feat(controller): use cncf buildpacks replace slugrunner

Author: duanhongyi

charts/controller/templates/_helpers.tpl

@@ -168,25 +168,4 @@ resources:
     memory: {{.Values.limits_memory}}
 {{- end }}
 {{- end }}
-{{- end }}
-
-
-{{/* Generate controller deployment volumeMounts */}}
-{{- define "controller.volumeMounts" }}
-volumeMounts:
-  - mountPath: /etc/slugrunner
-    name: slugrunner-config
-    readOnly: true
-{{- end }}
-
-
-{{/* Generate controller deployment volumes */}}
-{{- define "controller.volumes" }}
-volumes:
-  - name: rabbitmq-creds
-    secret:
-      secretName: rabbitmq-creds
-  - name: slugrunner-config
-    configMap:
-      name: slugrunner-config
-{{- end }}
+{{- end }}

rootfs/api/models/app.py

@@ -122,48 +122,37 @@ def types(self):
     def _get_command(self, container_type):
         """
         Return the kubernetes "container arguments" to be sent off to the scheduler.
-
-        In reality this is the command that the user it attempting to run.
         """
-        try:
-            # FIXME: remove slugrunner's hardcoded entrypoint
-            release = self.release_set.filter(failed=False).latest()
+        release = self.release_set.filter(failed=False).latest()
+        if release is not None and release.build is not None:
+            # dockerfile or container image
             if release.build.dockerfile or not release.build.sha:
-                cmd = release.build.procfile[container_type]
-                # if the entrypoint is `/bin/bash -c`, we want to supply the list
-                # as a script. Otherwise, we want to send it as a list of arguments.
-                if self._get_entrypoint(container_type) == ['/bin/bash', '-c']:
-                    return [cmd]
-                else:
-                    return cmd.split()
-
-            return ['start', container_type]
-        # if the key is not present or if a parent attribute is None
-        except (KeyError, TypeError, AttributeError):
-            # handle special case for Dockerfile deployments
-            return [] if container_type == 'cmd' else ['start', container_type]
+                # has profile
+                if release.build.procfile and container_type in release.build.procfile:
+                    cmd = release.build.procfile[container_type]
+                    # if the entrypoint is `/bin/bash -c`, we want to supply the list
+                    # as a script. Otherwise, we want to send it as a list of arguments.
+                    if self._get_entrypoint(container_type) == ['/bin/bash', '-c']:
+                        return [cmd]
+                    else:
+                        return cmd.split()
+        return []
 
     def _get_entrypoint(self, container_type):
         """
         Return the kubernetes "container command" to be sent off to the scheduler.
-
-        In this case, it is the entrypoint for the docker image. Because of Heroku compatibility,
-        Any containers that are not from a buildpack are run under /bin/bash.
         """
-        # handle special case for Dockerfile deployments
         if container_type == 'cmd':
             return []
-
-        # if this is a procfile-based app, switch the entrypoint to slugrunner's default
-        # FIXME: remove slugrunner's hardcoded entrypoint
+        entrypoint = ['/bin/bash', '-c']
         release = self.release_set.filter(failed=False).latest()
         if release.build.procfile \
                 and release.build.sha \
                 and not release.build.dockerfile:
-            entrypoint = ['/runner/init']
-        else:
-            entrypoint = ['/bin/bash', '-c']
-
+            if container_type in release.build.procfile:
+                entrypoint = [container_type]
+            else:
+                entrypoint = ['launcher']
         return entrypoint
 
     def _refresh_certificate(self, certs_auto_enabled, hosts):
@@ -576,12 +565,6 @@ def _scale_pods(self, scale_types):
         release = self.release_set.filter(failed=False).latest()
         app_settings = self.appsettings_set.latest()
         volumes = Volume.objects.filter(app=self, path__isnull=False)
-        # use slugrunner image for app if buildpack app otherwise use normal image
-        if release.build.type == 'buildpack':
-            image = next(filter(lambda item: item['name'] == release.build.stack,
-                                settings.SLUGRUNNER_IMAGES))['image']
-        else:
-            image = release.image
 
         tasks = []
         for scale_type, replicas in scale_types.items():
@@ -594,7 +577,7 @@ def _scale_pods(self, scale_types):
                     self._scheduler.scale,
                     namespace=self.id,
                     name=self._get_job_id(scale_type),
-                    image=image,
+                    image=release.image,
                     entrypoint=self._get_entrypoint(scale_type),
                     command=self._get_command(scale_type),
                     **data
@@ -670,27 +653,17 @@ def deploy(self, release, force_deploy=False, rollback_on_failure=True):  # noqa
         # Check if any proc type has a Deployment in progress
         self._check_deployment_in_progress(deploys, force_deploy)
 
-        # use slugrunner image for app if buildpack app otherwise use normal image
-        if release.build.type == 'buildpack':
-            image = next(filter(lambda item: item['name'] == release.build.stack,
-                                settings.SLUGRUNNER_IMAGES))['image']
-        else:
-            image = release.image
-
         try:
             # create the application config in k8s (secret in this case) for all deploy objects
             self.set_application_config(release)
-            # only buildpack apps need access to object storage
-            if release.build.type == 'buildpack':
-                self.create_object_store_secret()
 
             # gather all proc types to be deployed
             tasks = [
                 functools.partial(
                     self._scheduler.deploy,
                     namespace=self.id,
                     name=self._get_job_id(scale_type),
-                    image=image,
+                    image=release.image,
                     entrypoint=self._get_entrypoint(scale_type),
                     command=self._get_command(scale_type),
                     **kwargs
@@ -903,12 +876,6 @@ def pod_name(size=5, chars=string.ascii_lowercase + string.digits):
             raise DryccException('No build associated with this release to run this command')
 
         app_settings = self.appsettings_set.latest()
-        # use slugrunner image for app if buildpack app otherwise use normal image
-        if release.build.type == 'buildpack':
-            image = next(filter(lambda item: item['name'] == release.build.stack,
-                                settings.SLUGRUNNER_IMAGES))['image']
-        else:
-            image = release.image
         volume_list = []
         if volumes:
             volume_objs = Volume.objects.filter(app=release.app, name__in=volumes.keys())
@@ -928,7 +895,7 @@ def pod_name(size=5, chars=string.ascii_lowercase + string.digits):
             exit_code, output = self._scheduler.run(
                 self.id,
                 name,
-                image,
+                release.image,
                 self._get_entrypoint(scale_type),
                 [command],
                 **data
@@ -1029,16 +996,7 @@ def _build_env_vars(self, release):
                 settings.DRYCC_DATETIME_FORMAT))
         }
 
-        # Check if it is a slug builder image.
-        if release.build.type == 'buildpack':
-            # overwrite image so slugrunner image is used in the container
-            default_env['SLUG_URL'] = release.image
-            default_env['BUILDER_STORAGE'] = settings.APP_STORAGE
-            default_env['DRYCC_MINIO_SERVICE_HOST'] = settings.MINIO_HOST
-            default_env['DRYCC_MINIO_SERVICE_PORT'] = settings.MINIO_PORT
-
-        if release.build.sha:
-            default_env['SOURCE_VERSION'] = release.build.sha
+        default_env['SOURCE_VERSION'] = release.build.sha
 
         # fetch application port and inject into ENV vars as needed
         port = release.get_port()
@@ -1319,11 +1277,3 @@ def set_application_config(self, release):
             self._scheduler.secret.create(self.id, secret_name, secrets_env, labels=labels)
         else:
             self._scheduler.secret.update(self.id, secret_name, secrets_env, labels=labels)
-
-    def create_object_store_secret(self):
-        try:
-            self._scheduler.secret.get(self.id, 'objectstorage-keyfile')
-        except KubeException:
-            secret = self._scheduler.secret.get(
-                settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()
-            self._scheduler.secret.create(self.id, 'objectstorage-keyfile', secret['data'])

rootfs/api/models/release.py

@@ -60,15 +60,12 @@ def image(self):
             return self.build.image
 
         # Sort out image information based on build type
-        if self.build.type == 'dockerfile':
-            # DockerFile
+        if self.build.type == 'dockerfile' or self.build.type == 'buildpack':
+            # DockerFile or buildpack
             return '{}/{}:git-{}'.format(settings.REGISTRY_URL, self.app.id, str(self.build.sha))
         elif self.build.type == 'image':
             # Drycc Pull, docker image in local registry
             return self.build.image
-        elif self.build.type == 'buildpack':
-            # Build Pack - Registry URL not prepended since slugrunner image will download slug
-            return self.build.image
 
     def new(self, user, config, build, summary=None, source_version='latest'):
         """

rootfs/api/settings/production.py

@@ -272,21 +272,6 @@
 
 PLATFORM_DOMAIN = os.environ.get('DRYCC_PLATFORM_DOMAIN', 'local.drycc.cc')
 
-# k8s image policies
-if os.path.exists('/etc/slugrunner/images.json'):
-    with open('/etc/slugrunner/images.json') as fb:
-        SLUGRUNNER_IMAGES = json.load(fb)
-else:
-    SLUGRUNNER_IMAGES = [
-        {
-            "name": 'heroku-18',
-            "image": 'drycc/slugrunner:canary.heroku-18',
-        },
-        {
-            "name": 'heroku-20',
-            "image": 'drycc/slugrunner:canary.heroku-20',
-        },
-    ]
 IMAGE_PULL_POLICY = os.environ.get('IMAGE_PULL_POLICY', "IfNotPresent")  # noqa
 
 # True, true, yes, y and more evaluate to True

rootfs/api/tests/test_app.py

@@ -656,6 +656,7 @@ def test_build_env_vars(self, mock_requests):
                 'DRYCC_APP': app.id,
                 'WORKFLOW_RELEASE': 'v2',
                 'PORT': 5000,
+                'SOURCE_VERSION': '',
                 'WORKFLOW_RELEASE_SUMMARY': 'autotest deployed autotest/example',
                 'WORKFLOW_RELEASE_CREATED_AT': str(time_created.strftime(
                     settings.DRYCC_DATETIME_FORMAT))
@@ -670,10 +671,6 @@ def test_build_env_vars(self, mock_requests):
                 'DRYCC_APP': app.id,
                 'WORKFLOW_RELEASE': 'v3',
                 'PORT': 5000,
-                'SLUG_URL': 'autotest/example',
-                'BUILDER_STORAGE': None,
-                'DRYCC_MINIO_SERVICE_HOST': '127.0.0.1',
-                'DRYCC_MINIO_SERVICE_PORT': 80,
                 'SOURCE_VERSION': 'abc1234',
                 'WORKFLOW_RELEASE_SUMMARY': 'autotest deployed abc1234',
                 'WORKFLOW_RELEASE_CREATED_AT': str(time_created.strftime(

rootfs/api/tests/test_pods.py

@@ -492,7 +492,7 @@ def test_command_good(self, mock_requests):
         app = App.objects.get(id=app_id)
         user = User.objects.get(username='autotest')
 
-        # Heroku Buildpack app
+        # CNCF Buildpack app
         build = Build.objects.create(
             owner=user,
             app=app,
@@ -514,9 +514,9 @@ def test_command_good(self, mock_requests):
             build=build
         )
 
-        # use `start web` for backwards compatibility with slugrunner
-        self.assertEqual(app._get_command('web'), ['start', 'web'])
-        self.assertEqual(app._get_command('worker'), ['start', 'worker'])
+        # use `start web` for backwards compatibility with buildpacks
+        self.assertEqual(app._get_command('web'), [])
+        self.assertEqual(app._get_command('worker'), [])
 
         # switch to docker image app
         build.sha = ''
@@ -541,7 +541,7 @@ def test_command_good(self, mock_requests):
         # for backwards compatibility if no Procfile is supplied
         build.procfile = {}
         build.save()
-        self.assertEqual(app._get_command('worker'), ['start', 'worker'])
+        self.assertEqual(app._get_command('worker'), [])
 
     def test_run_command_good(self, mock_requests):
         """Test the run command for each container workflow"""
@@ -598,7 +598,7 @@ def test_run_command_good(self, mock_requests):
         response = self.client.post(url, body)
         self.assertEqual(response.status_code, 200, response.data)
         app = App.objects.get(id=app_id)
-        self.assertEqual(app._get_entrypoint('web'), ['/runner/init'])
+        self.assertEqual(app._get_entrypoint('web'), ['web'])
 
     def test_run_not_fail_on_debug(self, mock_requests):
         """

rootfs/scheduler/resources/pod.py

@@ -98,7 +98,6 @@ def state(self, pod):
 
     def manifest(self, namespace, name, image, **kwargs):
         app_type = kwargs.get('app_type')
-        build_type = kwargs.get('build_type')
         volumes = kwargs.get('volumes')
 
         # labels that represent the pod(s)
@@ -132,22 +131,6 @@ def manifest(self, namespace, name, image, **kwargs):
         # How long until a pod is forcefully terminated. 30 is kubernetes default
         spec['terminationGracePeriodSeconds'] = self._get_termination_grace_period(kwargs)  # noqa
 
-        # Check if it is a slug builder image.
-        if build_type == "buildpack":
-            # add the required volume to the top level pod spec
-            spec['volumes'] = [{
-                'name': 'objectstorage-keyfile',
-                'secret': {
-                    'secretName': 'objectstorage-keyfile'
-                }
-            }]
-
-            # added to kwargs to send to the container function
-            kwargs['volumeMounts'] = [{
-                'name': 'objectstorage-keyfile',
-                'mountPath': '/var/run/secrets/drycc/objectstore/creds',
-                'readOnly': True
-            }]
         if volumes:
             exist_volumes = spec.get('volumes', [])
             for volume in volumes:
@@ -304,7 +287,7 @@ def _set_health_checks(self, container, env, **kwargs):
                 healthchecks['livenessProbe']['httpGet']['port'] = env['PORT']
             container.update(healthchecks)
         elif kwargs.get('routable', False):
-            self._default_readiness_probe(container, kwargs.get('build_type'), env.get('PORT', None))  # noqa
+            self._default_readiness_probe(container, kwargs.get('build_type'), env.get('PORT', 5000))  # noqa
 
     @staticmethod
     def _set_lifecycle_hooks(container, env, **kwargs):
@@ -338,53 +321,15 @@ def _set_lifecycle_hooks(container, env, **kwargs):
                 }
             container["lifecycle"] = dict(lifecycle)
 
-    def _default_readiness_probe(self, container, build_type, port=None):
+    def _default_readiness_probe(self, container, build_type, port=5000):
         # Update only the application container with the health check
         if build_type == "buildpack":
-            container.update(self._default_buildpack_readiness_probe())
+            container.update(self._default_container_readiness_probe(port))
         elif port:
-            container.update(self._default_dockerapp_readiness_probe(port))
-
-    """
-    Applies exec readiness probe to the slugrunner container.
-    http://kubernetes.io/docs/user-guide/pod-states/#container-probes
-
-    /runner/init is the entry point of the slugrunner.
-    https://github.com/drycc/slugrunner/blob/01eac53f1c5f1d1dfa7570bbd6b9e45c00441fea/rootfs/Dockerfile#L20
-    Once it downloads the slug it starts running using `exec` which means the pid 1
-    will point to the slug/application command instead of entry point once the application has
-    started.
-    https://github.com/drycc/slugrunner/blob/01eac53f1c5f1d1dfa7570bbd6b9e45c00441fea/rootfs/runner/init#L90
-
-    This should be added only for the build pack apps when a custom liveness probe is not set to
-    make sure that the pod is ready only when the slug is downloaded and started running.
-    """
-    @staticmethod
-    def _default_buildpack_readiness_probe(delay=30, timeout=5, period_seconds=5,
-                                           success_threshold=1, failure_threshold=1):
-        readinessprobe = {
-            'readinessProbe': {
-                # an exec probe
-                'exec': {
-                    "command": [
-                        "bash",
-                        "-c",
-                        "[[ '$(ps -p 1 -o args)' != *'bash /runner/init'* ]]"
-                    ]
-                },
-                # length of time to wait for a pod to initialize
-                # after pod startup, before applying health checking
-                'initialDelaySeconds': delay,
-                'timeoutSeconds': timeout,
-                'periodSeconds': period_seconds,
-                'successThreshold': success_threshold,
-                'failureThreshold': failure_threshold,
-            },
-        }
-        return readinessprobe
+            container.update(self._default_container_readiness_probe(port))
 
     @staticmethod
-    def _default_dockerapp_readiness_probe(port, delay=5, timeout=5, period_seconds=5,
+    def _default_container_readiness_probe(port, delay=5, timeout=5, period_seconds=5,
                                            success_threshold=1, failure_threshold=1):
         """
         Applies tcp socket readiness probe to the docker app container only if some port is exposed