doriordan / skuber Goto Github PK

It looks like this is a simple copy/past error, it prevents RoleBinding from being serialized, instead of ResourceDefintion[RoleBinding], the file RoleBinding.scala contain a implicit for ResourceDefintion[Role]

  implicit val roleDef = new ResourceDefinition[Role] {
    def spec = NonCoreResourceSpecification (
      group=Some("rbac.authorization.k8s.io"),
      version="v1beta1",
      scope = Scope.Namespaced,
      names=Names(
        plural = "rolebindings",
        singular = "rolebinding",
        kind = "RoleBinding",
        shortNames = Nil
      )
    )
  }
}

10:45:35.680 INFO [ { reqId=7765733c-2d5a-41b2-b69b-8a9b1ceeabe4} } - creating watch on resource $name of kind ${rd.spec.names.kind}]

client/src/main/scala/skuber/api/Watch.scala:39

context.logInfo(context.logConfig.logRequestBasic, "creating watch on resource $name of kind ${rd.spec.names.kind}")

missing a 's' at the start of the string:

    I've used the SKUBER_CONFIG env para to call the k8s from outside, which succeeded but not safe .Now I need to call the k8s api-server internally with the SKUBERCONFIG, according to the guide, it will read config from ~/.kube/config , which means I should have a config there or I can generate one, but it might need some modifications if I use my app in different k8s env, which means it is not that generic.
    In official go SDK, it read the config and the credential info from another path which you can see as follows:

	host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")
	if len(host) == 0 || len(port) == 0 {
		return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
	}
	token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountTokenKey)
	if err != nil {
		return nil, err
	}
	tlsClientConfig := TLSClientConfig{}
	rootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountRootCAKey
	if _, err := crypto.CertPoolFromFile(rootCAFile); err != nil {
		glog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err)
	} else {
		tlsClientConfig.CAFile = rootCAFile
	}

	return &Config{
		// TODO: switch to using cluster DNS.
		Host:            "https://" + net.JoinHostPort(host, port),
		BearerToken:     string(token),
		TLSClientConfig: tlsClientConfig,
	}, nil
}```

I hope I didnt make anything wrong, and can you give an example of  calling the k8s-server api with tls without specific configuration?Thanks!

Can I know when there will be support for scala 2.12

Currently the DeleteOptions implementation doesn't support setting propagationPolicy or preconditions, which were added since it was implemented. These settings can be useful (especially propagationPolicy) so should be supported.

(It also doesn't support orphanDependents but that is deprecated in favour of propagationPolicy so no point in implementing support for it now)

I've looked through the repository for the pod backoff limit setting but it looks like it isn't implemented. Is there another way to configure it?

Thanks!

Add support for pod affinity and anti-affinity in pod specifications

See test and implementation in #36

Would like ability to query for resources according to labels, per the labelSelector query parameter provided by the kube REST API, document here:
https://kubernetes.io/docs/user-guide/labels/

I've trawled through the skuber source and can't find a way to access a pod's logs as described here:
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#-strong-misc-operations-strong--71

Am I missing something or does skuber not support this currently?

Thanks,
Trevor

What is the proper usage for the partiallyUpdate method, which performs an HTTP PATCH on the passed object with the standard rendering?

For example, the PATCH call to scale a Deployment (e.g., to 8 instances) simply involves passing the payload:

{"spec": {"replicas": 8}}

Because most objects have a mandatory metadata: ObjectMeta field, this will always be constructed, rendered and passed as part of the PATCH request body. The minimal PATCH construction seems to be this:

sk8.partiallyUpdate[Deployment](Deployment("test-depl").withReplicas(8))

for which the corresponding payload is:

{
  "kind": "Deployment",
  "apiVersion": "extensions/v1beta1",
  "metadata": {
    "name": "test-depl",
    "namespace": "default"
  },
  "spec": {
    "replicas": 8
  }
}

The good news is that this, according to my manual testing against Kube 1.5.5, seems to work. I was wondering what the thoughts were on this, and whether it was worthwhile checking in some examples and/or tests to document and/or protect this.

I'm running a build from a clone of the skuber repo and see the following when trying to list pods in a specific namespace:
[INFO] [05/14/2018 13:46:19.771] [main] [skuber.api] [ { reqId=bcb42ba3-da57-4b56-8241-cf6b55539ed6} } - about to send HTTP request: GET https://10.167.120.125:6443/api/v1/namespaces/alan/pods]
[INFO] [05/14/2018 13:46:20.323] [k8sclient-akka.actor.default-dispatcher-3] [skuber.api] [ { reqId=bcb42ba3-da57-4b56-8241-cf6b55539ed6} } - received response with HTTP status 200]
Error listing pods in 'alan' namespace: JsResultException(errors:List((,List(JsonValidationError(List(Unknown toleration effect 'NoExecute'),WrappedArray())))))

I see that the NoSchedule and PreferNoSchedule taints are handled, but not NoExecute. It looks like straightforward changes are required to:

./client/src/main/scala/skuber/json/package.scala
./client/src/main/scala/skuber/Pod.scala
./client/src/test/scala/skuber/json/NodeFormatSpec.scala

I'd offer to fix it but by the time I get the legal team at Oracle to approve a contributor request, we'll all have retired :)

When do you plan to add support for Jobs?
Thanks

It would be very handy if Skuber could support the NetworkPolicy resource type.

Stateful spec is missing multiple (optional but useful) spec and status fields such as revisionHistoryLimit, currentReplicas, PodManagementPolicy, UpdateStrategy and some others.
Also StatefulSet.Spec.templates field is defined as an Option type, but the template is mandatory per k8s API definition of StatefulSet

The Kubernetes API supports various patch strategies, none of which are currently supported by Skuber but would be useful for some use cases.
This would be a fairly large enhancement and seems to be in the nice-to-have category, so it is unlikely I will work on it anytime soon but if someone wants to work on a PR for this let me know.

The latest Kubernetes versions have some fields across several Volume Source types that are missing from the corresponding Skuber model. In particular, the following fields need to be added:

Git repo: directory
Secret: defaultMode and optional
Config Map: defaultMode and optional
Empty Dir: size limit
Hostpath: type
ISCSI: portals

Currently if no SKUBER environment variables are set then the client doesn't utilise any kubeconfig file for configuration - intead it creates a simple configuration to access the cluster via localhost:8080.
This made sense in the early days for Skuber before it had full support for kubeconfig files, so clients used a local kubectl proxy to access the cluster.
However support for kubeconfig has been implemented in Skuber for a long time now, and I believe the default should now be aligned with that used by other clients (such as kubectl) i.e. to read from the kubeconfig file in the default location.
I plan to get this (simple) change into the next release of Skuber, unless convinced otherwise.
Documenting as an issue to give users a heads-up in case this impacts how they use Skuber

I think there were some errors during the release of 2.0.5
After downloading from central-maven
The jar does not contain the /skuber/Pod$Toleration* classes, which is available in the git tag v2.0.5

In several places Skuber requires passing an ActorMaterializer while less specific Materializer would be fine.

When attempting to scale a deployment to zero instances, the replicas field is neglected from the JSON output, resulting in the deployment being scaled to (default) 1 instance.
The reason is that the Format[Deployment] is configured to treat replicas as formatMaybeInt(), which uses zero as a indicator value for a missing argument.

I'm going to push a branch with a documenting test, but I'd appreciate some feedback from @doriordan (or anyone) as to the preferred approach to solve the issue (this specific issue with Deployment, and the issue in general). My inclination is to modify formatMaybeInt to use a different sentinel value (maybe -1? that feels like kicking the can down the road...)

When testing against Kubernetes 1.5.1 an exception is thrown when parsing responses that contain list kinds if the list is empty. This is because the 'items' field is now null in that case, whereas in previous Kubernetes releases it was an empty array.

Currently when scaling, the forExtensionsAPI is forced to false. This should be determined instead by the Kind type class passed to buildRequest.

Error because of this issue:

Request DefaultHttpRequest(chunked: false)
PUT /api/extensions/v1beta1/namespaces/default/deployments/testing-worker/scale HTTP/1.1
Content-Type: application/json
Content-Length: 127
Connection: keep-alive
Host: 192.168.64.2:8443
Accept: */*
User-Agent: AHC/1.0

Response DefaultHttpResponse(chunked: false)
HTTP/1.1 404 Not Found
Content-Type: application/json
Date: Thu, 06 Apr 2017 03:41:02 GMT
Content-Length: 174

The path should be:

/apis/extensions/v1beta1/namespaces/default/deployments/testing-worker/scale

David,

My team would like to use skuber in a project we're building and it would be very helpful if we could download the package via Bintray's Jcenter/maven repository. Looking at JFrog Bintray, it appears that you can link your package by clicking on the "Include My Package" button somewhere.

Is this something you would be open to doing?

Thanks,

Cory

Hi! I have a hard time trying to list all pods from all namespaces in my cluster.

I’m using a long-lived watchAll subscription to get all pod updates within a namespace.

If the underlying connection dies, I’d like to restart the watchAll from the latest resourceVersion.

However, it seems the resourceVersion I get from object.metadata in WatchEvents is not the same kind of version identifier used in the sinceResourceVersion of watchAll queries.

Is there a way of achieving my dream of a resilient watchAll subscription?

Per kubernetes/kubernetes#44339, by default, NodeAffinity is not supported in Kube 1.6+ as annotations. Instead, they are bonafide properties on the Pod spec. In order to support default cluster configurations, I propose that we add .affinity to Pod.Spec.

I'm working on a merge request right now.

I am trying to use my own configuration with k8sInit

but i keep getting this exception

[com.typesafe.sslconfig.ssl.DefaultHostnameVerifier] - verify: Certificate does not match hostname! subjectAltNames = [[2, docker-for-desktop], [2, kubernetes], [2, kubernetes.default], [2, kubernetes.default.svc], [2, kubernetes.default.svc.cluster.local], [7, 10.96.0.1], [7, 192.168.65.3]], hostName = localhost Cause: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found.

Any idea?

(Impacts v2.0.1 only) Setting propagationPolicy in DeleteOptions has no impact due to typo in its json formatter

Docker EE Kubernetes utilizes elliptic curve cryptography, requiring (at least) the ability to parse EC private keys.

I'm adding support this to skuber right now (pull request #127 has a documenting test). There are some arguments in TLS#getKeyManagers anticipating different types of private keys, but they're not used. The feedback I'd like is whether to use arguments (which presumably require some hint from the skuber user) or to try to autodetect the key type. Any opinion on this, @doriordan ?

These factory methods/vals on the Configuration object:
useLocalProxyDefault
useLocalProxyOnPort
useProxyAt
return incorrect configurations which do not use the requested proxy address

A side-effect of this is that the SKUBER_URL environment variable is not correctly used.

Note - only impacts 2.x version.

The ConigMapVolumeSource class is missing the defaultMode field (see https://kubernetes.io/docs/api-reference/v1.8/#configmapvolumesource-v1-core)

If an incorrect path is specified for the kubeconfig file then a NoSuchFileException is thrown in the following:

    def parseKubeconfigFile(path: Path = Paths.get(System.getProperty("user.home"),".kube", 
       "config")) : Try[Configuration] = {
           parseKubeconfigStream(Files.newInputStream(path))
       }

As this returns a Try[Configuration] it this should instead construct an appropriate Failure rather than simply throwing an exception

As far as I can tell there is no support for PodPreset:
https://kubernetes.io/docs/tasks/inject-data-application/podpreset/
Could this be added please?

When trying to use the following construct to look up a Rolebinding:

    val roleBindingAlreadyCreated = k8s
      .listInNamespace[RoleBindingList](nameOfNamespace)
      .map(_.contains(roleBinding.metadata.name))

I got a compile error of a missing implicit, that I think should look something like this in Rolebinding.scala

implicit val roleListDef = new ResourceDefinition[RoleBindingList] { def spec = specification }

I'm trying to use the Job type but whenever I try to create one I'm getting this error:

No Json formatter found for type skuber.batch.Job. Try to implement an implicit Format for this type.

I've imported the skuber.json.format._ package. Is there some other package I'm missing?

Logging in the examples subproject has a couple of config/build issues:

• The build does not include the necessary libraries so falls back to default logger, instead of using desired Akka sl4j/logback logging.
• Akka / logback config needs to be in the src\main\resources directory in the subproject.

The examples build needs to be updated to include the Akka sl4j and logback-classic logging libraries, and the application.conf and logback.xml files should be in the examples resources directory.

Hi!

Are there any plans to support play 2.5? skuber 1.3 is not compatible with it.

Event watches are by their very nature long-lived, but at present they fail if there are no event messages within a minute:

akka.actor.Status$Failure Failure(akka.stream.scaladsl.TcpIdleTimeoutException: TCP idle-timeout encountered on connection to [10.167.120.125:6443], no bytes passed in the last 1 minute)

The default timeout should be infinite, but I'm also not sure how you would override it with the current implementation.

StatefulSets are very useful and the only way to perform certain tasks. Skuber should support them.

Is there and support for auth-providers suchs gcp?

auth-provider:
  config:
    cmd-args: config config-helper --format=json
    cmd-path: /Users/andrew/google-cloud-sdk/bin/gcloud
    expiry-key: '{.credential.token_expiry}'
    token-key: '{.credential.access_token}'
  name: gcp

Approx line 335:
logInfo(logConfig.logResponseFullListResource, s" Unamrshalled list resource: ${result.toString}")

Unamrshalled => Unmarshalled

:)

In Container.scala:

terminationMessagePath: String = "/var/log/termination",

The default k8s termination path is /dev/termination-log. The terminationMessagePath parameter to the Container constructor should default to the k8s default path, or even better, be made into an Option().

PersistentVolumes do not support namespaces, but Skuber tries to make a namespaced request when creating one:

Request DefaultHttpRequest(chunked: false)
POST /api/v1/namespaces/default/persistentvolumes HTTP/1.1
Content-Type: application/json
Content-Length: 223
Connection: keep-alive
Host: 192.168.99.100:8443
Accept: */*
User-Agent: AHC/1.0

Response DefaultHttpResponse(chunked: false)
HTTP/1.1 404 Not Found
Content-Type: application/json
Date: Sat, 25 Feb 2017 20:53:08 GMT
Content-Length: 174

Per the API documentation (and my own testing), path is optional in an HTTPIngressPath.
However, skuber 1.3.0 treats skuber.ext.Ingress#Path#path as a mandatory String.
I'm working on a pull request that handles missing path field from Kubernetes responses.

I'm writing an application with skuber that runs on K8s and creates/deploys other applications on k8s, e.g. my skuber code itself runs within k8s.

The current initialization expects a kubeconfig file setup, which is very hard to create inside a pod. I'm working on cobbling together some way of getting this to work but it's far from ideal.

Any pod running inside of k8s will have its service account, token, and client certificate mounted as files (see Accessing the API from a pod), which could be used by skuber to set up the connection instead of the kubeconfig.

I think this alternative "running side k8s" initialization strategy should be supported.

References:

• Accessing the API from a pod

Probe, at least the version implemented in the release_2.0 branch, is missing several important fields, e.g.:

• periodSeconds
• failureThreshold
• successThreshold

The full spec is here: https://kubernetes.io/docs/api-reference/v1.8/#probe-v1-core

If I use kubctl to dump out all the node information I see this (trimmed):

    "Items": [
        "Status": {
            "Capacity": {
            "Allocatable": {
            "Phase": "",
            "Conditions": [
            "Addresses": [
            "DaemonEndpoints": {
            "NodeInfo": {
            "Images": [
            "VolumesInUse"
            "VolumesAttached"

If I look at the definition of Node.Status, half of those are missing:

  case class Status(
      capacity: Resource.ResourceList=Map(),
      phase: Option[Phase.Phase] = None,
      conditions: List[Node.Condition] = List(),
      addresses: List[Node.Address] = List(),
      nodeInfo: Option[Node.SystemInfo] = None)

Runs fine locally, but PRs showing as red due to suddenly started failing on Travis for unknown reason.
Will disable test temporarily until fixed