feat(provider/kubernetes): support for kubectl server-side-apply strategy

kubernetes server-side apply (SSA) was released back in 1.14 and became GA In 1.22. This new strategy will use the new merging algorithm, as well as tracking field ownership at the kubernetes api-server

Signed-off-by: Amir Alavi <amiralavi7@gmail.com>

Author: a7i

clouddriver-kubernetes/src/integration/java/com/netflix/spinnaker/clouddriver/kubernetes/it/DeployManifestIT.java

@@ -1776,4 +1776,113 @@ public void shouldUseSourceCapacityVersioned() throws IOException, InterruptedEx
                 + " -o=jsonpath='{.spec.template.spec.containers[0].env[0].value}'");
     assertEquals("test", envVarValue, "Expected update env var for " + appName + " replicaset.\n");
   }
+
+  @DisplayName(
+      ".\n===\n"
+          + "Given a deployment manifest with server-side-apply strategy set\n"
+          + "When sending deploy manifest request\n"
+          + "Then a deployment is created using server-side apply\n===")
+  @Test
+  public void shouldDeployUsingServerSideApply() throws IOException, InterruptedException {
+    // ------------------------- given --------------------------
+    String appName = "server-side-apply";
+    System.out.println("> Using namespace: " + account1Ns + ", appName: " + appName);
+    List<Map<String, Object>> manifest =
+        KubeTestUtils.loadYaml("classpath:manifests/deployment.yml")
+            .withValue("metadata.namespace", account1Ns)
+            .withValue("metadata.name", DEPLOYMENT_1_NAME)
+            .withValue(
+                "metadata.annotations",
+                ImmutableMap.of("strategy.spinnaker.io/server-side-apply", "true"))
+            .asList();
+
+    // ------------------------- when --------------------------
+    List<Map<String, Object>> body =
+        KubeTestUtils.loadJson("classpath:requests/deploy_manifest.json")
+            .withValue("deployManifest.account", ACCOUNT1_NAME)
+            .withValue("deployManifest.moniker.app", appName)
+            .withValue("deployManifest.manifests", manifest)
+            .asList();
+    KubeTestUtils.deployAndWaitStable(
+        baseUrl(), body, account1Ns, "deployment " + DEPLOYMENT_1_NAME);
+
+    // ------------------------- then --------------------------
+    /* Expecting:
+      metadata:
+        managedFields:
+        - manager: kubectl
+          operation: Apply
+          fieldsType: FieldsV1
+    */
+    String managedFields =
+        kubeCluster.execKubectl(
+            "-n "
+                + account1Ns
+                + " get deployment "
+                + DEPLOYMENT_1_NAME
+                + " -o=jsonpath='{.metadata.managedFields}'");
+    assertTrue(
+        Strings.isNotEmpty(managedFields),
+        "Expected managedFields for "
+            + DEPLOYMENT_1_NAME
+            + " deployment to exist and be managed server-side. managedFields:\n"
+            + managedFields);
+
+    String applyManager =
+        kubeCluster.execKubectl(
+            "-n "
+                + account1Ns
+                + " get deployment "
+                + DEPLOYMENT_1_NAME
+                + " -o=jsonpath='{.metadata.managedFields[?(@.operation==\"Apply\")].manager}'");
+    assertEquals(
+        "kubectl",
+        applyManager,
+        "Expected apply manager for "
+            + DEPLOYMENT_1_NAME
+            + " deployment to be managed server-side. managedFields:\n"
+            + managedFields);
+  }
+
+  @DisplayName(
+      ".\n===\n"
+          + "Given a deployment manifest without a strategy set\n"
+          + "When sending deploy manifest request\n"
+          + "Then a deployment is created using client-side apply\n===")
+  @Test
+  public void shouldDeployUsingClientApply() throws IOException, InterruptedException {
+    // ------------------------- given --------------------------
+    String appName = "client-side-apply";
+    System.out.println("> Using namespace: " + account1Ns + ", appName: " + appName);
+    List<Map<String, Object>> manifest =
+        KubeTestUtils.loadYaml("classpath:manifests/deployment.yml")
+            .withValue("metadata.namespace", account1Ns)
+            .withValue("metadata.name", DEPLOYMENT_1_NAME)
+            .asList();
+
+    // ------------------------- when --------------------------
+    List<Map<String, Object>> body =
+        KubeTestUtils.loadJson("classpath:requests/deploy_manifest.json")
+            .withValue("deployManifest.account", ACCOUNT1_NAME)
+            .withValue("deployManifest.moniker.app", appName)
+            .withValue("deployManifest.manifests", manifest)
+            .asList();
+    KubeTestUtils.deployAndWaitStable(
+        baseUrl(), body, account1Ns, "deployment " + DEPLOYMENT_1_NAME);
+
+    // ------------------------- then --------------------------
+    String lastAppliedConfiguration =
+        kubeCluster.execKubectl(
+            "-n "
+                + account1Ns
+                + " get deployment "
+                + DEPLOYMENT_1_NAME
+                + " -o=jsonpath='{.metadata.annotations.kubectl\\.kubernetes\\.io/last-applied-configuration}'");
+    assertTrue(
+        Strings.isNotEmpty(lastAppliedConfiguration),
+        "Expected last-applied-configuration for "
+            + DEPLOYMENT_1_NAME
+            + " deployment to exist and be managed client-side. fields:\n"
+            + lastAppliedConfiguration);
+  }
 }

clouddriver-kubernetes/src/main/java/com/netflix/spinnaker/clouddriver/kubernetes/description/manifest/KubernetesManifestStrategy.java

@@ -107,7 +107,8 @@ ImmutableMap<String, String> toAnnotations() {
   public enum DeployStrategy {
     APPLY(null),
     RECREATE(STRATEGY_ANNOTATION_PREFIX + "/recreate"),
-    REPLACE(STRATEGY_ANNOTATION_PREFIX + "/replace");
+    REPLACE(STRATEGY_ANNOTATION_PREFIX + "/replace"),
+    SERVER_SIDE_APPLY(STRATEGY_ANNOTATION_PREFIX + "/server-side-apply");
 
     @Nullable private final String annotation;
 
@@ -122,6 +123,9 @@ static DeployStrategy fromAnnotations(Map<String, String> annotations) {
       if (Boolean.parseBoolean(annotations.get(REPLACE.annotation))) {
         return REPLACE;
       }
+      if (Boolean.parseBoolean(annotations.get(SERVER_SIDE_APPLY.annotation))) {
+        return SERVER_SIDE_APPLY;
+      }
       return APPLY;
     }
 

clouddriver-kubernetes/src/main/java/com/netflix/spinnaker/clouddriver/kubernetes/op/handler/CanDeploy.java

@@ -59,6 +59,9 @@ default OperationResult deploy(
       case REPLACE:
         deployedManifest = credentials.createOrReplace(manifest, task, opName);
         break;
+      case SERVER_SIDE_APPLY:
+        deployedManifest = credentials.deploy(manifest, task, opName, "--server-side");
+        break;
       case APPLY:
         deployedManifest = credentials.deploy(manifest, task, opName);
         break;

clouddriver-kubernetes/src/main/java/com/netflix/spinnaker/clouddriver/kubernetes/op/job/KubectlJobExecutor.java

@@ -587,12 +587,17 @@ public ImmutableList<KubernetesManifest> list(
   }
 
   public KubernetesManifest deploy(
-      KubernetesCredentials credentials, KubernetesManifest manifest, Task task, String opName) {
+      KubernetesCredentials credentials,
+      KubernetesManifest manifest,
+      Task task,
+      String opName,
+      String... cmdArgs) {
     log.info("Deploying manifest {}", manifest.getFullResourceName());
     List<String> command = kubectlAuthPrefix(credentials);
 
     // Read from stdin
     command.add("apply");
+    command.addAll(List.of(cmdArgs));
     command.add("-o");
     command.add("json");
     command.add("-f");

clouddriver-kubernetes/src/main/java/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentials.java

@@ -561,12 +561,13 @@ public Collection<KubernetesPodMetric> topPod(KubernetesCoordinates coords) {
         () -> jobExecutor.topPod(this, coords.getNamespace(), coords.getName()));
   }
 
-  public KubernetesManifest deploy(KubernetesManifest manifest, Task task, String opName) {
+  public KubernetesManifest deploy(
+      KubernetesManifest manifest, Task task, String opName, String... cmdArgs) {
     return runAndRecordMetrics(
         "deploy",
         manifest.getKind(),
         manifest.getNamespace(),
-        () -> jobExecutor.deploy(this, manifest, task, opName));
+        () -> jobExecutor.deploy(this, manifest, task, opName, cmdArgs));
   }
 
   private KubernetesManifest replace(KubernetesManifest manifest, Task task, String opName) {

clouddriver-kubernetes/src/test/java/com/netflix/spinnaker/clouddriver/kubernetes/description/manifest/KubernetesManifestStrategyTest.java

@@ -64,6 +64,14 @@ void replaceStrategy() {
     assertThat(strategy).isEqualTo(DeployStrategy.REPLACE);
   }
 
+  @Test
+  void serverSideApplyStrategy() {
+    KubernetesManifestStrategy.DeployStrategy strategy =
+        KubernetesManifestStrategy.DeployStrategy.fromAnnotations(
+            ImmutableMap.of("strategy.spinnaker.io/server-side-apply", "true"));
+    assertThat(strategy).isEqualTo(DeployStrategy.SERVER_SIDE_APPLY);
+  }
+
   @Test
   void nonBooleanValue() {
     KubernetesManifestStrategy.DeployStrategy strategy =

clouddriver-kubernetes/src/test/java/com/netflix/spinnaker/clouddriver/kubernetes/op/handler/CanDeployTest.java

@@ -61,6 +61,16 @@ void applyReturnValue() {
     assertThat(result.getManifests()).containsExactlyInAnyOrder(manifest);
   }
 
+  @Test
+  void applyServerSideMutations() {
+    KubernetesCredentials credentials = mock(KubernetesCredentials.class);
+    KubernetesManifest manifest = ManifestFetcher.getManifest("candeploy/deployment.yml");
+    when(credentials.deploy(manifest, task, OP_NAME, "--server-side")).thenReturn(manifest);
+    handler.deploy(credentials, manifest, DeployStrategy.SERVER_SIDE_APPLY, task, OP_NAME);
+    verify(credentials).deploy(manifest, task, OP_NAME, "--server-side");
+    verifyNoMoreInteractions(credentials);
+  }
+
   @Test
   void replaceMutations() {
     KubernetesCredentials credentials = mock(KubernetesCredentials.class);