An excerpt from Kazan.Apis.Apps.V1beta1.ControllerRevision:

DEPRECATED - This group version of ControllerRevision is deprecated by apps/v1beta2/ControllerRevision. See the release notes for more information. ControllerRevision

In this sample, it'd be ideal if ControllerRevision was quoted, and if apps/v1beta2/ControllerRevision was converted into Kazan.Apis.Apps.V1beta2.ControllerRevision so that ExDoc would automatically link to the replacement module.

Not sure how hard this would be, but it seems like it'd be worth it.

It might also be possible for some names of modules that aren't fully scoped to somehow become links. Though this might need some work done in ExDoc. As repeating the full module path every time in a sentence is going to become tiresome.

Most of the models in Kazan correspond with a particular API & API version. For example Kazan.Apis.RbacAuthorizationV1.list_role_for_all_namespaces returns Kazan.Models.Rbac.V1.RoleList.

I'm thinking it would make more sense if models were grouped with the APIs that they correspond with. For the above example this would mean Kazan.Apis.RbacAuthorization.V1.list_role_for_all_namespaces would return a Kazan.Apis.RbacAuthorization.V1.RoleList.

This would make grouping documents as suggested in #20 a bit easier - the groups could correspond with the individual APIs.

I suggest the following changes to the integration test:

1. Create a namespace and run tests that create objects against that namespace - this allows for the namespace to be deleted in a module levelon_exit callback, thus ensuring everything is cleaned up.
2. Use the alpine image for the pod that is created rather than obmarg/health-proxy as alpine is small and will be pulled quickly.
3. Do not assume there are no ClusterRoles in the test RBAC Authorization V1 Beta 1 API as this depends on having a fresh K8S installation.

The StatusError that is returned when a call from kubernetes doesn't succeed would be useful.

Currently its just being decoded https://github.com/obmarg/kazan/blob/master/lib/kazan/client/imp.ex#L160

So I'm working with kazan's master branch which has the new module organization changes. Based on the comment in the commit, I assume that the ObjectMeta would still be under the same location as it is now.

However, when I alias Kazan.Models.ApiMachinery.Apis.Meta.V1.ObjectMeta, I get this error message:

== Compilation error in file lib/ephemeral/kube.ex ==
** (CompileError) lib/ephemeral/kube.ex:28: Kazan.Models.ApiMachinery.Apis.Meta.V1.ObjectMeta.__struct__/1 is undefined, cannot expand struct Kazan.Models.ApiMachinery.Apis.Meta.V1.ObjectMeta
    (stdlib) lists.erl:1354: :lists.mapfoldl/3
    (stdlib) lists.erl:1355: :lists.mapfoldl/3
    (elixir) expanding macro: Kernel.@/1
    lib/ephemeral/kube.ex:28: Ephemeral.Kube (module)

I'm not sure where it is now in master branch so it would be nice if there was a little more description for models that are staying in the same module structure or if they changed in some other way unlike the other API models.

Thank you,

Kube expects PATCH requests to use application/merge-patch+json or application/json-patch+json syntax. Currently we're just sending the whole body as we do with POST requests.

Will need to figure out how to fix this...

I am looking for some ideas on handling errors in a user-friendly manner. My main requirement is to distinguish transient errors (which may be recoverable) and hard errors (which require user action). Here is an example. I was watching a k8s cluster and the secrets were changed. My code got a bad_match error (shown below) at https://github.com/obmarg/kazan/blob/master/lib/kazan/watcher.ex#L135.

{:error,
{{:badmatch,
{:error,
{:http_error, 401,
%{
"apiVersion" => "v1",
"code" => 401,
"kind" => "Status",
"message" => "Unauthorized",
"metadata" => %{},
"reason" => "Unauthorized",
"status" => "Failure"
}}}},
[
{Kazan.Watcher, :init, 1, [file: 'lib/kazan/watcher.ex', line: 135]},
{:gen_server, :init_it, 2, [file: 'gen_server.erl', line: 374]},
{:gen_server, :init_it, 6, [file: 'gen_server.erl', line: 342]},
{:proc_lib, :init_p_do_apply, 3, [file: 'proc_lib.erl', line: 249]}
]}}

I need to get at the root cause of the error to know if this is a recoverable error or not. I would prefer to not unwrap the error which would be a brittle way to handle this. Could this be {Ok, _} or {Err, _} response instead?

@obmarg Any thoughts on this?

Environment

Elixir & Erlang/OTP versions (elixir --version):

Erlang/OTP 25 [erts-13.0.4] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1] [jit]
Elixir 1.14.1 (compiled with Erlang/OTP 25)

Which version of Kazan are you using? (cat mix.lock | grep kazan):

"kazan": {:hex, :kazan, "0.11.0", "fe70a92a922f307680086ecbfda085f11193649dd84b465e488d5b82f96e7f7b", [:mix], [{:httpoison, "~> 0.10 or ~> 1.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:poison, "~> 2.0 or ~> 3.0 or ~> 4.0", [hex: :poison, repo: "hexpm", optional: false]}, {:yaml_elixir, "~> 2.0", [hex: :yaml_elixir, repo: "hexpm", optional: false]}], "hexpm", "8786019fb0af3cef1e9d2a322ce4f12d1e03740345955a15f85d39dac03a97f0"},

Current behavior

To demonstrate this behavior I created an application through the command mix new dummy_app and added kazan as a dependency. Once that I try to compile the application through the command mix compile I get the error:

== Compilation error in file lib/kazan/server/certificate_auth.ex ==
** (CompileError) lib/kazan/server/certificate_auth.ex:9: cannot define module Inspect.Kernel because it is currently being defined in lib/kazan/server/basic_auth.ex:8
    lib/kazan/server/certificate_auth.ex:9: (module)
could not compile dependency :kazan, "mix compile" failed. Errors may have been logged above. You can recompile this dependency with "mix deps.compile kazan", update it with "mix deps.update kazan" or clean it with "mix deps.clean kazan"

Expected behavior

If I change to using Elixir 1.14.0 instead of 1.14.1 I can compile successfully.

Elixir & Erlang/OTP versions (elixir --version):

Erlang/OTP 25 [erts-13.0.4] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1] [jit]
Elixir 1.14.0 (compiled with Erlang/OTP 25)

Generated kazan app
==> dummy_app
Compiling 1 file (.ex)
Generated dummy_app app

Parameter documentation that has line breaks ends up rendering weird, because it breaks the bulleted list we're in the middle of. Would be good to fix this somehow? Possibly convert paragraphs to bullet entries?

An example of the issue:

The ecto documentation groups related modules under headers, like this:

The k8s API is pretty big, so kazan has a ton of modules. It'd be good to think about if the kazan docs could be grouped in a similar manner to the ecto docs.

Some public facing kazan functions could do with examples in their documentation. Ideally these should be in the form of doc tests so we can be sure they're correct.

This might involve writing a mock-client, mock k8s or using exvcr so that the tests can run without an actual k8s server.

I suggest that to improve consistency, the code is formatted with the Elixir 1.6 formatter, a .formatter.exs is committed, and the Travis configuration is changed to run mix format --check-formatted in addition to the default mix test.

Happy to create a PR for this.

Naming objects you create with kazan is not ideal right now - names live inside ObjectMeta, so you need to do something like:

alias Kazan.Apis.Core.V1, as: Core

%Core.Namespace{
    metadata: %Kazan.Models.Apimachinery.Meta.V1.ObjectMeta{name: "test"}
}
|> Core.create_namespace!() 
|> Kazan.run!

It might be worth exploring a pipe function that sets the name/other metadata:

%Core.Namespace{}
|> with_name("test")
|> Core.create_namespace!() 
|> Kazan.run!

or

%Core.Namespace{}
|> with_meta(name: "test")
|> Core.create_namespace!() 
|> Kazan.run!

It's not clear what module these functions could live in. But it's worth thinking about.

There's been a few new features added lately that'd be good to integration test:

• In config file certificate auth
• Token auth
• In cluster auth

I'm trying to integrate CRD:s into my app. I know Kazan does not suport CRD yet, but I think it would be a step in the right direction if it would be possible to use Kazan.run with a custom Kazan.Request.response_scheme in a similar way to how nested structs can be decoded using Poison?

  def list_namespaced_healthchecks!(namespace, -opts) do
    %Kazan.Request{
      body: nil,
      method: "get",
      path: "/apis/group/v1alpha1/namespaces/#{namespace}/healthchecks",
      query_params: %{},
      response_schema: %HealthcheckList{items: [%Healthcheck{}]}
    }
  end

or maybe something simpler like run_raw to skip the decoding step in run. In my opinion is no problem creating custom functions returning a %Kazan.Request{} for my CRD and doing encode/decode manually. It would be nice to have the option to do so, since right now I sort of have to duplicate the Kazan.run and Kazan.Watcher logic since I can't work around it.

We need to support the K8S metrics-server API (https://github.com/kubernetes-incubator/metrics-server) in our implementation.

To do this I need to fork the Kazan repo to make the following changes:

• Use a different swagger.json which included the metrics-server endpoints
• Add two lines to Kazan.Codegen.Naming to map the metrics namespace

(chazsconi@cd923bc#diff-1856cab08f35cbaee3b304822e1699c4)

It would be nice if these two things could be set via the configuration.

Additionally I also had to manually change the swagger.json so the window field is a string rather than a Duration cause a crash when decoding, but this is really a different issue, and I'm not sure how to fix it properly.

chazsconi@0e44c4e

For API definitions we use the required property in the k8s spec to decide where the argument should go.

Models also have required properties, but we don't do anything with them. We should probably do something with them. At the very least update our documentation to show which properties are required. Perhaps even enforce them with @enforce_keys, though this could make building models more awkward so may not be worth it...

The k8s specs contain x-kubernetes-group-version-kind and x-kubernetes-action fields for some models & api actions. We could use these to back-link from models to the functions that take/return the models. Worth considering.

I need to write some details on how to contribute to the project.

I notice the in_cluster function is looking for ca.key file name.

I believe this have changed according to Kubernetes' documentation on accessing the API server from a pod

If available, a certificate bundle is placed into the filesystem tree of each container at
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt,
and should be used to verify the serving certificate of the apiserver.

I am running into this error while testing.

** (File.Error) could not read file "/var/run/secrets/kubernetes.io/serviceaccount/ca.key": no such file or directory
    (elixir) lib/file.ex:272: File.read!/1
    (kazan) lib/kazan/server.ex:130: Kazan.Server.cert_from_pem/2
    (kazan) lib/kazan/server.ex:70: Kazan.Server.in_cluster/1
    (ephemeral) lib/ephemeral/kube.ex:154: Ephemeral.Kube.deploy/2

The documentation is from version 1.9 and I'm running 1.8 so at the very least these 2 versions are not using ca.key name anymore.

If my hypothesis is right, please let me know. I am happy to make a PR as well.

Thank you,

I'm currently using {:yaml_elixir, "~> 2.0"} in my mix project, so I have to use {:kazan, git: "https://github.com/sambooo/kazan.git", branch: "master"} for dependency resolution to work. Please do a new release so I can remove this constraint.

Most notable of these are networking.k8s.io/v1 implementation of Ingress. But I'm pretty sure there are a large number of other deprecated resources in the set provided by kazan alongside other resources missing.

We currently support (and mention in the README) configuring a kubernetes server in the mix config.

However, the Kazan.Server functions (in_cluster and from_kubeconfig) are not available to call from the mix config. It'd be good to provide an alternative way of specifying these in the mix config.

Due to edgurgel/httpoison#375 (which I created a PR to fix, and is now merged) if you use HTTPoison < v1.6.1 you will have a process leak when using watches whenever a GONE event is received from K8S.

Therefore should Kazan's deps be changed to force using this version or later of HTTPoison, or should this just be warned about in the docs?

I'm happy to create a PR for either option.

There's a bunch of places in the codebase that call String.to_atom. Sometimes this will be unavoidable, as we actually need to create new atoms . However, should look into whether they're always safe & needed. Similar to the fix in 87e7e21

As mentioned in #72 we have a wrapper around Kazan.run/2 for instrumentation.

It would be useful if the module that Kazan.run/1 and Kazan.run/2 delegates to could be changed by configuration. This way we could easy provide our own implementation which wraps calls to Kazan.Client.Imp.run/2 with instrumentation.

This would also be useful to allow Kazan.Client.Imp to be replaced by a mock module for testing an app that uses Kazan.

To do this I would also suggest moving Kazan.Client.Imp.run!/2 to the Kazan module (as it's just a wrapper around run/2) and leaving run/2 as the only function that is required to be implemented in Kazan.Client.Imp or a mock implementation. A behaviour could also be added.

@obmarg I can provide a PR for this if you agree with the approach.

I'm trying to figure out how to configure the package, especially in the area of authenticating through ServiceAccount. I saw some the code in Kazan.Server on reading the kubecfg file. However, I'm not really sure where it's used, and the documentation isn't saying much about how to setup the auth component.

I'll keep looking around the repo but it would be really nice to have more info/example in the documentation or README.

I'm also happy to submit PR if you'd preferred.

@obmarg In my project I need to support watch requests.

To do this I have written some code that can be used in the client as follows:

1. You create a request in the normal way, but setting watch=true e.g.

request = Kazan.Apis.CoreV1.list_namespace!(watch: "true")

2. You start a watcher using the request, and passing the initial resource version and a pid to which to send received messages.

Kazan.Watcher.start_link(request, resource_version: rv, send_to: self())

3. In your client code you receive messages for each %Versioned.Event{}. You can pattern match on the object type if you have multiple watchers configured. For example, if the client is a GenServer

  # type is "ADDED", "DELETED" or "MODIFIED"
  def handle_info(%Kazan.Models.Versioned.Event{object: object, type: type}, state) do
    case object do
      %Kazan.Models.V1.Namespace{} = namespace ->
        process_namespace_event(type, namespace)

      %Kazan.Models.V1.Job{} = job ->
        process_job_event(type, job)
    end
    {:noreply, state}
  end

Internally the Watcher does the following:

1. Initiates the request to HTTPoison using an AsyncRequest
2. Buffers chunks received from HTTPoison until a complete line of JSON is received.
3. Decodes the JSON and then decodes the K8S objects using Kazan.Models.decode/1
4. Sends the event to the client
5. Keeps track of the latest resource_version object received from K8S
6. Triggers another request, passing the latest resource_version when a HTTPoison timeout is received.

What do you think of this approach? If you think this is the right way to do it, I will tidy up the code and submit a PR.

Some requests, e.g: Core.read_namespaced_pod_log/3 return a response type of text/plain and not application/json

In this case the response should not be JSON decoded and should just be returned as the raw response.

I'll create a PR to fix this by checking the response type before JSON and Model decoding.

#56 added custom resource support to kazan. However, CRUD requests on custom resources require a user to manually build a Kazan.Request type. It'd be good to provide some utility functions for building these requests.

I'm thinking something along the lines of:

defmodule Kazan.CustomResources do
  @spec create(struct) :: Kazan.Request
  @spec delete(struct) :: Kazan.Request
  # Etc.
end

If one particular event type is been watched (e.g. Namespace changes) and no new events happen for a long time, but other events, that are not being watched happen, the other, non-watched events, cause the RV to increase.

Eventually the RV that is stored in the watcher is too old to be used, and the watcher fails returning a 410 response code.

If an original RV was passed to the watcher, the supervisor restarts the watcher with the same init parameters, and it fails again.

Possible solutions:

1. Parse the message that comes back to extract a later RV

2. Send a message to the caller to inform it that it can no longer watch and it should start again

3. Somehow obtain the latest RV from K8S without potentially missing events

Logs below:

FunctionClauseError) no function clause matching in Kazan.Watcher.extract_rv/1
    (kazan) lib/kazan/watcher.ex:235: Kazan.Watcher.extract_rv(%{"apiVersion" => "v1", "code" => 410, "kind" => "Status", "message" => "too old resource version: 20293058 (20295457)", "metadata" => %{}, "reason" => "Gone", "status" => "Failure"})
    (kazan) lib/kazan/watcher.ex:219: anonymous fn/4 in Kazan.Watcher.process_lines/2
    (elixir) lib/enum.ex:1899: Enum."-reduce/3-lists^foldl/2-0-"/3
    (kazan) lib/kazan/watcher.ex:158: Kazan.Watcher.handle_info/2
    (stdlib) gen_server.erl:616: :gen_server.try_dispatch/4
    (stdlib) gen_server.erl:686: :gen_server.handle_msg/6
    (stdlib) proc_lib.erl:247: :proc_lib.init_p_do_apply/3
Last message: %HTTPoison.AsyncChunk{chunk: "{\"type\":\"ERROR\",\"object\":{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"too old resource version: 20293058 (20295457)\",\"reason\":\"Gone\",\"code\":410}}\n", id: #Reference<0.4253789252.1463549953.187567>}

Adding the Kazan.Server.resolve_token function has meant that people using GCP can no longer use the kazan application config. It would be good to expose a function to construct a Kazan.Server from any application config to handle this particular usecase.

I'm currently playing around with Kazan and I find it very pleasant to use, thank you for working on it!

I find myself switching between two contexts at the moment, and realised that it would be nice to have context exposed on the server to see that the current server I'm working with is in the correct context.

I reckon it'd be nice to be able to check the validity of struct-modifying code with Dialyzer. Given the types are already present in the docs it seems the required information is there to do this.

I'd love to use this library to stream from the kubernetes logs endpoint. This api is however, not in the swagger documentation.

#65 added support for decoding & encoding custom resources - when a Kazan.Request is built with a custom resource as it's response_model we'll succesfully decode that custom resource.

Watch request decoding however uses the kind field in the object in the WatchEvent. The lookup table for kinds is generated at compile time, so custom resources will not be included in this. We probably need to update the lookup table to be dynamic somehow.