Implement Managed Namespaces Api (#784)

pluralsh · Mar 20, 2024 · 7c5d55e · 7c5d55e
1 parent 0cecd32
commit 7c5d55e
Show file tree

Hide file tree

Showing 30 changed files with 1,435 additions and 184 deletions.
diff --git a/assets/src/generated/graphql.ts b/assets/src/generated/graphql.ts
@@ -931,6 +931,23 @@ export type ClusterStatusInfo = {
   healthy?: Maybe<Scalars['Boolean']['output']>;
 };
 
+/** A spec for targeting clusters */
+export type ClusterTarget = {
+  __typename?: 'ClusterTarget';
+  /** kubernetes distribution to target */
+  distro?: Maybe<ClusterDistro>;
+  /** the cluster tags to target */
+  tags?: Maybe<Scalars['Json']['output']>;
+};
+
+/** A spec for targeting clusters */
+export type ClusterTargetAttributes = {
+  /** kubernetes distribution to target */
+  distro?: InputMaybe<ClusterDistro>;
+  /** the cluster tags to target */
+  tags?: InputMaybe<Scalars['Json']['input']>;
+};
+
 export type ClusterUpdateAttributes = {
   distro?: InputMaybe<ClusterDistro>;
   /** a short, unique human readable name used to identify this cluster and does not necessarily map to the cloud resource name */
@@ -2121,6 +2138,58 @@ export type LokiQuery = {
   labels?: InputMaybe<Array<InputMaybe<LokiLabelFilter>>>;
 };
 
+/** A representation of a managed namespace, which is k8s namespace configuration + a service spec to define a namespace runtime */
+export type ManagedNamespace = {
+  __typename?: 'ManagedNamespace';
+  /** annotations for this namespace */
+  annotations?: Maybe<Scalars['Map']['output']>;
+  /** the timestamp this namespace was deleted at, indicating it's currently draining */
+  deletedAt?: Maybe<Scalars['DateTime']['output']>;
+  /** A short description of the purpose of this namespace */
+  description?: Maybe<Scalars['String']['output']>;
+  id: Scalars['ID']['output'];
+  insertedAt?: Maybe<Scalars['DateTime']['output']>;
+  /** labels for this namespace */
+  labels?: Maybe<Scalars['Map']['output']>;
+  /** the name of this namespace once its placed on a cluster */
+  name: Scalars['String']['output'];
+  /** a list of pull secrets to attach to this namespace */
+  pullSecrets?: Maybe<Array<Maybe<Scalars['String']['output']>>>;
+  /** A template for creating the core service for this namespace */
+  service?: Maybe<ServiceTemplate>;
+  /** The targeting criteria to select clusters this namespace is bound to */
+  target?: Maybe<ClusterTarget>;
+  updatedAt?: Maybe<Scalars['DateTime']['output']>;
+};
+
+/** Attributes for configuring a managed namespace */
+export type ManagedNamespaceAttributes = {
+  /** annotations for this namespace */
+  annotations?: InputMaybe<Scalars['Json']['input']>;
+  /** A short description of the purpose of this namespace */
+  description?: InputMaybe<Scalars['String']['input']>;
+  /** labels for this namespace */
+  labels?: InputMaybe<Scalars['Json']['input']>;
+  /** the name of this namespace once its placed on a cluster */
+  name: Scalars['String']['input'];
+  /** a list of pull secrets to attach to this namespace */
+  pullSecrets?: InputMaybe<Array<InputMaybe<Scalars['String']['input']>>>;
+  service?: InputMaybe<ServiceTemplateAttributes>;
+  target?: InputMaybe<ClusterTargetAttributes>;
+};
+
+export type ManagedNamespaceConnection = {
+  __typename?: 'ManagedNamespaceConnection';
+  edges?: Maybe<Array<Maybe<ManagedNamespaceEdge>>>;
+  pageInfo: PageInfo;
+};
+
+export type ManagedNamespaceEdge = {
+  __typename?: 'ManagedNamespaceEdge';
+  cursor?: Maybe<Scalars['String']['output']>;
+  node?: Maybe<ManagedNamespace>;
+};
+
 export type ManifestNetwork = {
   __typename?: 'ManifestNetwork';
   pluralDns?: Maybe<Scalars['Boolean']['output']>;
@@ -3567,6 +3636,7 @@ export type RootMutationType = {
   createGroup?: Maybe<Group>;
   createGroupMember?: Maybe<GroupMember>;
   createInvite?: Maybe<Invite>;
+  createManagedNamespace?: Maybe<ManagedNamespace>;
   createObjectStore?: Maybe<ObjectStore>;
   createPeer?: Maybe<WireguardPeer>;
   createPersona?: Maybe<Persona>;
@@ -3594,6 +3664,7 @@ export type RootMutationType = {
   deleteGroup?: Maybe<Group>;
   deleteGroupMember?: Maybe<GroupMember>;
   deleteJob?: Maybe<Job>;
+  deleteManagedNamespace?: Maybe<ManagedNamespace>;
   deleteNode?: Maybe<Node>;
   deleteNotificationRouter?: Maybe<NotificationRouter>;
   deleteNotificationSink?: Maybe<NotificationSink>;
@@ -3660,6 +3731,7 @@ export type RootMutationType = {
   updateGitRepository?: Maybe<GitRepository>;
   updateGlobalService?: Maybe<GlobalService>;
   updateGroup?: Maybe<Group>;
+  updateManagedNamespace?: Maybe<ManagedNamespace>;
   updateObjectStore?: Maybe<ObjectStore>;
   updatePersona?: Maybe<Persona>;
   updatePrAutomation?: Maybe<PrAutomation>;
@@ -3773,6 +3845,11 @@ export type RootMutationTypeCreateInviteArgs = {
 };
 
 
+export type RootMutationTypeCreateManagedNamespaceArgs = {
+  attributes: ManagedNamespaceAttributes;
+};
+
+
 export type RootMutationTypeCreateObjectStoreArgs = {
   attributes: ObjectStoreAttributes;
 };
@@ -3912,6 +3989,11 @@ export type RootMutationTypeDeleteJobArgs = {
 };
 
 
+export type RootMutationTypeDeleteManagedNamespaceArgs = {
+  id: Scalars['ID']['input'];
+};
+
+
 export type RootMutationTypeDeleteNodeArgs = {
   name: Scalars['String']['input'];
 };
@@ -4222,6 +4304,12 @@ export type RootMutationTypeUpdateGroupArgs = {
 };
 
 
+export type RootMutationTypeUpdateManagedNamespaceArgs = {
+  attributes: ManagedNamespaceAttributes;
+  id: Scalars['ID']['input'];
+};
+
+
 export type RootMutationTypeUpdateObjectStoreArgs = {
   attributes: ObjectStoreAttributes;
   id: Scalars['ID']['input'];
@@ -4331,6 +4419,7 @@ export type RootQueryType = {
   clusterGate?: Maybe<PipelineGate>;
   clusterGates?: Maybe<Array<Maybe<PipelineGate>>>;
   clusterInfo?: Maybe<ClusterInfo>;
+  clusterManagedNamespaces?: Maybe<ManagedNamespaceConnection>;
   /** fetches an individual cluster provider */
   clusterProvider?: Maybe<ClusterProvider>;
   /** a relay connection of all providers visible to the current user */
@@ -4374,6 +4463,8 @@ export type RootQueryType = {
   logFilters?: Maybe<Array<Maybe<LogFilter>>>;
   loginInfo?: Maybe<LoginInfo>;
   logs?: Maybe<Array<Maybe<LogStream>>>;
+  managedNamespace?: Maybe<ManagedNamespace>;
+  managedNamespaces?: Maybe<ManagedNamespaceConnection>;
   me?: Maybe<User>;
   metric?: Maybe<Array<Maybe<MetricResponse>>>;
   /** tells you what cluster a deploy token points to */
@@ -4550,6 +4641,14 @@ export type RootQueryTypeClusterGateArgs = {
 };
 
 
+export type RootQueryTypeClusterManagedNamespacesArgs = {
+  after?: InputMaybe<Scalars['String']['input']>;
+  before?: InputMaybe<Scalars['String']['input']>;
+  first?: InputMaybe<Scalars['Int']['input']>;
+  last?: InputMaybe<Scalars['Int']['input']>;
+};
+
+
 export type RootQueryTypeClusterProviderArgs = {
   cloud?: InputMaybe<Scalars['String']['input']>;
   id?: InputMaybe<Scalars['ID']['input']>;
@@ -4765,6 +4864,19 @@ export type RootQueryTypeLogsArgs = {
 };
 
 
+export type RootQueryTypeManagedNamespaceArgs = {
+  id: Scalars['ID']['input'];
+};
+
+
+export type RootQueryTypeManagedNamespacesArgs = {
+  after?: InputMaybe<Scalars['String']['input']>;
+  before?: InputMaybe<Scalars['String']['input']>;
+  first?: InputMaybe<Scalars['Int']['input']>;
+  last?: InputMaybe<Scalars['Int']['input']>;
+};
+
+
 export type RootQueryTypeMetricArgs = {
   clusterId?: InputMaybe<Scalars['ID']['input']>;
   offset?: InputMaybe<Scalars['Int']['input']>;
@@ -5770,6 +5882,37 @@ export type ServiceStatusCount = {
   status: ServiceDeploymentStatus;
 };
 
+/** Attributes for configuring a service in something like a managed namespace */
+export type ServiceTemplate = {
+  __typename?: 'ServiceTemplate';
+  /** a list of context ids to add to this service */
+  contexts?: Maybe<Array<Maybe<Scalars['ID']['output']>>>;
+  /** settings to configure git for a service */
+  git?: Maybe<GitRef>;
+  /** settings to configure helm for a service */
+  helm?: Maybe<HelmSpec>;
+  /** settings for service kustomization */
+  kustomize?: Maybe<Kustomize>;
+  /** the id of a repository to source manifests for this service */
+  repositoryId?: Maybe<Scalars['ID']['output']>;
+  templated?: Maybe<Scalars['Boolean']['output']>;
+};
+
+/** Attributes for configuring a service in something like a managed namespace */
+export type ServiceTemplateAttributes = {
+  /** a list of context ids to add to this service */
+  contexts?: InputMaybe<Array<InputMaybe<Scalars['ID']['input']>>>;
+  /** settings to configure git for a service */
+  git?: InputMaybe<GitRefAttributes>;
+  /** settings to configure helm for a service */
+  helm?: InputMaybe<HelmConfigAttributes>;
+  /** settings for service kustomization */
+  kustomize?: InputMaybe<KustomizeAttributes>;
+  /** the id of a repository to source manifests for this service */
+  repositoryId?: InputMaybe<Scalars['ID']['input']>;
+  templated?: InputMaybe<Scalars['Boolean']['input']>;
+};
+
 export type ServiceUpdateAttributes = {
   configuration?: InputMaybe<Array<InputMaybe<ConfigAttributes>>>;
   contextBindings?: InputMaybe<Array<InputMaybe<ContextBindingAttributes>>>;
@@ -5913,10 +6056,13 @@ export type StatusCondition = {
 /** Advanced configuration of how to sync resources */
 export type SyncConfig = {
   __typename?: 'SyncConfig';
+  /** whether the agent should auto-create the namespace for this service */
+  createNamespace?: Maybe<Scalars['Boolean']['output']>;
   namespaceMetadata?: Maybe<NamespaceMetadata>;
 };
 
 export type SyncConfigAttributes = {
+  createNamespace?: InputMaybe<Scalars['Boolean']['input']>;
   namespaceMetadata?: InputMaybe<MetadataAttributes>;
 };
 

diff --git a/config/config.exs b/config/config.exs
@@ -50,6 +50,7 @@ config :console,
   ssh_askpass: "bin/.ssh-askpass",
   provider: :aws,
   audit_expiry: 30,
+  admin_emails: [],
   cache_adapter: Console.Cache,
   local_cache: Console.LocalCache,
   version: Mix.Project.config[:version],

diff --git a/config/prod.exs b/config/prod.exs
@@ -37,6 +37,8 @@ config :console, Console.Cron,
     {"*/10 * * * *", {Console.Deployments.Init, :ensure_secret, []}},
     {"0 0 1-31/2 * *", {Console.Deployments.Cron, :backfill_deprecations, []}},
     {"20 * * * *", {Console.Deployments.Cron, :backfill_global_services, []}},
+    {"25 * * * *", {Console.Deployments.Cron, :backfill_managed_namespaces, []}},
+    {"35 * * * *", {Console.Deployments.Cron, :drain_managed_namespaces, []}},
     {"45 * * * *", {Console.Deployments.Cron, :migrate_kas, []}},
     {"30 * * * *", {Console.Deployments.Cron, :migrate_agents, []}},
     {"@daily", {Console.Deployments.Cron, :rotate_deploy_tokens, []}},

diff --git a/config/test.exs b/config/test.exs
@@ -37,6 +37,7 @@ config :console,
   piazza_secret: "webhook_secret",
   git_askpass: binfile.(".git-askpass"),
   ssh_askpass: binfile.(".ssh-askpass"),
+  admin_emails: ["[email protected]"],
   git_ssh_key: :pass,
   cache_adapter: Console.TestCache,
   local_cache: Console.TestCache,

diff --git a/lib/console/deployments/cron.ex b/lib/console/deployments/cron.ex
@@ -2,7 +2,16 @@ defmodule Console.Deployments.Cron do
   use Console.Services.Base
   alias Console.Deployments.{Services, Clusters, Global}
   alias Console.Services.Users
-  alias Console.Schema.{Cluster, Service, ServiceComponent, GlobalService, PipelineStage, PipelinePromotion, AgentMigration}
+  alias Console.Schema.{
+    Cluster,
+    Service,
+    ServiceComponent,
+    GlobalService,
+    PipelineStage,
+    PipelinePromotion,
+    AgentMigration,
+    ManagedNamespace
+  }
   alias Console.Deployments.Pipelines.Discovery
 
   require Logger
@@ -115,6 +124,31 @@ defmodule Console.Deployments.Cron do
     |> Stream.run()
   end
 
+  def backfill_managed_namespaces() do
+    Logger.info "backfilling managed namespaces across clusters"
+
+    ManagedNamespace.stream()
+    |> Repo.stream(method: :keyset)
+    |> Stream.each(fn mns ->
+      Logger.info "syncing managed namespace #{mns.id}"
+      Global.reconcile_namespace(mns)
+    end)
+    |> Stream.run()
+  end
+
+  def drain_managed_namespaces() do
+    Logger.info "draining managed namespaces across clusters"
+
+    ManagedNamespace.deleted()
+    |> ManagedNamespace.stream()
+    |> Repo.stream(method: :keyset)
+    |> Stream.each(fn mns ->
+      Logger.info "draining managed namespace #{mns.id}"
+      Global.drain_managed_namespace(mns)
+    end)
+    |> Stream.run()
+  end
+
   def rotate_deploy_tokens() do
     Clusters.purge_deploy_tokens()
     Logger.info "rotating cluster deploy tokens"

diff --git a/lib/console/deployments/events.ex b/lib/console/deployments/events.ex
@@ -45,3 +45,7 @@ defmodule Console.PubSub.ObjectStoreDeleted, do: use Piazza.PubSub.Event
 
 defmodule Console.PubSub.PullRequestCreated, do: use Piazza.PubSub.Event
 defmodule Console.PubSub.PullRequestUpdated, do: use Piazza.PubSub.Event
+
+defmodule Console.PubSub.ManagedNamespaceCreated, do: use Piazza.PubSub.Event
+defmodule Console.PubSub.ManagedNamespaceUpdated, do: use Piazza.PubSub.Event
+defmodule Console.PubSub.ManagedNamespaceDeleted, do: use Piazza.PubSub.Event