feat(controller): add a volume command

Author: Your Name

charts/controller/templates/controller-clusterrole.yaml

@@ -62,5 +62,8 @@ rules:
 - apiGroups: ["apps"]
   resources: ["replicasets"]
   verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
 {{- end -}}
 {{- end -}}

charts/controller/templates/controller-deployment.yaml

@@ -75,6 +75,10 @@ spec:
               value: "{{ .Values.global.registry_secret_prefix }}"
             - name: "IMAGE_PULL_POLICY"
               value: "{{ .Values.app_pull_policy }}"
+{{- if (.Values.app_storage_class) }}
+            - name: "DRYCC_APP_KUBERNETES_STORAGE_CLASS"
+              value: "{{ .Values.app_storage_class }}"
+{{- end }}
             - name: "TZ"
               value: {{ .Values.time_zone | default "UTC" | quote }}
 {{- if (.Values.deploy_hook_urls) }}

charts/controller/values.yaml

@@ -16,6 +16,9 @@ registration_mode: "admin_only"
 # Option to disable ssl verification to connect to k8s api server
 k8s_api_verify_tls: "true"
 
+# Set storageClassName, It is used for application mount.
+app_storage_class: ""
+
 global:
   # Admin email, used for each component to send email to administrator
   email: "drycc@drycc.cc"

rootfs/api/migrations/0001_initial.py

@@ -233,4 +233,22 @@ class Migration(migrations.Migration):
             name='appsettings',
             unique_together=set([('app', 'uuid')]),
         ),
+        migrations.CreateModel(
+            name='Volume',
+            fields=[
+                ('uuid', models.UUIDField(auto_created=True, default=uuid.uuid4, editable=False, primary_key=True, serialize=False, unique=True, verbose_name='UUID')),
+                ('created', models.DateTimeField(auto_now_add=True)),
+                ('updated', models.DateTimeField(auto_now=True)),
+                ('name', models.CharField(max_length=63, unique=True, validators=[api.models.validate_label])),
+                ('size', models.CharField(max_length=128)),
+                ('path', jsonfield.fields.JSONField(blank=True, default={})),
+                ('app', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='api.App')),
+                ('owner', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'ordering': ['-created'],
+                'get_latest_by': 'created',
+                'unique_together': {('app', 'name')},
+            },
+        ),
     ]

rootfs/api/models/__init__.py

@@ -150,6 +150,7 @@ class Meta:
 from .key import Key, validate_base64  # noqa
 from .release import Release  # noqa
 from .tls import TLS  # noqa
+from .volume import Volume  # noqa
 
 # define update/delete callbacks for synchronizing
 # models with the configuration management backend
@@ -246,6 +247,7 @@ def _hook_release_created(**kwargs):
 post_delete.connect(_log_instance_removed, sender=Certificate, dispatch_uid='api.models.log')
 post_delete.connect(_log_instance_removed, sender=Domain, dispatch_uid='api.models.log')
 post_delete.connect(_log_instance_removed, sender=TLS, dispatch_uid='api.models.log')
+post_delete.connect(_log_instance_removed, sender=Volume, dispatch_uid='api.models.log')
 
 
 # automatically generate a new token on creation

rootfs/api/models/app.py

@@ -11,6 +11,7 @@
 import requests
 import string
 import time
+import uuid
 from urllib.parse import urljoin
 
 from django.conf import settings
@@ -25,6 +26,7 @@
 from api.models.release import Release
 from api.models.tls import TLS
 from api.models.appsettings import AppSettings
+from api.models.volume import Volume
 from api.utils import generate_app_name, async_run
 from scheduler import KubeHTTPException, KubeException
 
@@ -497,7 +499,7 @@ def scale(self, user, structure):  # noqa
     def _scale_pods(self, scale_types):
         release = self.release_set.filter(failed=False).latest()
         app_settings = self.appsettings_set.latest()
-
+        volumes = Volume.objects.filter(app=self, path__isnull=False)
         # use slugrunner image for app if buildpack app otherwise use normal image
         if release.build.type == 'buildpack':
             image = next(filter(lambda item: item['name'] == release.build.stack,
@@ -507,7 +509,8 @@ def _scale_pods(self, scale_types):
 
         tasks = []
         for scale_type, replicas in scale_types.items():
-            data = self._gather_app_settings(release, app_settings, scale_type, replicas)  # noqa
+            scale_type_volumes = [_ for _ in volumes if scale_type in _.path.keys()]
+            data = self._gather_app_settings(release, app_settings, scale_type, replicas, volumes=scale_type_volumes)  # noqa
 
             # gather all proc types to be deployed
             tasks.append(
@@ -577,9 +580,11 @@ def deploy(self, release, force_deploy=False, rollback_on_failure=True):  # noqa
 
         # deploy application to k8s. Also handles initial scaling
         app_settings = self.appsettings_set.latest()
+        volumes = self.volume_set.all()
         deploys = {}
         for scale_type, replicas in self.structure.items():
-            deploys[scale_type] = self._gather_app_settings(release, app_settings, scale_type, replicas)  # noqa
+            volumes = [_ for _ in volumes if scale_type in _.path.keys()]
+            deploys[scale_type] = self._gather_app_settings(release, app_settings, scale_type, replicas, volumes=volumes)  # noqa
 
         # Sort deploys so routable comes first
         deploys = OrderedDict(sorted(deploys.items(), key=lambda d: d[1].get('routable')))
@@ -798,7 +803,7 @@ def logs(self, log_lines=str(settings.LOG_LINES)):
         # cast content to string since it comes as bytes via the requests object
         return str(r.content.decode('utf-8'))
 
-    def run(self, user, command):
+    def run(self, user, command, volumes=None):
         def pod_name(size=5, chars=string.ascii_lowercase + string.digits):
             return ''.join(random.choice(chars) for _ in range(size))
 
@@ -814,8 +819,13 @@ def pod_name(size=5, chars=string.ascii_lowercase + string.digits):
                                 settings.SLUGRUNNER_IMAGES))['image']
         else:
             image = release.image
-
-        data = self._gather_app_settings(release, app_settings, process_type='run', replicas=1)
+        volume_list = []
+        if volumes:
+            volume_objs = Volume.objects.filter(app=release.app, name__in=volumes.keys())
+            for _ in volume_objs:
+                _.path["{}-{}".format(self.app.id, str(uuid.uuid4())[:7])] = volumes.get(_.name, None)  # noqa
+                volume_list.append(_)
+        data = self._gather_app_settings(release, app_settings, process_type='run', replicas=1, volumes=volume_list)  # noqa
 
         # create application config and build the pod manifest
         self.set_application_config(release)
@@ -1076,7 +1086,7 @@ def _get_private_registry_config(self, image, registry=None):
         })
         return docker_config, name, True
 
-    def _gather_app_settings(self, release, app_settings, process_type, replicas):
+    def _gather_app_settings(self, release, app_settings, process_type, replicas, volumes=None):
         """
         Gathers all required information needed in one easy place for passing into
         the Kubernetes client to deploy an application
@@ -1116,6 +1126,15 @@ def _gather_app_settings(self, release, app_settings, process_type, replicas):
         healthcheck = config.get_healthcheck().get(process_type, {})
         if not healthcheck and process_type in ['web', 'cmd']:
             healthcheck = config.get_healthcheck().get('web/cmd', {})
+        volumes_info = [{
+            "name": _.name,
+            "claimName": _.name,
+        } for _ in volumes] if volumes else []
+
+        volume_mounts_info = [{
+            "name": _.name,
+            "mount_path": _.path.get(process_type),
+        } for _ in volumes] if volumes else []
 
         return {
             'memory': config.memory,
@@ -1140,6 +1159,8 @@ def _gather_app_settings(self, release, app_settings, process_type, replicas):
             'pod_termination_grace_period_each': config.termination_grace_period,
             'image_pull_secret_name': image_pull_secret_name,
             'image_pull_policy': image_pull_policy,
+            'volumes': volumes_info,
+            'volume_mounts': volume_mounts_info,
         }
 
     def set_application_config(self, release):

rootfs/api/models/volume.py

@@ -0,0 +1,73 @@
+import logging
+from django.db import models, transaction
+from django.conf import settings
+from jsonfield import JSONField
+from api.exceptions import DryccException, ServiceUnavailable, AlreadyExists
+from api.models import UuidAuditedModel, validate_label
+from scheduler import KubeException
+
+logger = logging.getLogger(__name__)
+
+
+class Volume(UuidAuditedModel):
+    owner = models.ForeignKey(settings.AUTH_USER_MODEL,
+                              on_delete=models.PROTECT)
+    app = models.ForeignKey('App', on_delete=models.CASCADE)
+
+    name = models.CharField(max_length=63, unique=True,
+                            validators=[validate_label])
+    size = models.CharField(max_length=128, blank=False, null=False,
+                            unique=False)
+    path = JSONField(default={}, blank=True)
+
+    class Meta:
+        get_latest_by = 'created'
+        unique_together = (('app', 'name'),)
+        ordering = ['-created']
+
+    def __str__(self):
+        return self.name
+
+    @transaction.atomic
+    def save(self, *args, **kwargs):
+        # Attach volume, updates k8s
+        if self.created == self.updated:
+            self.attach(*args, **kwargs)
+        # Save to DB
+        return super(Volume, self).save(*args, **kwargs)
+
+    @transaction.atomic
+    def delete(self, *args, **kwargs):
+        if self.path:
+            raise DryccException("the volume is not unmounted")
+        # Deatch volume, updates k8s
+        self.detach(*args, **kwargs)
+        # Delete from DB
+        return super(Volume, self).delete(*args, **kwargs)
+
+    def attach(self, *args, **kwargs):
+        try:
+            self._scheduler.pvc.get(self.app.id, self.name)
+            err = "Volume {} already exists in this namespace".format(self.name)  # noqa
+            self.log(err, logging.INFO)
+            raise AlreadyExists(err)
+        except KubeException as e:
+            logger.info(e)
+            try:
+                kwargs = {
+                    "size": self.size
+                }
+                self._scheduler.pvc.create(self.app.id, self.name, **kwargs)
+            except KubeException as e:
+                msg = 'There was a problem creating the volume ' \
+                      '{} for {}'.format(self.name, self.app_id)
+                raise ServiceUnavailable(msg) from e
+
+    def detach(self, *args, **kwargs):
+        try:
+            # We raise an exception when a volume doesn't exist
+            self._scheduler.pvc.get(self.app.id, self.name)
+            self._scheduler.pvc.delete(self.app.id, self.name)
+        except KubeException as e:
+            raise ServiceUnavailable("Could not delete volume {} for application \
+                {}".format(name, self.app_id)) from e  # noqa

rootfs/api/serializers.py

@@ -28,6 +28,10 @@
 TAGVAL_MATCH = re.compile(r'^(?:[a-zA-Z\d][-\.\w]{0,61})?[a-zA-Z\d]$')
 CONFIGKEY_MATCH = re.compile(r'^[a-z_]+[a-z0-9_]*$', re.IGNORECASE)
 TERMINATION_GRACE_PERIOD_MATCH = re.compile(r'^[0-9]*$')
+VOLUME_SIZE_MATCH = re.compile(
+    r'^(?P<mem>(([0-9]+(MB|KB|GB|[BKMG])|0)(/([0-9]+(MB|KB|GB|[BKMG])))?))$', re.IGNORECASE)
+VOLUME_PATH = re.compile(r'^\/(\w+\/?)+$', re.IGNORECASE)
+
 PROBE_SCHEMA = {
     "$schema": "http://json-schema.org/schema#",
 
@@ -607,6 +611,41 @@ class TLSSerializer(serializers.ModelSerializer):
     owner = serializers.ReadOnlyField(source='owner.username')
 
     class Meta:
-        """Metadata options for a :class:`AppSettingsSerializer`."""
+        """Metadata options for a :class:`AppTLSSerializer`."""
         model = models.TLS
         fields = '__all__'
+
+
+class VolumeSerializer(serializers.ModelSerializer):
+    """Serialize a :class:`~api.models.Volume` model."""
+
+    app = serializers.SlugRelatedField(slug_field='id', queryset=models.App.objects.all())
+    owner = serializers.ReadOnlyField(source='owner.username')
+    name = serializers.CharField()
+    size = serializers.CharField()
+    path = JSONFieldSerializer(required=False, binary=True)
+
+    class Meta:
+        """Metadata options for a :class:`AppVolumeSerializer`."""
+        model = models.Volume
+        fields = '__all__'
+
+    def validate_size(self, data):
+        if not re.match(VOLUME_SIZE_MATCH, str(data)):
+            raise serializers.ValidationError(
+                "Volume size limit format: <number><unit> or <number><unit>/<number><unit>, "
+                "where unit = B, K, M or G")
+        return data
+
+    def validate_path(self, data):
+        for key, value in data.items():
+            if value is None:  # use NoneType to unset an item
+                continue
+
+            if not re.match(PROCTYPE_MATCH, key):
+                raise serializers.ValidationError(PROCTYPE_MISMATCH_MSG)
+
+            if not re.match(VOLUME_PATH, str(value)):
+                raise serializers.ValidationError(
+                    "Volume path format: /path")
+        return data

rootfs/api/settings/production.py

@@ -326,6 +326,8 @@
 
 DRYCC_DEPLOY_HOOK_SECRET_KEY = os.environ.get('DRYCC_DEPLOY_HOOK_SECRET_KEY', None)
 
+DRYCC_APP_KUBERNETES_STORAGE_CLASS = os.environ.get('DRYCC_APP_KUBERNETES_STORAGE_CLASS', "")  # noqa
+
 KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT = os.environ.get('KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT', None)  # noqa
 
 DRYCC_DEFAULT_CONFIG_TAGS = os.environ.get('DRYCC_DEFAULT_CONFIG_TAGS', '')

rootfs/api/settings/testing.py

@@ -42,6 +42,8 @@
 
 DRYCC_DEFAULT_CONFIG_TAGS = os.environ.get('DRYCC_DEFAULT_CONFIG_TAGS', '')
 
+DRYCC_APP_KUBERNETES_STORAGE_CLASS = os.environ.get('DRYCC_APP_KUBERNETES_STORAGE_CLASS', '')  # noqa
+
 
 class DisableMigrations(object):