spinkube / spin-plugin-kube Goto Github PK
View Code? Open in Web Editor NEWA Spin plugin for interacting with Kubernetes.
License: Other
A Spin plugin for interacting with Kubernetes.
License: Other
when we run spin kube scaffold
command, it tries to load kubeconfig by default and fails if the kubeconfig is not available or not accessible (e.g. permissions issue).
because scaffold command don't necessarily need to perform kubernetes operation, it should not try to load kubeconfig by default.
$ spin k8s version
spin k8s version
Plugin Version: unknown
Spin Version : v2.1.0
Kubernetes Version: v1.27.4+k3s1
# TODO (format TBD)
Spin Operator Version: groupName/version
There are a number of CLI commands hidden to the user.
Normal output:
><> spin k8s help
Manage apps running on Kubernetes
Usage:
k8s [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
help Help about any command
scaffold scaffold SpinApp manifest
version Display version information
Flags:
-h, --help help for k8s
--kubeconfig string the path to the kubeconfig file
-n, --namespace string the namespace scope
-v, --version version for k8s
Use "k8s [command] --help" for more information about a command.
with SPIN_EXPERIMENTAL=1
:
><> SPIN_EXPERIMENTAL=1 spin k8s help
Manage apps running on Kubernetes
Usage:
k8s [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
connect connect to spin app locally
delete Delete app
deploy deploy spin app
get Display detailed information about an app
help Help about any command
list List apps
logs print the logs for a SpinApp
scaffold scaffold SpinApp manifest
version Display version information
Flags:
-h, --help help for k8s
--kubeconfig string the path to the kubeconfig file
-n, --namespace string the namespace scope
-v, --version version for k8s
Use "k8s [command] --help" for more information about a command.
Do we want to document this flag? Why or why not?
The subcommand that allows application developers to deploy their SpinApps to a Kubernetes cluster currently requires the OCI image be passed in via flag. Could we do something clever so that this is not a requirement?
$ spin k8s deploy
Deploying spin-hello-world... done
Waiting for application to become ready... ready!
Run `spin k8s connect spin-hello-world` to connect to your application.
Some commands are not expected to land in time for KubeCon, however we do want to iterate on these concepts and ideas within the plugin. We should find a way to mark these commands as experimental.
There should be a short video demonstration in the project README that explains
Context:
I tried out the SpinKube x Rancher Desktop integration detailed on this page. It works seamlessly for the hello-world application detailed there & on the Fermyon blog.
However, when I tried installing some of the other complex templates and containerizing them, such as
or even templates of my own
there is inconsistent behaviour, i.e. they sometimes work and most of the time, they don't.
This is when the spin applications themselves work fine on my machine.
What is the error?
The pods enter the CrashLoopBackOff stage and are terminated with the following message: Last state: Terminated with 137: Error.
Some additional notes
Last state: Terminated with 137: Error - Since this error typically points to an error with memory. I tried increasing the memory assigned to pods and it didn't help.
I tried resetting the Kubernetes cluster and restoring Rancher Desktop to its factory settings (individually, of course). None of those approaches helped and in fact, had the opposite effect. If the templates were working before the factory reset or the cluster reset, they stopped working after. (Of course, I shouldn't have tried to fix what wasn't broken by resetting it ๐ But I did it anyway for the sake of reproducibility)
Lastly, I wasn't sure where the error was, so I filed it against this repo. I'll also open an issue against the Rancher Desktop issues GitHub repo.
Infrastructure details
This project does not contain any tests. Let's add some unit tests and some code coverage tools to the CI workflow so we can gain a sense of how much code is covered by unit tests.
Once this repository has been open sourced and we've cut v0.1.0, we should submit a PR to spin-plugins so this plugin can be installed via spin plugins install kube
.
Installation of the spin k8s plugin would be the same as any other plugin:
$ spin plugin update
$ spin plugin install k8s
NOTE - there should be an optional field in spin k8s deploy
(see #37 ) that allows existing Spin k8s users to opt into the pod-based deployment mechanism --spin-pods
in case they are in their migration over from [the older spin k8s plugin](https://github.com/chrismatteson/spin-plugin-k8s. That means this plugin needs to support the functionality from the older spin k8s plugin, which should be an implementation detail in this install workflow.
Initial release of Spin plugin for Kubernetes
Cut a release to allow us to test the release process/bug bash
@michelleN raised a question during today's show and tell: do we want to grant spin k8s
the ability to install spin-operator and all its dependencies into a Kubernetes cluster that does not have those systems installed? Why or why not?
There's an indentation bug in spin kube scaffold
with --memory-limit
set. This causes some commands like helmify
to fail.
><> spin kube scaffold -f bacongobbler/myapp:1.0.0 --replicas 3 --autoscaler hpa --cpu-limit 100m --memory-limit 128Mi
apiVersion: core.spinoperator.dev/v1alpha1
kind: SpinApp
metadata:
name: myapp
spec:
image: "bacongobbler/myapp:1.0.0"
executor: containerd-shim-spin
enableAutoscaling: true
resources:
limits:
cpu: 100m
memory: 128Mi
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: myapp-autoscaler
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 3
maxReplicas: 3
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
Expected:
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
Error:
><> spin kube scaffold -f bacongobbler/myapp:1.0.0 --replicas 3 --autoscaler hpa --cpu-limit 100m --memory-limit 128Mi | ./helmify
INFO[0000] Chart name is not set. Using default name 'chart
ERRO[0000] unable to decode yaml from input error="error converting YAML to JSON: yaml: line 22: mapping values are not allowed in this context"
Some commands like spin k8s connect
rely on the status of the app to be in the "Running" state:
><> spin k8s connect hello-rust
error: unable to forward port because pod is not running. Current status=Pending
We should provide a way for users to view the status of their applications through spin k8s list
or spin k8s get
. Currently neither command provides that information.
><> spin k8s list
NAMESPACE NAME EXECUTOR REPLICAS
default hello-rust containerd-shim-spin 2
><> spin k8s get hello-rust
NAMESPACE NAME EXECUTOR REPLICAS
default hello-rust containerd-shim-spin 2
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling the image.
Our help descriptions for each command is inconsistent. Some start with a capital letter, some don't. Some refer to an application as a "spin app", some refer to an application as a "SpinApp".
We should update the help text so every command uses consistent styling.
The result of the following two commands end in the same SpinApp name in the manifest:
><> spin k8s scaffold --from bacongobbler/hello-rust:latest
apiVersion: core.spinoperator.dev/v1
kind: SpinApp
metadata:
name: hello-rust
spec:
image: "bacongobbler/hello-rust:latest"
replicas: 2
executor: containerd-shim-spin
><> spin k8s scaffold --from rajatjindal/hello-rust:latest
apiVersion: core.spinoperator.dev/v1
kind: SpinApp
metadata:
name: hello-rust
spec:
image: "rajatjindal/hello-rust:latest"
replicas: 2
executor: containerd-shim-spin
If you ran kubectl apply
with either of these manifests, you'd end with the same SpinApp resource: hello-rust
.
Is this an issue we need to solve? If so, how?
Depends on #53
We don't do mutable tags in SpinKube projects where avoidable due to their frequent issues and overhead when trying to understand the bits you are installing.
Is there a reason to have canary
releases rather than artifacts on commits that can be fetched by those who want to use them?
If not please can we drop those before we cut our first releases?
spin k8s scaffold --variable foo=bar --variable car=star
$ spin kube scaffold -f "ttl.sh/hello-spinkube@sha256:cc4b191d11728b4e9e024308f0c03aded893da2002403943adc9deb8c4ca1633" -o app.yaml
Error: invalid image reference provided: 'ttl.sh/hello-spinkube@sha256:cc4b191d11728b4e9e024308f0c03aded893da2002403943adc9deb8c4ca1633'
spin-operator supports containerd-shim-spin
and cyclotron
executors. We should allow the user to choose.
spin-operator allows a user to enable autoscaling. We should provide a flag for that.
spin k8s scaffold --enable-autoscaling
We should also check if the user provides both --enable-autoscaling
and --replicas
, returning an error, as they are incompatible with each other.
$spin kube scaffold --from ttl.sh/hello-spin:10h --autoscaler hpa --cpu-limit 100m --memory-limit 128Mi --autoscaler-target-cpu-utilization 50 | kubectl apply -f -
spinapp.core.spinoperator.dev/hello-arun created
error: error parsing STDIN: error converting YAML to JSON: yaml: line 22: mapping values are not allowed in this context
The following app is scaffolded:
kind: SpinApp
metadata:
name: hello-arun
spec:
image: "ttl.sh/hello-arun:10h"
executor: containerd-shim-spin
enableAutoscaling: true
resources:
limits:
cpu: 100m
memory: 128Mi
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: hello-arun-autoscaler
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: hello-spin
minReplicas: 2
maxReplicas: 3
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
This appears to be because target
is indented from name
in the memory resource. The update to the HPA resource works:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: hello-arun-autoscaler
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: hello-arun
minReplicas: 2
maxReplicas: 3
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
Currently, all kubectl flags and k8s flags are grouped into the same flag set. They should be separated so the user can easily differentiate between feature flags that are specific to kubernetes/kubectl vs. the k8s plugin.
Current:
><> spin k8s deploy --help
deploy spin app
Usage:
k8s deploy [flags]
Flags:
--as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string UID to impersonate for the operation.
--cache-dir string Default cache directory (default "/home/bacongobbler/.kube/cache")
--certificate-authority string Path to a cert file for the certificate authority
--client-certificate string Path to a client certificate file for TLS
--client-key string Path to a client key file for TLS
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
--disable-compression If true, opt-out of response compression for all requests to the server
--dry-run only print the SpinApp resource file without deploying
-f, --from string Reference in the registry of the Spin application
-h, --help help for deploy
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
-n, --namespace string If present, the namespace scope for this CLI request
-r, --replicas int32 Number of replicas for the spin app (default 2)
--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-s, --server string The address and port of the Kubernetes API server
--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string Bearer token for authentication to the API server
--user string The name of the kubeconfig user to use
Expected:
><> spin k8s deploy --help
deploy spin app
Usage:
k8s deploy [flags]
Flags:
-f, --from string Reference in the registry of the Spin application
--dry-run only print the SpinApp resource file without deploying
-r, --replicas int32 Number of replicas for the spin app (default 2)
kubectl flags:
--as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string UID to impersonate for the operation.
--cache-dir string Default cache directory (default "/home/bacongobbler/.kube/cache")
--certificate-authority string Path to a cert file for the certificate authority
--client-certificate string Path to a client certificate file for TLS
--client-key string Path to a client key file for TLS
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
--disable-compression If true, opt-out of response compression for all requests to the server
-h, --help help for deploy
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
-n, --namespace string If present, the namespace scope for this CLI request
--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-s, --server string The address and port of the Kubernetes API server
--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string Bearer token for authentication to the API server
--user string The name of the kubeconfig user to use
There is a request from a user to use latest tag for SpinKube artifacts and for that there is a desire to expose imagePullPolicy in the SpinApp CRD.
The mutable tags have been known for causing troubles and we want to evaluate if we can add an option to scaffold
command to resolve the sha256 for latest tag using kube plugin, and use that in the SpinApp resource automatically.
This will ensure user can still continue to use latest tag, but from the cluster perspective, we will be using sha256.
This issue is to do a poc for this feature and see if it helps satisfy the user requirement.
The dev experience may look something like follows:
Notice, the version is ommitted from the --from my-image
arg.
spin kube scaffold --from my-image
...
spec:
# Image resolved from "latest" tag at 2024-03-28T08:54Z
image: "my-image@sha256:..."
This token will expire in 60 days. It is used to pull spin-operator.
This should be removed when we open source this repository.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.