From 92ad847dbefb2b95a765fd4c073339320766cb10 Mon Sep 17 00:00:00 2001 From: LeaveMyYard Date: Fri, 4 Aug 2023 11:38:09 +0300 Subject: [PATCH 1/4] Fix listing namespaced workflows --- robusta_krr/core/integrations/kubernetes.py | 192 ++++++------- robusta_krr/core/integrations/rollout.py | 282 ++++++++++++++++---- 2 files changed, 314 insertions(+), 160 deletions(-) diff --git a/robusta_krr/core/integrations/kubernetes.py b/robusta_krr/core/integrations/kubernetes.py index 74a38560..68c9fe82 100644 --- a/robusta_krr/core/integrations/kubernetes.py +++ b/robusta_krr/core/integrations/kubernetes.py @@ -1,6 +1,7 @@ import asyncio from concurrent.futures import ThreadPoolExecutor -from typing import AsyncGenerator, Optional, Union +from typing import AsyncGenerator, Optional, Union, Callable, AsyncIterator +from functools import wraps import aiostream from kubernetes import client, config # type: ignore @@ -65,28 +66,21 @@ async def list_scannable_objects(self) -> AsyncGenerator[K8sObjectData, None]: self.__hpa_list = await self._try_list_hpa() - tasks = [ + # https://stackoverflow.com/questions/55299564/join-multiple-async-generators-in-python + # This will merge all the streams from all the cluster loaders into a single stream + objects_combined = aiostream.stream.merge( self._list_deployments(), self._list_rollouts(), self._list_all_statefulsets(), self._list_all_daemon_set(), self._list_all_jobs(), - ] - - for fut in asyncio.as_completed(tasks): - try: - object_list = await fut - except Exception as e: - self.error(f"Error {e.__class__.__name__} listing objects in cluster {self.cluster}: {e}") - self.debug_exception() - self.error("Will skip this object type and continue.") - continue - - for object in object_list: + ) + + async with objects_combined.stream() as streamer: + async for object in streamer: + # NOTE: By default we will filter out kube-system namespace if self.config.namespaces == "*" and object.namespace == "kube-system": continue - elif self.config.namespaces != "*" and object.namespace not in self.config.namespaces: - continue yield object @staticmethod @@ -127,108 +121,94 @@ def __build_obj( hpa=self.__hpa_list.get((namespace, kind, name)), ) - async def _list_deployments(self) -> list[K8sObjectData]: - self.debug(f"Listing deployments in {self.cluster}") + async def _list_workflows( + self, kind: str, all_namespaces_request: Callable, namespaced_request: Callable + ) -> AsyncIterator[K8sObjectData]: + self.debug(f"Listing {kind} in {self.cluster}") loop = asyncio.get_running_loop() - ret: V1DeploymentList = await loop.run_in_executor( - self.executor, - lambda: self.apps.list_deployment_for_all_namespaces( - watch=False, - label_selector=self.config.selector, - ), - ) - self.debug(f"Found {len(ret.items)} deployments in {self.cluster}") - return [ - self.__build_obj(item, container) for item in ret.items for container in item.spec.template.spec.containers - ] - - async def _list_rollouts(self) -> list[K8sObjectData]: - self.debug(f"Listing ArgoCD rollouts in {self.cluster}") - loop = asyncio.get_running_loop() try: - ret: V1DeploymentList = await loop.run_in_executor( - self.executor, - lambda: self.rollout.list_rollout_for_all_namespaces( - watch=False, - label_selector=self.config.selector, - ), - ) + if self.config.namespaces == "*": + ret_multi = await loop.run_in_executor( + self.executor, + lambda: all_namespaces_request( + watch=False, + label_selector=self.config.selector, + ), + ) + self.debug(f"Found {len(ret_multi.items)} {kind} in {self.cluster}") + for item in ret_multi.items: + for container in item.spec.template.spec.containers: + yield self.__build_obj(item, container) + else: + tasks = [ + loop.run_in_executor( + self.executor, + lambda: namespaced_request( + namespace=namespace, + watch=False, + label_selector=self.config.selector, + ), + ) + for namespace in self.config.namespaces + ] + + total_items = 0 + for task in asyncio.as_completed(tasks): + ret_single = await task + total_items += len(ret_single.items) + for item in ret_single.items: + for container in item.spec.template.spec.containers: + yield self.__build_obj(item, container) + + self.debug(f"Found {total_items} {kind} in {self.cluster}") except ApiException as e: - if e.status in [400, 401, 403, 404]: - self.debug(f"Rollout API not available in {self.cluster}") - return [] - raise - - self.debug(f"Found {len(ret.items)} rollouts in {self.cluster}") - - return [ - self.__build_obj(item, container) for item in ret.items for container in item.spec.template.spec.containers - ] + self.error(f"Error {e.status} listing {kind} in cluster {self.cluster}: {e.reason}") + self.debug_exception() + self.error("Will skip this object type and continue.") - async def _list_all_statefulsets(self) -> list[K8sObjectData]: - self.debug(f"Listing statefulsets in {self.cluster}") - loop = asyncio.get_running_loop() - ret: V1StatefulSetList = await loop.run_in_executor( - self.executor, - lambda: self.apps.list_stateful_set_for_all_namespaces( - watch=False, - label_selector=self.config.selector, - ), + def _list_deployments(self) -> AsyncIterator[K8sObjectData]: + return self._list_workflows( + kind="deployments", + all_namespaces_request=self.apps.list_deployment_for_all_namespaces, + namespaced_request=self.apps.list_namespaced_deployment, ) - self.debug(f"Found {len(ret.items)} statefulsets in {self.cluster}") - return [ - self.__build_obj(item, container) for item in ret.items for container in item.spec.template.spec.containers - ] + async def _list_rollouts(self) -> AsyncIterator[K8sObjectData]: + # TODO: Mutlitple errors will throw here, we should catch them all + try: + async for rollout in self._list_workflows( + kind="ArgoCD Rollout", + all_namespaces_request=self.rollout.list_rollout_for_all_namespaces, + namespaced_request=self.rollout.list_namespaced_rollout, + ): + yield rollout + except ApiException as e: + if e.status in [400, 401, 403, 404]: + self.debug(f"Rollout API not available in {self.cluster}") + else: + raise - async def _list_all_daemon_set(self) -> list[K8sObjectData]: - self.debug(f"Listing daemonsets in {self.cluster}") - loop = asyncio.get_running_loop() - ret: V1DaemonSetList = await loop.run_in_executor( - self.executor, - lambda: self.apps.list_daemon_set_for_all_namespaces( - watch=False, - label_selector=self.config.selector, - ), + def _list_all_statefulsets(self) -> AsyncIterator[K8sObjectData]: + return self._list_workflows( + kind="statefulsets", + all_namespaces_request=self.apps.list_stateful_set_for_all_namespaces, + namespaced_request=self.apps.list_namespaced_stateful_set, ) - self.debug(f"Found {len(ret.items)} daemonsets in {self.cluster}") - - return [ - self.__build_obj(item, container) for item in ret.items for container in item.spec.template.spec.containers - ] - async def _list_all_jobs(self) -> list[K8sObjectData]: - self.debug(f"Listing jobs in {self.cluster}") - loop = asyncio.get_running_loop() - ret: V1JobList = await loop.run_in_executor( - self.executor, - lambda: self.batch.list_job_for_all_namespaces( - watch=False, - label_selector=self.config.selector, - ), + def _list_all_daemon_set(self) -> AsyncIterator[K8sObjectData]: + return self._list_workflows( + kind="daemonsets", + all_namespaces_request=self.apps.list_daemon_set_for_all_namespaces, + namespaced_request=self.apps.list_namespaced_daemon_set, ) - self.debug(f"Found {len(ret.items)} jobs in {self.cluster}") - - return [ - self.__build_obj(item, container) for item in ret.items for container in item.spec.template.spec.containers - ] - async def _list_pods(self) -> list[K8sObjectData]: - """For future use, not supported yet.""" - - self.debug(f"Listing pods in {self.cluster}") - loop = asyncio.get_running_loop() - ret: V1PodList = await loop.run_in_executor( - self.executor, - lambda: self.apps.list_pod_for_all_namespaces( - watch=False, - label_selector=self.config.selector, - ), + def _list_all_jobs(self) -> AsyncIterator[K8sObjectData]: + return self._list_workflows( + kind="jobs", + all_namespaces_request=self.batch.list_job_for_all_namespaces, + namespaced_request=self.batch.list_namespaced_job, ) - self.debug(f"Found {len(ret.items)} pods in {self.cluster}") - - return [self.__build_obj(item, container) for item in ret.items for container in item.spec.containers] async def __list_hpa_v1(self) -> dict[HPAKey, HPAData]: loop = asyncio.get_running_loop() @@ -367,7 +347,7 @@ def _try_create_cluster_loader(self, cluster: Optional[str]) -> Optional[Cluster self.error(f"Could not load cluster {cluster} and will skip it: {e}") return None - async def list_scannable_objects(self, clusters: Optional[list[str]]) -> AsyncGenerator[K8sObjectData, None]: + async def list_scannable_objects(self, clusters: Optional[list[str]]) -> AsyncIterator[K8sObjectData]: """List all scannable objects. Yields: diff --git a/robusta_krr/core/integrations/rollout.py b/robusta_krr/core/integrations/rollout.py index 3ac55138..677e00d9 100644 --- a/robusta_krr/core/integrations/rollout.py +++ b/robusta_krr/core/integrations/rollout.py @@ -1,10 +1,7 @@ from kubernetes import client import six -from kubernetes.client.exceptions import ( # noqa: F401 - ApiTypeError, - -) +from kubernetes.client.exceptions import ApiTypeError, ApiValueError class RolloutAppsV1Api(client.AppsV1Api): @@ -42,7 +39,7 @@ def list_rollout_for_all_namespaces(self, **kwargs): # noqa: E501 If the method is called asynchronously, returns the request thread. """ - kwargs['_return_http_data_only'] = True + kwargs["_return_http_data_only"] = True return self.list_rollout_for_all_namespaces_with_http_info(**kwargs) # noqa: E501 def list_rollout_for_all_namespaces_with_http_info(self, **kwargs): # noqa: E501 @@ -82,60 +79,228 @@ def list_rollout_for_all_namespaces_with_http_info(self, **kwargs): # noqa: E50 local_var_params = locals() all_params = [ - 'allow_watch_bookmarks', - '_continue', - 'field_selector', - 'label_selector', - 'limit', - 'pretty', - 'resource_version', - 'resource_version_match', - 'timeout_seconds', - 'watch' + "allow_watch_bookmarks", + "_continue", + "field_selector", + "label_selector", + "limit", + "pretty", + "resource_version", + "resource_version_match", + "timeout_seconds", + "watch", ] - all_params.extend( + all_params.extend(["async_req", "_return_http_data_only", "_preload_content", "_request_timeout"]) + + for key, val in six.iteritems(local_var_params["kwargs"]): + if key not in all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" " to method list_deployment_for_all_namespaces" % key + ) + local_var_params[key] = val + del local_var_params["kwargs"] + + collection_formats = {} + + path_params = {} + + query_params = [] + if ( + "allow_watch_bookmarks" in local_var_params and local_var_params["allow_watch_bookmarks"] is not None + ): # noqa: E501 + query_params.append(("allowWatchBookmarks", local_var_params["allow_watch_bookmarks"])) # noqa: E501 + if "_continue" in local_var_params and local_var_params["_continue"] is not None: # noqa: E501 + query_params.append(("continue", local_var_params["_continue"])) # noqa: E501 + if "field_selector" in local_var_params and local_var_params["field_selector"] is not None: # noqa: E501 + query_params.append(("fieldSelector", local_var_params["field_selector"])) # noqa: E501 + if "label_selector" in local_var_params and local_var_params["label_selector"] is not None: # noqa: E501 + query_params.append(("labelSelector", local_var_params["label_selector"])) # noqa: E501 + if "limit" in local_var_params and local_var_params["limit"] is not None: # noqa: E501 + query_params.append(("limit", local_var_params["limit"])) # noqa: E501 + if "pretty" in local_var_params and local_var_params["pretty"] is not None: # noqa: E501 + query_params.append(("pretty", local_var_params["pretty"])) # noqa: E501 + if "resource_version" in local_var_params and local_var_params["resource_version"] is not None: # noqa: E501 + query_params.append(("resourceVersion", local_var_params["resource_version"])) # noqa: E501 + if ( + "resource_version_match" in local_var_params and local_var_params["resource_version_match"] is not None + ): # noqa: E501 + query_params.append(("resourceVersionMatch", local_var_params["resource_version_match"])) # noqa: E501 + if "timeout_seconds" in local_var_params and local_var_params["timeout_seconds"] is not None: # noqa: E501 + query_params.append(("timeoutSeconds", local_var_params["timeout_seconds"])) # noqa: E501 + if "watch" in local_var_params and local_var_params["watch"] is not None: # noqa: E501 + query_params.append(("watch", local_var_params["watch"])) # noqa: E501 + + header_params = {} + + form_params = [] + local_var_files = {} + + body_params = None + # HTTP header `Accept` + header_params["Accept"] = self.api_client.select_header_accept( [ - 'async_req', - '_return_http_data_only', - '_preload_content', - '_request_timeout' + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch", ] + ) # noqa: E501 + + # Authentication setting + auth_settings = ["BearerToken"] # noqa: E501 + + return self.api_client.call_api( + "/apis/argoproj.io/v1alpha1/rollouts", + "GET", + path_params, + query_params, + header_params, + body=body_params, + post_params=form_params, + files=local_var_files, + response_type="V1DeploymentList", # noqa: E501 + auth_settings=auth_settings, + async_req=local_var_params.get("async_req"), + _return_http_data_only=local_var_params.get("_return_http_data_only"), # noqa: E501 + _preload_content=local_var_params.get("_preload_content", True), + _request_timeout=local_var_params.get("_request_timeout"), + collection_formats=collection_formats, ) - for key, val in six.iteritems(local_var_params['kwargs']): + def list_namespaced_rollout(self, namespace, **kwargs): # noqa: E501 + """list_namespaced_rollout # noqa: E501 + + list or watch objects of kind ControllerRevision # noqa: E501 + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + >>> thread = api.list_namespaced_rollout(namespace, async_req=True) + >>> result = thread.get() + + :param async_req bool: execute request asynchronously + :param str namespace: object name and auth scope, such as for teams and projects (required) + :param str pretty: If 'true', then the output is pretty printed. + :param bool allow_watch_bookmarks: allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. + :param str _continue: The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. + :param str field_selector: A selector to restrict the list of returned objects by their fields. Defaults to everything. + :param str label_selector: A selector to restrict the list of returned objects by their labels. Defaults to everything. + :param int limit: limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. + :param str resource_version: resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset + :param str resource_version_match: resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset + :param int timeout_seconds: Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. + :param bool watch: Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. + :param _preload_content: if False, the urllib3.HTTPResponse object will + be returned without reading/decoding response + data. Default is True. + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: V1ControllerRevisionList + If the method is called asynchronously, + returns the request thread. + """ + kwargs["_return_http_data_only"] = True + return self.list_namespaced_rollout_with_http_info(namespace, **kwargs) # noqa: E501 + + def list_namespaced_rollout_with_http_info(self, namespace, **kwargs): # noqa: E501 + """list_namespaced_rollout # noqa: E501 + + list or watch objects of kind ControllerRevision # noqa: E501 + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + >>> thread = api.list_namespaced_rollout_with_http_info(namespace, async_req=True) + >>> result = thread.get() + + :param async_req bool: execute request asynchronously + :param str namespace: object name and auth scope, such as for teams and projects (required) + :param str pretty: If 'true', then the output is pretty printed. + :param bool allow_watch_bookmarks: allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. + :param str _continue: The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. + :param str field_selector: A selector to restrict the list of returned objects by their fields. Defaults to everything. + :param str label_selector: A selector to restrict the list of returned objects by their labels. Defaults to everything. + :param int limit: limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. + :param str resource_version: resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset + :param str resource_version_match: resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset + :param int timeout_seconds: Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. + :param bool watch: Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. + :param _return_http_data_only: response data without head status code + and headers + :param _preload_content: if False, the urllib3.HTTPResponse object will + be returned without reading/decoding response + data. Default is True. + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: tuple(V1ControllerRevisionList, status_code(int), headers(HTTPHeaderDict)) + If the method is called asynchronously, + returns the request thread. + """ + + local_var_params = locals() + + all_params = [ + "namespace", + "pretty", + "allow_watch_bookmarks", + "_continue", + "field_selector", + "label_selector", + "limit", + "resource_version", + "resource_version_match", + "timeout_seconds", + "watch", + ] + all_params.extend(["async_req", "_return_http_data_only", "_preload_content", "_request_timeout"]) + + for key, val in six.iteritems(local_var_params["kwargs"]): if key not in all_params: raise ApiTypeError( - "Got an unexpected keyword argument '%s'" - " to method list_deployment_for_all_namespaces" % key + "Got an unexpected keyword argument '%s'" " to method list_namespaced_controller_revision" % key ) local_var_params[key] = val - del local_var_params['kwargs'] + del local_var_params["kwargs"] + # verify the required parameter 'namespace' is set + if self.api_client.client_side_validation and ( + "namespace" not in local_var_params or local_var_params["namespace"] is None # noqa: E501 + ): # noqa: E501 + raise ApiValueError( + "Missing the required parameter `namespace` when calling `list_namespaced_controller_revision`" + ) # noqa: E501 collection_formats = {} path_params = {} + if "namespace" in local_var_params: + path_params["namespace"] = local_var_params["namespace"] # noqa: E501 query_params = [] - if 'allow_watch_bookmarks' in local_var_params and local_var_params['allow_watch_bookmarks'] is not None: # noqa: E501 - query_params.append(('allowWatchBookmarks', local_var_params['allow_watch_bookmarks'])) # noqa: E501 - if '_continue' in local_var_params and local_var_params['_continue'] is not None: # noqa: E501 - query_params.append(('continue', local_var_params['_continue'])) # noqa: E501 - if 'field_selector' in local_var_params and local_var_params['field_selector'] is not None: # noqa: E501 - query_params.append(('fieldSelector', local_var_params['field_selector'])) # noqa: E501 - if 'label_selector' in local_var_params and local_var_params['label_selector'] is not None: # noqa: E501 - query_params.append(('labelSelector', local_var_params['label_selector'])) # noqa: E501 - if 'limit' in local_var_params and local_var_params['limit'] is not None: # noqa: E501 - query_params.append(('limit', local_var_params['limit'])) # noqa: E501 - if 'pretty' in local_var_params and local_var_params['pretty'] is not None: # noqa: E501 - query_params.append(('pretty', local_var_params['pretty'])) # noqa: E501 - if 'resource_version' in local_var_params and local_var_params['resource_version'] is not None: # noqa: E501 - query_params.append(('resourceVersion', local_var_params['resource_version'])) # noqa: E501 - if 'resource_version_match' in local_var_params and local_var_params['resource_version_match'] is not None: # noqa: E501 - query_params.append(('resourceVersionMatch', local_var_params['resource_version_match'])) # noqa: E501 - if 'timeout_seconds' in local_var_params and local_var_params['timeout_seconds'] is not None: # noqa: E501 - query_params.append(('timeoutSeconds', local_var_params['timeout_seconds'])) # noqa: E501 - if 'watch' in local_var_params and local_var_params['watch'] is not None: # noqa: E501 - query_params.append(('watch', local_var_params['watch'])) # noqa: E501 + if "pretty" in local_var_params and local_var_params["pretty"] is not None: # noqa: E501 + query_params.append(("pretty", local_var_params["pretty"])) # noqa: E501 + if ( + "allow_watch_bookmarks" in local_var_params and local_var_params["allow_watch_bookmarks"] is not None + ): # noqa: E501 + query_params.append(("allowWatchBookmarks", local_var_params["allow_watch_bookmarks"])) # noqa: E501 + if "_continue" in local_var_params and local_var_params["_continue"] is not None: # noqa: E501 + query_params.append(("continue", local_var_params["_continue"])) # noqa: E501 + if "field_selector" in local_var_params and local_var_params["field_selector"] is not None: # noqa: E501 + query_params.append(("fieldSelector", local_var_params["field_selector"])) # noqa: E501 + if "label_selector" in local_var_params and local_var_params["label_selector"] is not None: # noqa: E501 + query_params.append(("labelSelector", local_var_params["label_selector"])) # noqa: E501 + if "limit" in local_var_params and local_var_params["limit"] is not None: # noqa: E501 + query_params.append(("limit", local_var_params["limit"])) # noqa: E501 + if "resource_version" in local_var_params and local_var_params["resource_version"] is not None: # noqa: E501 + query_params.append(("resourceVersion", local_var_params["resource_version"])) # noqa: E501 + if ( + "resource_version_match" in local_var_params and local_var_params["resource_version_match"] is not None + ): # noqa: E501 + query_params.append(("resourceVersionMatch", local_var_params["resource_version_match"])) # noqa: E501 + if "timeout_seconds" in local_var_params and local_var_params["timeout_seconds"] is not None: # noqa: E501 + query_params.append(("timeoutSeconds", local_var_params["timeout_seconds"])) # noqa: E501 + if "watch" in local_var_params and local_var_params["watch"] is not None: # noqa: E501 + query_params.append(("watch", local_var_params["watch"])) # noqa: E501 header_params = {} @@ -144,24 +309,33 @@ def list_rollout_for_all_namespaces_with_http_info(self, **kwargs): # noqa: E50 body_params = None # HTTP header `Accept` - header_params['Accept'] = self.api_client.select_header_accept( - ['application/json', 'application/yaml', 'application/vnd.kubernetes.protobuf', 'application/json;stream=watch', 'application/vnd.kubernetes.protobuf;stream=watch']) # noqa: E501 + header_params["Accept"] = self.api_client.select_header_accept( + [ + "application/json", + "application/yaml", + "application/vnd.kubernetes.protobuf", + "application/json;stream=watch", + "application/vnd.kubernetes.protobuf;stream=watch", + ] + ) # noqa: E501 # Authentication setting - auth_settings = ['BearerToken'] # noqa: E501 + auth_settings = ["BearerToken"] # noqa: E501 return self.api_client.call_api( - '/apis/argoproj.io/v1alpha1/rollouts', 'GET', + "/apis/argoproj.io/v1alpha1/namespaces/{namespace}/rollouts", + "GET", path_params, query_params, header_params, body=body_params, post_params=form_params, files=local_var_files, - response_type='V1DeploymentList', # noqa: E501 + response_type="V1DeploymentList", # noqa: E501 auth_settings=auth_settings, - async_req=local_var_params.get('async_req'), - _return_http_data_only=local_var_params.get('_return_http_data_only'), # noqa: E501 - _preload_content=local_var_params.get('_preload_content', True), - _request_timeout=local_var_params.get('_request_timeout'), - collection_formats=collection_formats) + async_req=local_var_params.get("async_req"), + _return_http_data_only=local_var_params.get("_return_http_data_only"), # noqa: E501 + _preload_content=local_var_params.get("_preload_content", True), + _request_timeout=local_var_params.get("_request_timeout"), + collection_formats=collection_formats, + ) From d35c4fe501685919c38213175c69abe809af5c0f Mon Sep 17 00:00:00 2001 From: LeaveMyYard Date: Fri, 4 Aug 2023 11:54:44 +0300 Subject: [PATCH 2/4] Add resource parameter --- robusta_krr/core/integrations/kubernetes.py | 22 +++++++++++++++------ robusta_krr/core/models/config.py | 8 ++++++++ robusta_krr/main.py | 8 ++++++++ 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/robusta_krr/core/integrations/kubernetes.py b/robusta_krr/core/integrations/kubernetes.py index 68c9fe82..d4d8ef2d 100644 --- a/robusta_krr/core/integrations/kubernetes.py +++ b/robusta_krr/core/integrations/kubernetes.py @@ -63,6 +63,7 @@ async def list_scannable_objects(self) -> AsyncGenerator[K8sObjectData, None]: self.info(f"Listing scannable objects in {self.cluster}") self.debug(f"Namespaces: {self.config.namespaces}") + self.debug(f"Resources: {self.config.resources}") self.__hpa_list = await self._try_list_hpa() @@ -121,10 +122,19 @@ def __build_obj( hpa=self.__hpa_list.get((namespace, kind, name)), ) + def _should_list_resource(self, resource: str): + if self.config.resources == "*": + return True + return resource.lower() in self.config.resources + async def _list_workflows( self, kind: str, all_namespaces_request: Callable, namespaced_request: Callable ) -> AsyncIterator[K8sObjectData]: - self.debug(f"Listing {kind} in {self.cluster}") + if not self._should_list_resource(kind): + self.debug(f"Skipping {kind}s in {self.cluster}") + return + + self.debug(f"Listing {kind}s in {self.cluster}") loop = asyncio.get_running_loop() try: @@ -169,7 +179,7 @@ async def _list_workflows( def _list_deployments(self) -> AsyncIterator[K8sObjectData]: return self._list_workflows( - kind="deployments", + kind="deployment", all_namespaces_request=self.apps.list_deployment_for_all_namespaces, namespaced_request=self.apps.list_namespaced_deployment, ) @@ -178,7 +188,7 @@ async def _list_rollouts(self) -> AsyncIterator[K8sObjectData]: # TODO: Mutlitple errors will throw here, we should catch them all try: async for rollout in self._list_workflows( - kind="ArgoCD Rollout", + kind="rollout", all_namespaces_request=self.rollout.list_rollout_for_all_namespaces, namespaced_request=self.rollout.list_namespaced_rollout, ): @@ -191,21 +201,21 @@ async def _list_rollouts(self) -> AsyncIterator[K8sObjectData]: def _list_all_statefulsets(self) -> AsyncIterator[K8sObjectData]: return self._list_workflows( - kind="statefulsets", + kind="statefulset", all_namespaces_request=self.apps.list_stateful_set_for_all_namespaces, namespaced_request=self.apps.list_namespaced_stateful_set, ) def _list_all_daemon_set(self) -> AsyncIterator[K8sObjectData]: return self._list_workflows( - kind="daemonsets", + kind="daemonset", all_namespaces_request=self.apps.list_daemon_set_for_all_namespaces, namespaced_request=self.apps.list_namespaced_daemon_set, ) def _list_all_jobs(self) -> AsyncIterator[K8sObjectData]: return self._list_workflows( - kind="jobs", + kind="job", all_namespaces_request=self.batch.list_job_for_all_namespaces, namespaced_request=self.batch.list_namespaced_job, ) diff --git a/robusta_krr/core/models/config.py b/robusta_krr/core/models/config.py index 7354a3da..1c50e0f3 100644 --- a/robusta_krr/core/models/config.py +++ b/robusta_krr/core/models/config.py @@ -16,6 +16,7 @@ class Config(pd.BaseSettings): clusters: Union[list[str], Literal["*"], None] = None kubeconfig: Optional[str] = None namespaces: Union[list[str], Literal["*"]] = pd.Field("*") + resources: Union[list[str], Literal["*"]] = pd.Field("*") selector: Optional[str] = None # Value settings @@ -68,6 +69,13 @@ def validate_namespaces(cls, v: Union[list[str], Literal["*"]]) -> Union[list[st if v == []: return "*" + return [val.lower() for val in v] + + @pd.validator("resources") + def validate_resources(cls, v: Union[list[str], Literal["*"]]) -> Union[list[str], Literal["*"]]: + if v == []: + return "*" + return v def create_strategy(self) -> AnyStrategy: diff --git a/robusta_krr/main.py b/robusta_krr/main.py index 0b460d6c..b939b3b6 100644 --- a/robusta_krr/main.py +++ b/robusta_krr/main.py @@ -72,6 +72,13 @@ def {func_name}( help="List of namespaces to run on. By default, will run on all namespaces.", rich_help_panel="Kubernetes Settings" ), + resources: List[str] = typer.Option( + None, + "--resource", + "-r", + help="List of resources to run on (Deployment, StatefullSet, DaemonSet, Job, Rollout). By default, will run on all resources. Case insensitive.", + rich_help_panel="Kubernetes Settings" + ), selector: Optional[str] = typer.Option( None, "--selector", @@ -139,6 +146,7 @@ def {func_name}( kubeconfig=kubeconfig, clusters="*" if all_clusters else clusters, namespaces="*" if "*" in namespaces else namespaces, + resources="*" if "*" in resources else resources, selector=selector, prometheus_url=prometheus_url, prometheus_auth_header=prometheus_auth_header, From 4f7d312ae4ea470423fde890401facc62080ae2b Mon Sep 17 00:00:00 2001 From: LeaveMyYard Date: Fri, 4 Aug 2023 12:05:05 +0300 Subject: [PATCH 3/4] Fix rollouts missing behaviour --- robusta_krr/core/integrations/kubernetes.py | 48 ++++++++++----------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/robusta_krr/core/integrations/kubernetes.py b/robusta_krr/core/integrations/kubernetes.py index d4d8ef2d..26ac233f 100644 --- a/robusta_krr/core/integrations/kubernetes.py +++ b/robusta_krr/core/integrations/kubernetes.py @@ -1,7 +1,6 @@ import asyncio from concurrent.futures import ThreadPoolExecutor -from typing import AsyncGenerator, Optional, Union, Callable, AsyncIterator -from functools import wraps +from typing import AsyncGenerator, Optional, Union, Callable, AsyncIterator, Literal import aiostream from kubernetes import client, config # type: ignore @@ -9,16 +8,11 @@ from kubernetes.client.models import ( V1Container, V1DaemonSet, - V1DaemonSetList, V1Deployment, - V1DeploymentList, V1Job, - V1JobList, V1LabelSelector, V1Pod, - V1PodList, V1StatefulSet, - V1StatefulSetList, V1HorizontalPodAutoscalerList, V2HorizontalPodAutoscaler, V2HorizontalPodAutoscalerList, @@ -34,6 +28,8 @@ AnyKubernetesAPIObject = Union[V1Deployment, V1DaemonSet, V1StatefulSet, V1Pod, V1Job] HPAKey = tuple[str, str, str] +KindLiteral = Literal["deployment", "daemonset", "statefulset", "job", "rollout"] + class ClusterLoader(Configurable): def __init__(self, cluster: Optional[str], *args, **kwargs): @@ -54,6 +50,8 @@ def __init__(self, cluster: Optional[str], *args, **kwargs): self.autoscaling_v1 = client.AutoscalingV1Api(api_client=self.api_client) self.autoscaling_v2 = client.AutoscalingV2Api(api_client=self.api_client) + self.__rollouts_available = True + async def list_scannable_objects(self) -> AsyncGenerator[K8sObjectData, None]: """List all scannable objects. @@ -128,12 +126,15 @@ def _should_list_resource(self, resource: str): return resource.lower() in self.config.resources async def _list_workflows( - self, kind: str, all_namespaces_request: Callable, namespaced_request: Callable + self, kind: KindLiteral, all_namespaces_request: Callable, namespaced_request: Callable ) -> AsyncIterator[K8sObjectData]: if not self._should_list_resource(kind): self.debug(f"Skipping {kind}s in {self.cluster}") return + if kind == "rollout" and not self.__rollouts_available: + return + self.debug(f"Listing {kind}s in {self.cluster}") loop = asyncio.get_running_loop() @@ -173,9 +174,14 @@ async def _list_workflows( self.debug(f"Found {total_items} {kind} in {self.cluster}") except ApiException as e: - self.error(f"Error {e.status} listing {kind} in cluster {self.cluster}: {e.reason}") - self.debug_exception() - self.error("Will skip this object type and continue.") + if kind == "rollout" and e.status in [400, 401, 403, 404]: + if self.__rollouts_available: + self.debug(f"Rollout API not available in {self.cluster}") + self.__rollouts_available = False + else: + self.error(f"Error {e.status} listing {kind} in cluster {self.cluster}: {e.reason}") + self.debug_exception() + self.error("Will skip this object type and continue.") def _list_deployments(self) -> AsyncIterator[K8sObjectData]: return self._list_workflows( @@ -184,20 +190,12 @@ def _list_deployments(self) -> AsyncIterator[K8sObjectData]: namespaced_request=self.apps.list_namespaced_deployment, ) - async def _list_rollouts(self) -> AsyncIterator[K8sObjectData]: - # TODO: Mutlitple errors will throw here, we should catch them all - try: - async for rollout in self._list_workflows( - kind="rollout", - all_namespaces_request=self.rollout.list_rollout_for_all_namespaces, - namespaced_request=self.rollout.list_namespaced_rollout, - ): - yield rollout - except ApiException as e: - if e.status in [400, 401, 403, 404]: - self.debug(f"Rollout API not available in {self.cluster}") - else: - raise + def _list_rollouts(self) -> AsyncIterator[K8sObjectData]: + return self._list_workflows( + kind="rollout", + all_namespaces_request=self.rollout.list_rollout_for_all_namespaces, + namespaced_request=self.rollout.list_namespaced_rollout, + ) def _list_all_statefulsets(self) -> AsyncIterator[K8sObjectData]: return self._list_workflows( From ef264041adb456445082d76d3ec81b8084ab7f7d Mon Sep 17 00:00:00 2001 From: LeaveMyYard Date: Thu, 10 Aug 2023 14:47:06 +0300 Subject: [PATCH 4/4] Improve resource parameter validation --- robusta_krr/core/integrations/kubernetes.py | 6 +-- robusta_krr/core/models/config.py | 8 +-- robusta_krr/core/models/objects.py | 5 +- robusta_krr/main.py | 55 +++++++++++---------- 4 files changed, 41 insertions(+), 33 deletions(-) diff --git a/robusta_krr/core/integrations/kubernetes.py b/robusta_krr/core/integrations/kubernetes.py index 26ac233f..8ee8afab 100644 --- a/robusta_krr/core/integrations/kubernetes.py +++ b/robusta_krr/core/integrations/kubernetes.py @@ -1,6 +1,6 @@ import asyncio from concurrent.futures import ThreadPoolExecutor -from typing import AsyncGenerator, Optional, Union, Callable, AsyncIterator, Literal +from typing import AsyncGenerator, Optional, Union, Callable, AsyncIterator import aiostream from kubernetes import client, config # type: ignore @@ -18,7 +18,7 @@ V2HorizontalPodAutoscalerList, ) -from robusta_krr.core.models.objects import HPAData, K8sObjectData +from robusta_krr.core.models.objects import HPAData, K8sObjectData, KindLiteral from robusta_krr.core.models.result import ResourceAllocations from robusta_krr.utils.configurable import Configurable @@ -28,8 +28,6 @@ AnyKubernetesAPIObject = Union[V1Deployment, V1DaemonSet, V1StatefulSet, V1Pod, V1Job] HPAKey = tuple[str, str, str] -KindLiteral = Literal["deployment", "daemonset", "statefulset", "job", "rollout"] - class ClusterLoader(Configurable): def __init__(self, cluster: Optional[str], *args, **kwargs): diff --git a/robusta_krr/core/models/config.py b/robusta_krr/core/models/config.py index 1c50e0f3..9b09df5b 100644 --- a/robusta_krr/core/models/config.py +++ b/robusta_krr/core/models/config.py @@ -8,6 +8,8 @@ from robusta_krr.core.abstract import formatters from robusta_krr.core.abstract.strategies import AnyStrategy, BaseStrategy +from robusta_krr.core.models.objects import KindLiteral + class Config(pd.BaseSettings): quiet: bool = pd.Field(False) @@ -16,7 +18,7 @@ class Config(pd.BaseSettings): clusters: Union[list[str], Literal["*"], None] = None kubeconfig: Optional[str] = None namespaces: Union[list[str], Literal["*"]] = pd.Field("*") - resources: Union[list[str], Literal["*"]] = pd.Field("*") + resources: Union[list[KindLiteral], Literal["*"]] = pd.Field("*") selector: Optional[str] = None # Value settings @@ -71,12 +73,12 @@ def validate_namespaces(cls, v: Union[list[str], Literal["*"]]) -> Union[list[st return [val.lower() for val in v] - @pd.validator("resources") + @pd.validator("resources", pre=True) def validate_resources(cls, v: Union[list[str], Literal["*"]]) -> Union[list[str], Literal["*"]]: if v == []: return "*" - return v + return [val.lower() for val in v] def create_strategy(self) -> AnyStrategy: StrategyType = AnyStrategy.find(self.strategy) diff --git a/robusta_krr/core/models/objects.py b/robusta_krr/core/models/objects.py index ede4be8d..63049c41 100644 --- a/robusta_krr/core/models/objects.py +++ b/robusta_krr/core/models/objects.py @@ -1,10 +1,13 @@ -from typing import Optional +from typing import Optional, Literal import pydantic as pd from robusta_krr.core.models.allocations import ResourceAllocations +KindLiteral = Literal["deployment", "daemonset", "statefulset", "job", "rollout"] + + class PodData(pd.BaseModel): name: str deleted: bool diff --git a/robusta_krr/main.py b/robusta_krr/main.py index b939b3b6..987e61b1 100644 --- a/robusta_krr/main.py +++ b/robusta_krr/main.py @@ -5,6 +5,8 @@ from datetime import datetime from typing import List, Literal, Optional, Union from uuid import UUID +from pydantic import ValidationError # noqa: F401 +from rich import print # noqa: F401 import typer import urllib3 @@ -142,31 +144,34 @@ def {func_name}( ) -> None: '''Run KRR using the `{func_name}` strategy''' - config = Config( - kubeconfig=kubeconfig, - clusters="*" if all_clusters else clusters, - namespaces="*" if "*" in namespaces else namespaces, - resources="*" if "*" in resources else resources, - selector=selector, - prometheus_url=prometheus_url, - prometheus_auth_header=prometheus_auth_header, - prometheus_other_headers=prometheus_other_headers, - prometheus_ssl_enabled=prometheus_ssl_enabled, - prometheus_cluster_label=prometheus_cluster_label, - prometheus_label=prometheus_label, - max_workers=max_workers, - format=format, - verbose=verbose, - quiet=quiet, - log_to_stderr=log_to_stderr, - file_output=file_output, - slack_output=slack_output, - strategy="{func_name}", - other_args={strategy_args}, - ) - runner = Runner(config) - - asyncio.run(runner.run()) + try: + config = Config( + kubeconfig=kubeconfig, + clusters="*" if all_clusters else clusters, + namespaces="*" if "*" in namespaces else namespaces, + resources="*" if "*" in resources else resources, + selector=selector, + prometheus_url=prometheus_url, + prometheus_auth_header=prometheus_auth_header, + prometheus_other_headers=prometheus_other_headers, + prometheus_ssl_enabled=prometheus_ssl_enabled, + prometheus_cluster_label=prometheus_cluster_label, + prometheus_label=prometheus_label, + max_workers=max_workers, + format=format, + verbose=verbose, + quiet=quiet, + log_to_stderr=log_to_stderr, + file_output=file_output, + slack_output=slack_output, + strategy="{func_name}", + other_args={strategy_args}, + ) + except ValidationError as e: + print(str(e)) + else: + runner = Runner(config) + asyncio.run(runner.run()) """ )