- f:plural: {}
- f:shortNames: {}
- f:singular: {}
- f:preserveUnknownFields: {}
- f:scope: {}
- f:validation:
- .: {}
- f:openAPIV3Schema:
- .: {}
- f:properties:
- .: {}
- f:spec:
- .: {}
- f:properties:
- .: {}
- f:cronSpec:
- .: {}
- f:type: {}
- f:deepField:
- .: {}
- f:properties:
- .: {}
- f:attribute1:
- .: {}
- f:type: {}
- f:attribute2:
- .: {}
- f:type: {}
- f:attribute3:
- .: {}
- f:type: {}
- f:type: {}
- f:image:
- .: {}
- f:type: {}
- f:replicas:
- .: {}
- f:type: {}
- f:type: {}
- f:type: {}
- f:version: {}
- f:versions: {}
- f:status:
- f:storedVersions: {}
- - manager: kube-apiserver
- operation: Update
- apiVersion: apiextensions.k8s.io/v1
- time: "2020-05-22T17:45:33Z"
- fieldsType: FieldsV1
- fieldsV1:
- f:status:
- f:acceptedNames:
- f:kind: {}
- f:listKind: {}
- f:plural: {}
- f:shortNames: {}
- f:singular: {}
- f:conditions: {}
This will allow Integration of Isopod with ArgoCD as a plugin: https://argoproj.github.io/argo-cd/user-guide/config-management-plugins/
The YAML is logged today but with decorators. It will be useful to get that piped to stdout directly for integration with other tooling.
I realize that part of the motivation for this project was to avoid YAML when possible.
I'm looking at potentially building a Sonobuoy plugin using isopod mainly for the convenient kube.* methods. However, there are times I'd like to be able to compare objects in their yaml form or print the raw yaml.
I see there is a "json" option instead of the protobuf default, why not also YAML? Trying to understand if it was a technical reason or not.
With #45 a Starlark code generator for a single input file was added. Since a lot of upstream repositories come with a set of yamls in a directory, it would be nice to support directory input paths as well.
Implement an inventory system to allow static data to be resolved from a set of files and/or directories something similar to deepmind/kapitan.
With #45 a Starlark code generator was added. So far the code generator is capable of creating all k8s.io
resources using kube.put
, including CRDs. However it would be nice to also support custom resources using kube.put_yaml
.
Can isopod delete old resources that have been removed from the config?
This is a thread to collect edge cases where the code generator doesn't produce the desired outcome.
Each of these should be covered in a test case when resolved.
resources:
limits:
cpu: 1000m
memory: 384Mi
requests:
cpu: 200m
memory: 384Mi
Starlark:
resources=corev1.ResourceRequirements(
limits={
"cpu": apiresource.Quantity(
),
"memory": apiresource.Quantity(
)
},
requests={
"cpu": apiresource.Quantity(
),
"memory": apiresource.Quantity(
)
}
),
livenessProbe:
httpGet:
path: /healthy
port: http
initialDelaySeconds: 10
periodSeconds: 30
Starlark:
livenessProbe=corev1.Probe(
handler=corev1.Handler(
httpGet=corev1.HTTPGetAction(
path="/healthy",
port=utilintstr.IntOrString(
type=1,
strVal="http"
),
),
),
initialDelaySeconds=10,
periodSeconds=30,
),
Error:
E0710 14:26:13.059890 21531 main.go:243] addons run failed: `install' execution failed: failed addon installation: <addon: kafka-operator> run failed: TypeError: value 1 (type `int') can't be assigned to type `"k8s.io/apimachinery/pkg/util/intstr".Type'.
properties:
authentication:
type: object
properties:
type:
type: string
enum:
- tls
- scram-sha-512
description: Authentication type.
required:
- type
description: Authentication mechanism enabled for this Kafka user.
Starlark:
properties={
"authentication": apiextensionsv1beta1.JSONSchemaProps(
description="Authentication mechanism enabled for this Kafka user.",
type="object",
required=["type"],
properties={
"type": apiextensionsv1beta1.JSONSchemaProps(
description="Authentication type.",
type="string",
enum=[apiextensionsv1beta1.JSON(
raw="InRscyI="
),
apiextensionsv1beta1.JSON(
raw="InNjcmFtLXNoYS01MTIi"
)],
)
},
),
The above issues came up during generating the strimzi kafka controller
Isopod today supports loading code from a repo with a specific commit id:
https://github.com/cruise-automation/isopod/blob/master/testdata/isopod.deps#L19
It also adds "heritage": "isopod" K8s labels to resources it deploys:
https://github.com/cruise-automation/isopod/blob/master/pkg/kube/kube.go#L196
Request: For resources that are deployed from "loaded" code, add the commit as a label so that the user knows which version of the resource was loaded and deployed by Isopod
To onboard people and migrate new users who have existing kubernetes resources as yaml or json, it would be nice to have a Starlark code generator, that generates .ipd
files which can be used as addons.
Implement a plugin interface using something like hashicorp/go-plugin to allow additional datasource backends without requiring code in-tree.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.