add create and delete namespace to runtime (#1965)

* add create and delete namespace to runtime

* dial down aggressive expiry

* add logging

* fix deletenamespace

* add start of k8s unit tests

* fix workflow

* turn on k8s tests

* ease tight tests

* mkdir in workflow

* dammit -p

* setup folder

runtime/kubernetes/kubernetes.go

@@ -435,7 +435,7 @@ func (k *kubernetes) Create(s *runtime.Service, opts ...runtime.CreateOption) er
 		if exist, err := k.namespaceExists(namespace); err == nil && !exist {
 			if err := k.createNamespace(namespace); err != nil {
 				if logger.V(logger.WarnLevel, logger.DefaultLogger) {
-					logger.Warnf("Error creating namespacr %v: %v", namespace, err)
+					logger.Warnf("Error creating namespace %v: %v", namespace, err)
 				}
 				return err
 			}
@@ -712,3 +712,35 @@ func credentialsName(service *runtime.Service) string {
 	name := fmt.Sprintf("%v-%v-credentials", service.Name, service.Version)
 	return client.SerializeResourceName(name)
 }
+
+func (k *kubernetes) CreateNamespace(ns string) error {
+	err := k.client.Create(&client.Resource{
+		Kind: "namespace",
+		Value: client.Namespace{
+			Metadata: &client.Metadata{
+				Name: ns,
+			},
+		},
+	})
+	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Errorf("Error creating namespace %v: %v", ns, err)
+		}
+	}
+	return err
+}
+
+func (k *kubernetes) DeleteNamespace(ns string) error {
+	err := k.client.Delete(&client.Resource{
+		Kind: "namespace",
+		Name: ns,
+	})
+	if err != nil {
+		if err != nil {
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Errorf("Error deleting namespace %v: %v", ns, err)
+			}
+		}
+	}
+	return err
+}

runtime/kubernetes/kubernetes_test.go

@@ -0,0 +1,81 @@
+// +build kubernetes
+
+package kubernetes
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+	"testing"
+)
+
+func setupClient(t *testing.T) {
+	files := []string{"token", "ca.crt"}
+	for _, f := range files {
+		cmd := exec.Command("kubectl", "get", "secrets", "-o",
+			fmt.Sprintf(`jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='micro-runtime')].data.%s}"`,
+				strings.ReplaceAll(f, ".", "\\.")))
+		if outp, err := cmd.Output(); err != nil {
+			t.Fatalf("Failed to set k8s token %s", err)
+		} else {
+			outq := outp[1 : len(outp)-1]
+			decoded, err := base64.StdEncoding.DecodeString(string(outq))
+			if err != nil {
+				t.Fatalf("Failed to set k8s token %s '%s'", err, outq)
+			}
+			if err := ioutil.WriteFile("/var/run/secrets/kubernetes.io/serviceaccount/"+f, decoded, 0755); err != nil {
+				t.Fatalf("Error setting up k8s %s", err)
+			}
+		}
+
+	}
+	outp, err := exec.Command("kubectl", "config", "view", "-o", `jsonpath='{.clusters[?(@.name=="kind-kind")].cluster.server}'`).Output()
+	if err != nil {
+		t.Fatalf("Cannot find server for kind %s", err)
+	}
+	serverHost := string(outp)
+
+	split := strings.Split(serverHost[9:len(serverHost)-1], ":")
+	os.Setenv("KUBERNETES_SERVICE_HOST", split[0])
+	os.Setenv("KUBERNETES_SERVICE_PORT", split[1])
+
+}
+
+func TestNamespaceCreateDelete(t *testing.T) {
+	defer func() {
+		exec.Command("kubectl", "delete", "namespace", "foobar").Run()
+	}()
+	setupClient(t)
+	r := NewRuntime()
+	if err := r.CreateNamespace("foobar"); err != nil {
+		t.Fatalf("Unexpected error creating namespace %s", err)
+	}
+
+	if !namespaceExists(t, "foobar") {
+		t.Fatalf("Namespace foobar not found")
+	}
+	if err := r.DeleteNamespace("foobar"); err != nil {
+		t.Fatalf("Unexpected error deleting namespace %s", err)
+	}
+	if namespaceExists(t, "foobar") {
+		t.Fatalf("Namespace foobar still exists")
+	}
+}
+
+func namespaceExists(t *testing.T, ns string) bool {
+	cmd := exec.Command("kubectl", "get", "namespaces")
+	outp, err := cmd.Output()
+	if err != nil {
+		t.Fatalf("Unexpected error listing namespaces %s", err)
+	}
+	exists, err := regexp.Match(ns+"\\s+Active", outp)
+	if err != nil {
+		t.Fatalf("Error listing namespaces %s", err)
+	}
+	return exists
+
+}

runtime/kubernetes/test/test.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: micro-runtime
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: micro-runtime
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/log
+      - services
+      - secrets
+      - namespaces
+    verbs:
+      - get
+      - create
+      - update
+      - delete
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - "apps"
+    resources:
+      - deployments
+    verbs:
+      - create
+      - update
+      - delete
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+      - pods
+      - pods/logs
+    verbs:
+      - get
+      - watch
+      - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: micro-runtime
+subjects:
+  - kind: ServiceAccount
+    name: micro-runtime
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: micro-runtime
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: micro-runtime
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: micro-runtime
+subjects:
+  - kind: ServiceAccount
+    name: micro-runtime

runtime/local/local.go

@@ -678,3 +678,13 @@ func Entrypoint(dir string) (string, error) {
 		return "", errors.New("More than one entrypoint found")
 	}
 }
+
+func (r *localRuntime) CreateNamespace(ns string) error {
+	// noop
+	return nil
+}
+
+func (r *localRuntime) DeleteNamespace(ns string) error {
+	// noop
+	return nil
+}

runtime/runtime.go

@@ -30,6 +30,10 @@ type Runtime interface {
 	Stop() error
 	// String describes runtime
 	String() string
+	// CreateNamespace creates a new namespace in the runtime
+	CreateNamespace(string) error
+	// DeleteNamespace deletes a namespace in the runtime
+	DeleteNamespace(string) error
 }
 
 // Logs returns a log stream