Add option select-any for deployTask and globalDeployTask

[peiranliushop]

Related PR: https://github.com/Shopify/gkrane-config/pull/45

What are you trying to accomplish with this PR?
Currently option --selector for sub command krane deploy and krane global-deploy will cause validation failure if any k8s resources in templates (--filenames) does not match the label selectors. This will cause problems when we want to deploy a subset of k8s resources.

How is this accomplished?
Adding a new option selector-as-filter in boolean with default value of false. If set to true, selector validation will be skipped. Only resources with matching labels will be deployed and be prunable.
This allows us to deploy none or a subset of resources. It will help us to address canary and production deploy where the 2 sets of resources share the same namespace and same templates file directory.

What could go wrong?
The new option has default value of false, which will not change current selector behaviour. Therefore it should be backward compatible. This is not a breaking change.

krane help deploy                                                                                                                                                                                                   
Usage:
  krane deploy NAMESPACE CONTEXT

Options:
  f, [--filenames=config/deploy/production config/deploy/my-extra-resource.yml]  # Directories and files that contains the configuration to apply
      [--stdin], [--no-stdin]                                                    # [DEPRECATED] Read resources from stdin
      [--global-timeout=duration]                                                # Max duration to monitor workloads correctly deployed
                                                                                 # Default: 300s
      [--protected-namespaces=namespace1 namespace2 namespaceN]                  # Enable deploys to a list of selected namespaces; set to an empty string to disable
                                                                                 # Default: ["default", "kube-system", "kube-public"]
      [--prune], [--no-prune]                                                    # Enable deletion of resources that do not appear in the template dir
                                                                                 # Default: true
      [--selector='label=value']                                                 # Select workloads by selector(s)
      [--selector-as-filter], [--no-selector-as-filter]                          # Use --selector as a label filter to select a subset of resources to deploy
      [--verbose-log-prefix], [--no-verbose-log-prefix]                          # Add [context][namespace] to the log prefix
      [--verify-result], [--no-verify-result]                                    # Verify workloads correctly deployed
                                                                                 # Default: true

krane help global-deploy                                                                                                                                                                                             
Usage:
  krane global-deploy CONTEXT --selector='label=value'

Options:
  f, [--filenames=config/deploy/production config/deploy/my-extra-resource.yml]  # Directories and files that contains the configuration to apply
      [--stdin], [--no-stdin]                                                    # [DEPRECATED] Read resources from stdin
      [--global-timeout=duration]                                                # Max duration to monitor workloads correctly deployed
                                                                                 # Default: 300s
      [--verify-result], [--no-verify-result]                                    # Verify workloads correctly deployed
                                                                                 # Default: true
      --selector='label=value'                                                   # Select workloads owned by selector(s)
      [--selector-as-filter], [--no-selector-as-filter]                          # Use --selector as a label filter to select a subset of resources to deploy
      [--prune], [--no-prune]                                                    # Enable deletion of resources that match the provided selector and do not appear in the provided templates

[timothysmith0609]

As discussed in Slack, perhaps a more appropriate name for this flag is selector-as-filter or something equally explicit that denotes the fact we are selecting a subset of the passed-in resources.

If this indeed is the most straightforward solution then I won't block it, but I strongly urge you to consider other ways in which we can accomplish this goal (e.g. filtering the resources before passing them to krane). I find it a bit unpalatable to have an option that discards some of the resources that are explicitly passed in by the user (via the -f / --filename flag). It is vastly more preferable to pass in only those files desired for deploy, rather than filter post hoc. I feel this also blurs the line on what the selector flag actually does. Contrary to what one might assume (via kubectl), in krane, the selector flag allows targeted pruning of resources, which is useful in the case where a namespace is shared between deploy stacks. Changing the semantics to suggest actual selection of resources, while a natural evolution, is somewhat orthogonal to this aim.

Again, I won't block if it's decided that this is indeed the best way forward, but it's not my first choice.

cc @karanthukral interested to know your thoughts as one of the other krane maintainers

[karanthukral]

After some discussion on slack, I understand the concerns around adding this as a feature to Krane but at the same time think its a valid trade off. I agree with the more explicit naming approach and setting the new feature to false by default which preserves the existing behaviour.

The deploy tooling internally is built to not care about what it's actually deploying and we don't have an appropriate area to add the extra logic prior to templates being passed to Krane. Due to this I think despite this not being the most ideal approach, it's a valid tradeoff given the requirements and constraints the team is under.

[timothysmith0609]

A few small nits, overall the code looks fine. We should update the README to be a bit more explicit about this feature, since it's a bit of a special case whose use isn't immediately clear. In particular, we should be crystal clear about its intent (see readme suggestions). We should also explain that it preserves the pruning behaviour of selector as well.

[timothysmith0609]

nit/suggestion:

Suggested change

	- `--selector-as-filter`: Instructs krane to only deploy resources that are filtered by the specified labels in `--selector`. The deploy will not fail if not all resources match the labels.
	- `--selector-as-filter`: Instructs krane to only deploy resources that are filtered by the specified labels in `--selector`. The deploy will not fail if not all resources match the labels. This is useful if you only want to deploy a subset of resources within a given YAML file.

[timothysmith0609]

nit/suggestion:

Suggested change

	- `--selector-as-filter`: Instructs krane to only deploy resources that are filtered by the specified labels in `--selector`. The deploy will not fail if not all resources match the labels.
	- `--selector-as-filter`: Instructs krane to only deploy resources that are filtered by the specified labels in `--selector`. The deploy will not fail if not all resources match the labels. This is useful if you only want to deploy a subset of resources within a given YAML file.

[timothysmith0609]

Suggested change

	desc: "Use --selector as a label filter to select a subset of resources to deploy",
	desc: "Use --selector as a label filter to deploy only a subset of the provided resources to deploy",

[timothysmith0609]

Suggested change

	desc: "Use --selector as a label filter to select a subset of resources to deploy",
	desc: "Use --selector as a label filter to deploy only a subset of the provided resources to deploy",

[peiranliushop]

A few small nits, overall the code looks fine. We should update the README to be a bit more explicit about this feature, since it's a bit of a special case whose use isn't immediately clear. In particular, we should be crystal clear about its intent (see readme suggestions). We should also explain that it preserves the pruning behaviour of selector as well.

Added some explanation in README Sharing Namespace.

[timothysmith0609]

nit: valiation -> validation

[timothysmith0609]

Thanks for updating the docs. I have a few more minor comments but nothing too major.

[timothysmith0609]

Usually I make a dedicated branch when bumping the version, so I can tie up any loose ends that are around just in case. For now, let's put this back to 2.1.10 and I can cut a release when this merges

[peiranliushop]

ok, I reverted the version here. Not sure if you want me to keep the update in CHANGELOG.md.

[timothysmith0609]

The CHANGELOG entry is fine (and appreciated!)

[timothysmith0609]

Any reason we can't move this up before we call validate_definition on the resources? That way validate_definition doesn't need to worry about whether or not selector_as_filter is set.

e.g.

resources.select! { |r| r.selected?(@selector) } if @selector_as_filter
Concurrency.split_across_threads(resources) do |r|
  r.validate_definition(kubectl: @kubectl, selector: @selector)
end

This would be nicer because otherwise we are leaking the filtering concern into kubernetes_resource.

[timothysmith0609]

One last nit, but I think this is good

[timothysmith0609]

Perhaps something a bit more explicit:

Suggested change

	@logger.info("Can deploy a subset of resources") if @selector && @selector_as_filter
	@logger.info("Only deploying resources that match filter: #{@selector_as_filter}") if @selector && @selector_as_filter