spinkube / spin-plugin-kube Goto Github PK

View Code? Open in Web Editor NEW

18.0 9.0 3.0 200 KB

A Spin plugin for interacting with Kubernetes.

License: Other

Go 99.37% Makefile 0.63%

spin plugin webassembly kubernetes

spin-plugin-kube's People

Contributors

Stargazers

Watchers

Forkers

thorstenhans

spin-plugin-kube's Issues

spin kube scaffold loads kubeconfig when it is not required

when we run spin kube scaffold command, it tries to load kubeconfig by default and fails if the kubeconfig is not available or not accessible (e.g. permissions issue).

because scaffold command don't necessarily need to perform kubernetes operation, it should not try to load kubeconfig by default.

Print SpinApp CRD version on `spin k8s version`

$ spin k8s version

spin k8s version
Plugin Version: unknown
Spin Version  : v2.1.0
Kubernetes Version: v1.27.4+k3s1

# TODO (format TBD)
Spin Operator Version: groupName/version

document SPIN_EXPERIMENTAL

There are a number of CLI commands hidden to the user.

Normal output:

><> spin k8s help
Manage apps running on Kubernetes

Usage:
  k8s [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  scaffold    scaffold SpinApp manifest
  version     Display version information

Flags:
  -h, --help                help for k8s
      --kubeconfig string   the path to the kubeconfig file
  -n, --namespace string    the namespace scope
  -v, --version             version for k8s

Use "k8s [command] --help" for more information about a command.

with SPIN_EXPERIMENTAL=1:

><> SPIN_EXPERIMENTAL=1 spin k8s help
Manage apps running on Kubernetes

Usage:
  k8s [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  connect     connect to spin app locally
  delete      Delete app
  deploy      deploy spin app
  get         Display detailed information about an app
  help        Help about any command
  list        List apps
  logs        print the logs for a SpinApp
  scaffold    scaffold SpinApp manifest
  version     Display version information

Flags:
  -h, --help                help for k8s
      --kubeconfig string   the path to the kubeconfig file
  -n, --namespace string    the namespace scope
  -v, --version             version for k8s

Use "k8s [command] --help" for more information about a command.

Do we want to document this flag? Why or why not?

make the `-f` flag in `spin k8s deploy` optional

The subcommand that allows application developers to deploy their SpinApps to a Kubernetes cluster currently requires the OCI image be passed in via flag. Could we do something clever so that this is not a requirement?

$ spin k8s deploy
Deploying spin-hello-world... done
Waiting for application to become ready... ready!

Run `spin k8s connect spin-hello-world` to connect to your application.

implement experimental support for certain commands

Some commands are not expected to land in time for KubeCon, however we do want to iterate on these concepts and ideas within the plugin. We should find a way to mark these commands as experimental.

record a demo

There should be a short video demonstration in the project README that explains

how to install this plugin
who this plugin is built for
a short demonstration of the plugin's capabilities

SpinKube x Rancher Desktop integration throws inconsistent results for more complex apps

Context:

I tried out the SpinKube x Rancher Desktop integration detailed on this page. It works seamlessly for the hello-world application detailed there & on the Fermyon blog.

However, when I tried installing some of the other complex templates and containerizing them, such as

or even templates of my own

Rancher Docs template

there is inconsistent behaviour, i.e. they sometimes work and most of the time, they don't.

This is when the spin applications themselves work fine on my machine.

What is the error?

The pods enter the CrashLoopBackOff stage and are terminated with the following message: Last state: Terminated with 137: Error.

Some additional notes

Last state: Terminated with 137: Error - Since this error typically points to an error with memory. I tried increasing the memory assigned to pods and it didn't help.
I tried resetting the Kubernetes cluster and restoring Rancher Desktop to its factory settings (individually, of course). None of those approaches helped and in fact, had the opposite effect. If the templates were working before the factory reset or the cluster reset, they stopped working after. (Of course, I shouldn't have tried to fix what wasn't broken by resetting it 😆 But I did it anyway for the sake of reproducibility)

Lastly, I wasn't sure where the error was, so I filed it against this repo. I'll also open an issue against the Rancher Desktop issues GitHub repo.

Infrastructure details

macOS Sonoma 14.1, apple silicon chip
k8s versions tested on: 1.29.3, 1.28.9
Rancher Desktop version: 1.13.1
Spin version - 2.4.2

Flip spin-plugin-k8s repo to be public

introduce testing framework

This project does not contain any tests. Let's add some unit tests and some code coverage tools to the CI workflow so we can gain a sense of how much code is covered by unit tests.

submit a plugin manifest to fermyon/spin-plugins

Once this repository has been open sourced and we've cut v0.1.0, we should submit a PR to spin-plugins so this plugin can be installed via spin plugins install kube.

implement `spin plugin install k8s` with optional support for Chris' existing plugin

Installation of the spin k8s plugin would be the same as any other plugin:

$ spin plugin update
$ spin plugin install k8s

NOTE - there should be an optional field in spin k8s deploy (see #37 ) that allows existing Spin k8s users to opt into the pod-based deployment mechanism --spin-pods in case they are in their migration over from [the older spin k8s plugin](https://github.com/chrismatteson/spin-plugin-k8s. That means this plugin needs to support the functionality from the older spin k8s plugin, which should be an implementation detail in this install workflow.

cut spin-plugin-k8s v0.1.0

Initial release of Spin plugin for Kubernetes

rename to `spin kube` to match SpinKube org

https://fermyon.slack.com/archives/C02QMPAP3EY/p1709740162221479

cut spin-plugin-k8s v0.0.1

Cut a release to allow us to test the release process/bug bash

proposal: command to install spin-operator into a kubernetes cluster

@michelleN raised a question during today's show and tell: do we want to grant spin k8s the ability to install spin-operator and all its dependencies into a Kubernetes cluster that does not have those systems installed? Why or why not?

memory limit not indented properly

There's an indentation bug in spin kube scaffold with --memory-limit set. This causes some commands like helmify to fail.

><> spin kube scaffold -f bacongobbler/myapp:1.0.0 --replicas 3 --autoscaler hpa --cpu-limit 100m --memory-limit 128Mi
apiVersion: core.spinoperator.dev/v1alpha1
kind: SpinApp
metadata:
  name: myapp
spec:
  image: "bacongobbler/myapp:1.0.0"
  executor: containerd-shim-spin
  enableAutoscaling: true
  resources:
    limits:
      cpu: 100m
      memory: 128Mi
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: myapp-autoscaler
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: myapp
  minReplicas: 3
  maxReplicas: 3
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 60
  - type: Resource
    resource:
     name: memory
      target:
        type: Utilization
        averageUtilization: 60

Expected:

  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 60

Error:

><> spin kube scaffold -f bacongobbler/myapp:1.0.0 --replicas 3 --autoscaler hpa --cpu-limit 100m --memory-limit 128Mi | ./helmify
INFO[0000] Chart name is not set. Using default name 'chart
ERRO[0000] unable to decode yaml from input              error="error converting YAML to JSON: yaml: line 22: mapping values are not allowed in this context"

add runtime config support for spin k8s scaffold

the user should be able to view the status of their spin app

Some commands like spin k8s connect rely on the status of the app to be in the "Running" state:

><> spin k8s connect hello-rust
error: unable to forward port because pod is not running. Current status=Pending

We should provide a way for users to view the status of their applications through spin k8s list or spin k8s get. Currently neither command provides that information.

><> spin k8s list
NAMESPACE       NAME            EXECUTOR                REPLICAS
default         hello-rust      containerd-shim-spin    2

><> spin k8s get hello-rust
NAMESPACE       NAME            EXECUTOR                REPLICAS
default         hello-rust      containerd-shim-spin    2

`spin k8s scaffold`: image pull secret support

ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling the image.

https://github.com/spinkube/spin-operator/blob/a401e4932595f7dd9d7980067f75bf075a4b0eec/config/crd/bases/core.spinoperator.dev_spinapps.yaml#L217C15-L233

update help descriptions

Our help descriptions for each command is inconsistent. Some start with a capital letter, some don't. Some refer to an application as a "spin app", some refer to an application as a "SpinApp".

We should update the help text so every command uses consistent styling.

`spin k8s scaffold`: Two images in different repositories result in the same manifest

The result of the following two commands end in the same SpinApp name in the manifest:

><> spin k8s scaffold --from bacongobbler/hello-rust:latest
apiVersion: core.spinoperator.dev/v1
kind: SpinApp
metadata:
  name: hello-rust
spec:
  image: "bacongobbler/hello-rust:latest"
  replicas: 2
  executor: containerd-shim-spin

><> spin k8s scaffold --from rajatjindal/hello-rust:latest
apiVersion: core.spinoperator.dev/v1
kind: SpinApp
metadata:
  name: hello-rust
spec:
  image: "rajatjindal/hello-rust:latest"
  replicas: 2
  executor: containerd-shim-spin

If you ran kubectl apply with either of these manifests, you'd end with the same SpinApp resource: hello-rust.

Is this an issue we need to solve? If so, how?

change repository name to `spin-plugin-kube`

Depends on #53

Remove `canary` releases

We don't do mutable tags in SpinKube projects where avoidable due to their frequent issues and overhead when trying to understand the bits you are installing.

Is there a reason to have canary releases rather than artifacts on commits that can be fetched by those who want to use them?

If not please can we drop those before we cut our first releases?

`spin k8s scaffold`: variables support

spin k8s scaffold --variable foo=bar --variable car=star

https://github.com/spinkube/documentation/blob/main/content/en/docs/spin-operator/tutorials/assigning-variables.md

Scaffolding from a registry reference with SHA does not work

$ spin kube scaffold -f "ttl.sh/hello-spinkube@sha256:cc4b191d11728b4e9e024308f0c03aded893da2002403943adc9deb8c4ca1633" -o app.yaml
Error: invalid image reference provided: 'ttl.sh/hello-spinkube@sha256:cc4b191d11728b4e9e024308f0c03aded893da2002403943adc9deb8c4ca1633'

`spin k8s scaffold`: add `--executor` flag

spin-operator supports containerd-shim-spin and cyclotron executors. We should allow the user to choose.

`spin k8s scaffold`: autoscaling support

spin-operator allows a user to enable autoscaling. We should provide a flag for that.

spin k8s scaffold --enable-autoscaling

We should also check if the user provides both --enable-autoscaling and --replicas, returning an error, as they are incompatible with each other.

scaffolding with HPA autoscaler gets parsing error

$spin kube scaffold --from ttl.sh/hello-spin:10h  --autoscaler hpa --cpu-limit 100m --memory-limit 128Mi --autoscaler-target-cpu-utilization 50 | kubectl apply -f -
spinapp.core.spinoperator.dev/hello-arun created
error: error parsing STDIN: error converting YAML to JSON: yaml: line 22: mapping values are not allowed in this context

The following app is scaffolded:

kind: SpinApp
metadata:
  name: hello-arun
spec:
  image: "ttl.sh/hello-arun:10h"
  executor: containerd-shim-spin
  enableAutoscaling: true
  resources:
    limits:
      cpu: 100m
      memory: 128Mi
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: hello-arun-autoscaler
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: hello-spin
  minReplicas: 2
  maxReplicas: 3
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 50
  - type: Resource
    resource:
     name: memory
      target:
        type: Utilization
        averageUtilization: 60

This appears to be because target is indented from name in the memory resource. The update to the HPA resource works:

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: hello-arun-autoscaler
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: hello-arun
  minReplicas: 2
  maxReplicas: 3
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 50
  - type: Resource
    resource:
     name: memory
     target:
       type: Utilization
       averageUtilization: 60

kubectl flags should be separated from spin k8s flags

Currently, all kubectl flags and k8s flags are grouped into the same flag set. They should be separated so the user can easily differentiate between feature flags that are specific to kubernetes/kubectl vs. the k8s plugin.
Current:

><> spin k8s deploy --help
deploy spin app

Usage:
  k8s deploy [flags]

Flags:
      --as string                      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string                  UID to impersonate for the operation.
      --cache-dir string               Default cache directory (default "/home/bacongobbler/.kube/cache")
      --certificate-authority string   Path to a cert file for the certificate authority
      --client-certificate string      Path to a client certificate file for TLS
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
      --disable-compression            If true, opt-out of response compression for all requests to the server
      --dry-run                        only print the SpinApp resource file without deploying
  -f, --from string                    Reference in the registry of the Spin application
  -h, --help                           help for deploy
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
  -n, --namespace string               If present, the namespace scope for this CLI request
  -r, --replicas int32                 Number of replicas for the spin app (default 2)
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
  -s, --server string                  The address and port of the Kubernetes API server
      --tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use

Expected:

><> spin k8s deploy --help
deploy spin app

Usage:
  k8s deploy [flags]

Flags:
  -f, --from string                    Reference in the registry of the Spin application
      --dry-run                        only print the SpinApp resource file without deploying
  -r, --replicas int32                 Number of replicas for the spin app (default 2)

kubectl flags:
      --as string                      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string                  UID to impersonate for the operation.
      --cache-dir string               Default cache directory (default "/home/bacongobbler/.kube/cache")
      --certificate-authority string   Path to a cert file for the certificate authority
      --client-certificate string      Path to a client certificate file for TLS
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
      --disable-compression            If true, opt-out of response compression for all requests to the server
  -h, --help                           help for deploy
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
  -n, --namespace string               If present, the namespace scope for this CLI request
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
  -s, --server string                  The address and port of the Kubernetes API server
      --tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use

allow scaffold command to resolve sha256 from the latest tag and use that automatically

There is a request from a user to use latest tag for SpinKube artifacts and for that there is a desire to expose imagePullPolicy in the SpinApp CRD.

The mutable tags have been known for causing troubles and we want to evaluate if we can add an option to scaffold command to resolve the sha256 for latest tag using kube plugin, and use that in the SpinApp resource automatically.

This will ensure user can still continue to use latest tag, but from the cluster perspective, we will be using sha256.

This issue is to do a poc for this feature and see if it helps satisfy the user requirement.

The dev experience may look something like follows:

Notice, the version is ommitted from the --from my-image arg.

spin kube scaffold --from my-image
...
spec:
  # Image resolved from "latest" tag at 2024-03-28T08:54Z
  image: "my-image@sha256:..."

drop SPINKUBE_GITHUB_ACCESS_TOKEN

This token will expire in 60 days. It is used to pull spin-operator.

https://github.com/spinkube/spin-plugin-k8s/blob/e77bf532e5c5f23e8c8c662dfd1b1a04273e3515/.github/workflows/release.yml#L23-L27

https://github.com/spinkube/spin-plugin-k8s/blob/e77bf532e5c5f23e8c8c662dfd1b1a04273e3515/.github/workflows/test.yml#L23-L27

This should be removed when we open source this repository.