feat(ctl): Namespace separation and support skipping release installation (#79)

* Initial work for namespace separation

* Apply suggestions

Co-authored-by: Sebastian Bernauer <sebastian.bernauer@stackable.de>

* Make namespaces configurable for all sub commands

* Create namespace if needed

* Add `--skip-release` flag

* Remove stacklet alias

* Apply suggestions

Co-authored-by: Sebastian Bernauer <sebastian.bernauer@stackable.de>

* Improve namespace::create_if_needed function

* Create namespaces in operator and stack commands

* Add support for supportedNamespaces in demos and stacks

* Fix product namespace creation

* Finalize support for supportedNamespaces

* Add NamespaceError

* Improve ns error handling

* Slightly adjust error wording

---------

Co-authored-by: Sebastian Bernauer <sebastian.bernauer@stackable.de>

Author: Techassi

extra/completions/_stackablectl

@@ -1,10 +1,14 @@
 use std::time::Duration;
 
 pub const REDACTED_PASSWORD: &str = "<redacted>";
-pub const PASSWORD_LEN: usize = 32;
+pub const PASSWORD_LENGTH: usize = 32;
 
-pub const DEFAULT_STACKABLE_NAMESPACE: &str = "stackable";
-pub const DEFAULT_NAMESPACE: &str = "default";
+pub const DEFAULT_OPERATOR_NAMESPACE: &str = "stackable-operators";
+// TODO (Techassi): Change this to "stackable" once we switch to this version.
+// Currently lots of demos can only run in the default namespace, so we have to
+// keep "default" here, until we switch the demos. We can't switch them right
+// now, as the old stackablectl would break.
+pub const DEFAULT_PRODUCT_NAMESPACE: &str = "default";
 
 pub const DEFAULT_LOCAL_CLUSTER_NAME: &str = "stackable-data-platform";
 

extra/completions/stackablectl.bash

@@ -3,13 +3,13 @@ use std::string::FromUtf8Error;
 use k8s_openapi::{
     api::{
         apps::v1::{Deployment, DeploymentCondition, StatefulSet, StatefulSetCondition},
-        core::v1::{Secret, Service},
+        core::v1::{Namespace, Secret, Service},
     },
     apimachinery::pkg::apis::meta::v1::Condition,
 };
 use kube::{
-    api::{ListParams, Patch, PatchParams},
-    core::{DynamicObject, GroupVersionKind, ObjectList, TypeMeta},
+    api::{ListParams, Patch, PatchParams, PostParams},
+    core::{DynamicObject, GroupVersionKind, ObjectList, ObjectMeta, TypeMeta},
     discovery::Scope,
     Api, Client, Discovery, ResourceExt,
 };
@@ -22,6 +22,9 @@ use utoipa::ToSchema;
 
 use crate::constants::REDACTED_PASSWORD;
 
+pub type ListResult<T, E = KubeClientError> = Result<ObjectList<T>, E>;
+pub type Result<T, E = KubeClientError> = std::result::Result<T, E>;
+
 #[derive(Debug, Snafu)]
 pub enum KubeClientError {
     #[snafu(display("kube error: {source}"))]
@@ -60,7 +63,7 @@ pub struct KubeClient {
 impl KubeClient {
     /// Tries to create a new default Kubernetes client and immediately runs
     /// a discovery.
-    pub async fn new() -> Result<Self, KubeClientError> {
+    pub async fn new() -> Result<Self> {
         let client = Client::try_default().await.context(KubeSnafu)?;
         let discovery = Discovery::new(client.clone())
             .run()
@@ -73,11 +76,7 @@ impl KubeClient {
     /// Deploys manifests defined the in raw `manifests` YAML string. This
     /// method will fail if it is unable to parse the manifests, unable to
     /// resolve GVKs or unable to patch the dynamic objects.
-    pub async fn deploy_manifests(
-        &self,
-        manifests: &str,
-        namespace: &str,
-    ) -> Result<(), KubeClientError> {
+    pub async fn deploy_manifests(&self, manifests: &str, namespace: &str) -> Result<()> {
         for manifest in serde_yaml::Deserializer::from_str(manifests) {
             let mut object = DynamicObject::deserialize(manifest).context(YamlSnafu)?;
             let object_type = object.types.as_ref().ok_or(
@@ -115,7 +114,7 @@ impl KubeClient {
         Ok(())
     }
 
-    /// List objects by looking up a GVK via the discovery. It returns an
+    /// Lists objects by looking up a GVK via the discovery. It returns an
     /// optional list of dynamic objects. The method returns [`Ok(None)`]
     /// if the client was unable to resolve the GVK. An error is returned
     /// when the client failed to list the objects.
@@ -146,15 +145,15 @@ impl KubeClient {
         Ok(Some(objects))
     }
 
-    /// List services by matching labels. The services can me matched by the
-    /// product labels. [`ListParamsExt`] provides a utility function to
+    /// Lists [`Service`]s by matching labels. The services can be matched by
+    /// the product labels. [`ListParamsExt`] provides a utility function to
     /// create [`ListParams`] based on a product name and optional instance
     /// name.
     pub async fn list_services(
         &self,
         namespace: Option<&str>,
         list_params: &ListParams,
-    ) -> Result<ObjectList<Service>, KubeClientError> {
+    ) -> ListResult<Service> {
         let service_api: Api<Service> = match namespace {
             Some(namespace) => Api::namespaced(self.client.clone(), namespace),
             None => Api::all(self.client.clone()),
@@ -174,7 +173,7 @@ impl KubeClient {
         secret_namespace: &str,
         username_key: &str,
         password_key: Option<&str>,
-    ) -> Result<Option<(String, String)>, KubeClientError> {
+    ) -> Result<Option<(String, String)>> {
         let secret_api: Api<Secret> = Api::namespaced(self.client.clone(), secret_namespace);
 
         let secret = secret_api.get(secret_name).await.context(KubeSnafu)?;
@@ -200,11 +199,14 @@ impl KubeClient {
         Ok(Some((username, password)))
     }
 
+    /// Lists [`Deployment`]s by matching labels. The services can be matched
+    /// by the app labels. [`ListParamsExt`] provides a utility function to
+    /// create [`ListParams`] based on a app name and other labels.
     pub async fn list_deployments(
         &self,
         namespace: Option<&str>,
         list_params: &ListParams,
-    ) -> Result<ObjectList<Deployment>, KubeClientError> {
+    ) -> ListResult<Deployment> {
         let deployment_api: Api<Deployment> = match namespace {
             Some(namespace) => Api::namespaced(self.client.clone(), namespace),
             None => Api::all(self.client.clone()),
@@ -215,11 +217,14 @@ impl KubeClient {
         Ok(deployments)
     }
 
+    /// Lists [`StatefulSet`]s by matching labels. The services can be matched
+    /// by the app labels. [`ListParamsExt`] provides a utility function to
+    /// create [`ListParams`] based on a app name and other labels.
     pub async fn list_stateful_sets(
         &self,
         namespace: Option<&str>,
         list_params: &ListParams,
-    ) -> Result<ObjectList<StatefulSet>, KubeClientError> {
+    ) -> ListResult<StatefulSet> {
         let stateful_set_api: Api<StatefulSet> = match namespace {
             Some(namespace) => Api::namespaced(self.client.clone(), namespace),
             None => Api::all(self.client.clone()),
@@ -233,7 +238,48 @@ impl KubeClient {
         Ok(stateful_sets)
     }
 
-    /// Extracts the GVK from [`TypeMeta`].
+    /// Returns a [`Namespace`] identified by name. If this namespace doesn't
+    /// exist, this method returns [`None`].
+    pub async fn get_namespace(&self, name: &str) -> Result<Option<Namespace>> {
+        let namespace_api: Api<Namespace> = Api::all(self.client.clone());
+        namespace_api.get_opt(name).await.context(KubeSnafu)
+    }
+
+    /// Creates a [`Namespace`] with `name` in the cluster. This method will
+    /// return an error if the namespace already exists. Instead of using this
+    /// method directly, it is advised to use [`namespace::create_if_needed`][1]
+    /// instead.
+    ///
+    /// [1]: crate::platform::namespace
+    pub async fn create_namespace(&self, name: String) -> Result<()> {
+        let namespace_api: Api<Namespace> = Api::all(self.client.clone());
+        namespace_api
+            .create(
+                &PostParams::default(),
+                &Namespace {
+                    metadata: ObjectMeta {
+                        name: Some(name),
+                        ..Default::default()
+                    },
+                    ..Default::default()
+                },
+            )
+            .await
+            .context(KubeSnafu)?;
+
+        Ok(())
+    }
+
+    /// Creates a [`Namespace`] only if not already present in the current cluster.
+    pub async fn create_namespace_if_needed(&self, name: String) -> Result<()> {
+        if self.get_namespace(&name).await?.is_none() {
+            self.create_namespace(name).await?
+        }
+
+        Ok(())
+    }
+
+    /// Extracts the [`GroupVersionKind`] from [`TypeMeta`].
     fn gvk_of_typemeta(type_meta: &TypeMeta) -> GroupVersionKind {
         match type_meta.api_version.split_once('/') {
             Some((group, version)) => GroupVersionKind::gvk(group, version, &type_meta.kind),

extra/completions/stackablectl.fish

@@ -1,11 +1,17 @@
 use serde::{Deserialize, Serialize};
+use snafu::{ResultExt, Snafu};
 
 #[cfg(feature = "openapi")]
 use utoipa::ToSchema;
 
 use crate::{
     common::ManifestSpec,
+    platform::{
+        release::ReleaseList,
+        stack::{StackError, StackList},
+    },
     utils::params::{Parameter, RawParameter, RawParameterParseError},
+    xfer::FileTransferClient,
 };
 
 pub type RawDemoParameterParseError = RawParameterParseError;
@@ -24,6 +30,11 @@ pub struct DemoSpecV2 {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub documentation: Option<String>,
 
+    /// Supported namespaces this demo can run in. An empty list indicates that
+    /// the demo can run in any namespace.
+    #[serde(default)]
+    pub supported_namespaces: Vec<String>,
+
     /// The name of the underlying stack
     #[serde(rename = "stackableStack")]
     pub stack: String,
@@ -40,3 +51,82 @@ pub struct DemoSpecV2 {
     #[serde(default)]
     pub parameters: Vec<Parameter>,
 }
+
+#[derive(Debug, Snafu)]
+pub enum DemoError {
+    #[snafu(display("no stack with name '{name}'"))]
+    NoSuchStack { name: String },
+
+    #[snafu(display("stack error"))]
+    StackError { source: StackError },
+
+    #[snafu(display("cannot install demo in namespace '{requested}', only '{}' supported", supported.join(", ")))]
+    UnsupportedNamespace {
+        requested: String,
+        supported: Vec<String>,
+    },
+}
+
+impl DemoSpecV2 {
+    #[allow(clippy::too_many_arguments)]
+    pub async fn install(
+        &self,
+        stack_list: StackList,
+        release_list: ReleaseList,
+        operator_namespace: &str,
+        product_namespace: &str,
+        stack_parameters: &[String],
+        demo_parameters: &[String],
+        transfer_client: &FileTransferClient,
+        skip_release: bool,
+    ) -> Result<(), DemoError> {
+        // Returns an error if the demo doesn't support to be installed in the
+        // requested namespace
+        if !self.supports_namespace(product_namespace) {
+            return Err(DemoError::UnsupportedNamespace {
+                requested: product_namespace.to_string(),
+                supported: self.supported_namespaces.clone(),
+            });
+        }
+
+        // Get the stack spec based on the name defined in the demo spec
+        let stack_spec = stack_list.get(&self.stack).ok_or(DemoError::NoSuchStack {
+            name: self.stack.clone(),
+        })?;
+
+        // Install the stack
+        stack_spec
+            .install(
+                release_list,
+                operator_namespace,
+                product_namespace,
+                skip_release,
+            )
+            .context(StackSnafu)?;
+
+        // Install stack manifests
+        stack_spec
+            .install_stack_manifests(stack_parameters, product_namespace, transfer_client)
+            .await
+            .context(StackSnafu)?;
+
+        // Install demo manifests
+        stack_spec
+            .install_demo_manifests(
+                &self.manifests,
+                &self.parameters,
+                demo_parameters,
+                product_namespace,
+                transfer_client,
+            )
+            .await
+            .context(StackSnafu)?;
+
+        Ok(())
+    }
+
+    fn supports_namespace(&self, namespace: impl Into<String>) -> bool {
+        self.supported_namespaces.is_empty()
+            || self.supported_namespaces.contains(&namespace.into())
+    }
+}

extra/man/stackablectl.1

@@ -1,4 +1,5 @@
 pub mod demo;
+pub mod namespace;
 pub mod operator;
 pub mod product;
 pub mod release;

rust/stackable-cockpit/src/constants.rs

@@ -0,0 +1,30 @@
+use snafu::{ResultExt, Snafu};
+
+use crate::kube::{KubeClient, KubeClientError};
+
+#[derive(Debug, Snafu)]
+pub enum NamespaceError {
+    #[snafu(display("kubernetes client error"))]
+    KubeClientError { source: KubeClientError },
+
+    #[snafu(display("permission denied - try to create the namespace manually or choose an already existing one to which you have access to"))]
+    PermissionDenied,
+}
+
+/// Creates a namespace with `name` if needed (not already present in the
+/// cluster).
+pub async fn create_if_needed(name: String) -> Result<(), NamespaceError> {
+    let client = KubeClient::new().await.context(KubeClientSnafu)?;
+    client
+        .create_namespace_if_needed(name)
+        .await
+        .map_err(|err| match err {
+            KubeClientError::KubeError { source } => match source {
+                kube::Error::Api(err) if err.code == 401 => NamespaceError::PermissionDenied,
+                _ => NamespaceError::KubeClientError {
+                    source: KubeClientError::KubeError { source },
+                },
+            },
+            _ => NamespaceError::KubeClientError { source: err },
+        })
+}