cruise-automation / isopod Goto Github PK
View Code? Open in Web Editor NEWAn expressive DSL and framework for Kubernetes configuration without YAML
License: Apache License 2.0
isopod's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
cxuu dustin-decker eaceaser isgasho acrcode devopsbox etsangsplk dolftax lisprez millerhooks bplotnick marciopocebon linus5 miguelangelorocha mllu nitishkrishna devopsmakers pathcl thpham yuval-k acumenix pastrylabs somethingnew2-0 benpoliquin jonnylangefeld wilsonmar max0ne strogo jeffcruise cjna wilreichert fusiongalaxy iq-scm testwillisopod's Issues
OpenAPI validation
Kubernetes has OpenAPI schemas on CRDs now. Once we support CRDs (#5) it would be nice to validate against those schemas.
Add Starlark code generator
To onboard people and migrate new users who have existing kubernetes resources as yaml or json, it would be nice to have a Starlark code generator, that generates .ipd files which can be used as addons.
More of helm
Nice to see you added some helm support as well. A tool like things shouldn't try to compete, but compliment.
It would be extremely useful if you where able to parse helm and then get a bunches of objects back that you can continue to work on using starlark..
This might be difficult to do using helm 2, and tiller.. but I think this is doable in helm v3.
There are many times I want to use helm as a base, but then do some additional parsing, stuff that you usually need the template to support..
Exclude managedFields from diff
Since kubernetes 1.18 the kube api server adds a managedFields object to created objects. This can be quite large for some objects and makes the diff unreadable. managedFields should be excluded from the diff
./bin/isopod --context cluster=kind-kind -kubeconfig=/tmp/kind-kubeconfig -dry_run install $(pwd)/local/testenv/main.ipd
Current cluster: ("kind-kind")
*** customresourcedefinition.apiextensions.k8s.io `crontabs.stable.example.com' ***
--- live
+++ head
@@ -5,90 +5,10 @@
resourceVersion: "671"
labels:
heritage: isopod
annotations:
isopod.getcruise.com/context: '{"cluster":"kind-kind","env":"dev"}'
- managedFields:
- - manager: Go-http-client
- operation: Update
- apiVersion: apiextensions.k8s.io/v1beta1
- time: "2020-05-22T17:45:33Z"
- fieldsType: FieldsV1
- fieldsV1:
- f:metadata:
- f:annotations:
- .: {}
- f:isopod.getcruise.com/context: {}
- f:labels:
- .: {}
- f:heritage: {}
- f:spec:
- f:conversion:
- .: {}
- f:strategy: {}
- f:group: {}
- f:names:
- f:kind: {}
- f:listKind: {}
- f:plural: {}
- f:shortNames: {}
- f:singular: {}
- f:preserveUnknownFields: {}
- f:scope: {}
- f:validation:
- .: {}
- f:openAPIV3Schema:
- .: {}
- f:properties:
- .: {}
- f:spec:
- .: {}
- f:properties:
- .: {}
- f:cronSpec:
- .: {}
- f:type: {}
- f:deepField:
- .: {}
- f:properties:
- .: {}
- f:attribute1:
- .: {}
- f:type: {}
- f:attribute2:
- .: {}
- f:type: {}
- f:attribute3:
- .: {}
- f:type: {}
- f:type: {}
- f:image:
- .: {}
- f:type: {}
- f:replicas:
- .: {}
- f:type: {}
- f:type: {}
- f:type: {}
- f:version: {}
- f:versions: {}
- f:status:
- f:storedVersions: {}
- - manager: kube-apiserver
- operation: Update
- apiVersion: apiextensions.k8s.io/v1
- time: "2020-05-22T17:45:33Z"
- fieldsType: FieldsV1
- fieldsV1:
- f:status:
- f:acceptedNames:
- f:kind: {}
- f:listKind: {}
- f:plural: {}
- f:shortNames: {}
- f:singular: {}
- f:conditions: {}
Fix bug where liveness probe doesn't render correctly in Starlark code generator
A liveness probe like
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTPSrenders incorrectly to
livenessProbe=corev1.Probe(
),Garbage collection / pruning
Can isopod delete old resources that have been removed from the config?
Don't crash when no VAULT_TOKEN is set
As far as I understand it, the "vault" feature is optional, i.e. as long as you don't call any vault-related functions, everything is fine.
Therefore it would be nice if isopod would not crash F1220 09:23:31.797004 11785 main.go:59] --vault_token or $VAULT_TOKEN must be set and instead would ignore it. Currently I'm forced to export VAULT_TOKEN=none everywhere, which is of course doable, but a bit annoying.
Deploying large CRD addons after Starlark conversion fails
Error seen with strimzi CRDs:
E0713 10:47:57.945154 35592 main.go:243] addons run failed: `install' execution failed: failed addon installation: <addon: kafka-operator-crd> run failed: failed to store run state for `kafka-operator-crd' addon: ConfigMap "kafka-operator-crd-run-bs69sinjlrlom279ccm0" is invalid: []: Too long: must have at most 1048576 characters
Implement an inventory system
Implement an inventory system to allow static data to be resolved from a set of files and/or directories something similar to deepmind/kapitan.
[QUESTION] Custom resource definitions
How would you reference a proto definition for a CRD?
Support loading Isopod modules by version
Today this is supported by Git Sha only
Support kubeconfig chaining etc. for onprem
It would be nice if isopod supported
a) assuming a default of $HOME/.kube/config (I have to explicitly pass that as -kubeconfig=, else I get Failed to build kube rest config for k8s vendor <onprem: {}>)
b) reading the $KUBECONFIG environment variable
c) chaining several kube config files (e.g. define clusters/contexts in $HOME/.kube/config, then select the current-context in a project-local config file)
Code generator bugs
This is a thread to collect edge cases where the code generator doesn't produce the desired outcome.
Each of these should be covered in a test case when resolved.
- Currently the starlark code generator doesn't correctly render resource limits and requests:
YAML:
resources:
limits:
cpu: 1000m
memory: 384Mi
requests:
cpu: 200m
memory: 384Mi
Starlark:
resources=corev1.ResourceRequirements(
limits={
"cpu": apiresource.Quantity(
),
"memory": apiresource.Quantity(
)
},
requests={
"cpu": apiresource.Quantity(
),
"memory": apiresource.Quantity(
)
}
),
- a string in a liveness probe can't get applied:
YAML:
livenessProbe:
httpGet:
path: /healthy
port: http
initialDelaySeconds: 10
periodSeconds: 30
Starlark:
livenessProbe=corev1.Probe(
handler=corev1.Handler(
httpGet=corev1.HTTPGetAction(
path="/healthy",
port=utilintstr.IntOrString(
type=1,
strVal="http"
),
),
),
initialDelaySeconds=10,
periodSeconds=30,
),
Error:
E0710 14:26:13.059890 21531 main.go:243] addons run failed: `install' execution failed: failed addon installation: <addon: kafka-operator> run failed: TypeError: value 1 (type `int') can't be assigned to type `"k8s.io/apimachinery/pkg/util/intstr".Type'.
- raw JSON isn't rendered correctly:
YAML:
properties:
authentication:
type: object
properties:
type:
type: string
enum:
- tls
- scram-sha-512
description: Authentication type.
required:
- type
description: Authentication mechanism enabled for this Kafka user.
Starlark:
properties={
"authentication": apiextensionsv1beta1.JSONSchemaProps(
description="Authentication mechanism enabled for this Kafka user.",
type="object",
required=["type"],
properties={
"type": apiextensionsv1beta1.JSONSchemaProps(
description="Authentication type.",
type="string",
enum=[apiextensionsv1beta1.JSON(
raw="InRscyI="
),
apiextensionsv1beta1.JSON(
raw="InNjcmFtLXNoYS01MTIi"
)],
)
},
),
The above issues came up during generating the strimzi kafka controller
Support kube.put_yaml for Starlark code generator
With #45 a Starlark code generator was added. So far the code generator is capable of creating all k8s.io resources using kube.put, including CRDs. However it would be nice to also support custom resources using kube.put_yaml.
match_addons should warn if no addons match
I've hit this a few times where I use match_addons, but don't realize that there's an issue with the regex. It would be helpful if it could have some useful output including whether nothing matches. Another useful feature would be to have it say something like "Matched addons A, B, C".
Support input directories for Starlark code generator
With #45 a Starlark code generator for a single input file was added. Since a lot of upstream repositories come with a set of yamls in a directory, it would be nice to support directory input paths as well.
Render custom resources as Starlark structs in code generator
Currently the code generator just puts json strings into the data payload if the resource isn't a recognized k8s resource.
It would be more readable and more reusable if the generated code was actually Starlark structs as mentioned here
Fix bug where Starlark code generator renders a base64 string as byte array
Currently a base64 string in yaml renders as byte array in Starlark code. It should just remain a string.
Question regarding protobuf issue
I'm not sure if this is a bug or I'm missing something basic.
I've used isopod to s=kube.get(secret=...) and I can print the secret and it has all the correct information. However, if I try to print s.type I get a panic:
panic: valueToStarlark: unknown type v1.SecretType
goroutine 1 [running]:
github.com/stripe/skycfg/internal/go/skycfg.valueToStarlark({0x20c9340, 0xc0004ae3b0, 0xc00041ab18})
/Users/jschnake/go/pkg/mod/github.com/stripe/[email protected]/internal/go/skycfg/proto_message.go:307 +0x5a8
github.com/stripe/skycfg/internal/go/skycfg.(*skyProtoMessage).Attr(0xc00040e6c0, {0xc00041ab18, 0xc00040e6c0})
/Users/jschnake/go/pkg/mod/github.com/stripe/[email protected]/internal/go/skycfg/proto_message.go:162 +0x145
The protobuf code has the type field there though:
// Secret holds secret data of a certain type. The total bytes of the values in
// the Data field must be less than MaxSecretSize bytes.
message Secret {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
...
...
// Used to facilitate programmatic handling of secret data.
// +optional
optional string type = 3;
}
I feel like I must be missing something? Any help would be appreciated as I'm new to trying to utilize the protobuf code. Its mostly unnecessary for my use-case but I really wanted to utilize the kube built-ins you wrote. If you have a suggestion there I'd be open to it. It seemed difficult to pull out the kube built-ins on their own.
Clean up indentation for code generator
Currently the code generator creates arrays like this
blah_blah=[foobar(
something,
),
foobar(
something_else,
)]
But other code formatter actually expect this:
blah_blah=[
foobar(
something,
),
foobar(
something_else,
),
]
Isopod load: Support labeling of rollouts that come from a specific loaded version of code
Isopod today supports loading code from a repo with a specific commit id:
https://github.com/cruise-automation/isopod/blob/master/testdata/isopod.deps#L19
It also adds "heritage": "isopod" K8s labels to resources it deploys:
https://github.com/cruise-automation/isopod/blob/master/pkg/kube/kube.go#L196
Request: For resources that are deployed from "loaded" code, add the commit as a label so that the user knows which version of the resource was loaded and deployed by Isopod
Reason for no YAML output options?
I realize that part of the motivation for this project was to avoid YAML when possible.
I'm looking at potentially building a Sonobuoy plugin using isopod mainly for the convenient kube.* methods. However, there are times I'd like to be able to compare objects in their yaml form or print the raw yaml.
I see there is a "json" option instead of the protobuf default, why not also YAML? Trying to understand if it was a technical reason or not.
Command to generate pure manifest YAMLs for an Addon
This will allow Integration of Isopod with ArgoCD as a plugin: https://argoproj.github.io/argo-cd/user-guide/config-management-plugins/
The YAML is logged today but with decorators. It will be useful to get that piped to stdout directly for integration with other tooling.
assert behavior inconsistent with python
assert is a reserved keyword in python and so it cannot be used as a function. So in python, there is a tricky gotcha where the following will not fail:
assert(1 == 2, "hello")because it is equivalent to:
assert (1==2, "hello")which is asserting the "truthiness" of a tuple, which is True.
However, in isopod we override the assert keyword to make it a function, so the two are equivalent.
This breaks python grammar rules, which affects the ability to re-use code formatting tools like black. It's also just confusing that something that the behavior is the opposite of the python behavior.
We should either fix the grammar to allow assert as a statement or use a different function name.
Implement a plugin interface
Implement a plugin interface using something like hashicorp/go-plugin to allow additional datasource backends without requiring code in-tree.
Potential collision and risk from indirect dependence "github.com/gotestyourself/gotestyourself"
Background
Repo cruise-automation/isopod used the old path to import gotestyourself indirectly.
This caused that github.com/gotestyourself/gotestyourself and gotest.tools coexist in this repo:
https://github.com/cruise-automation/isopod/blob/master/go.mod (Line 50 & 104)
github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
gotest.tools v2.2.0+incompatible // indirect
That’s because the gotestyourself has already renamed it’s import path from "github.com/gotestyourself/gotestyourself" to "gotest.tools". When you use the old path "github.com/gotestyourself/gotestyourself" to import the gotestyourself, will reintroduces gotestyourself through the import statements "import gotest.tools" in the go source file of gotestyourself.
https://github.com/gotestyourself/gotest.tools/blob/v2.2.0/fs/example_test.go#L8
package fs_test
import (
…
"gotest.tools/assert"
"gotest.tools/assert/cmp"
"gotest.tools/fs"
"gotest.tools/golden"
)
"github.com/gotestyourself/gotestyourself" and "gotest.tools" are the same repos. This will work in isolation, bring about potential risks and problems.
Solution
Add replace statement in the go.mod file:
replace github.com/gotestyourself/gotestyourself => gotest.tools v2.3.0
Then clean the go.mod.
Add --help flag to subcommands
Currently the subcommands don't have a dedicated help:
isopod install --help
F0623 16:26:04.864009 75962 main.go:253] Failed to load clusters runtime: open --help: no such file or directory
Would be nice to have that since users expect that.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.