Add support for progress conditions on deployments

[karanthukral]

What?

• Resolves Enable per-resource timeout overrides via an annotation #63
• Adds support for progressDeadlineSeconds for deployments
• If a deployment template has spec.progressDeadlineSeconds defined, the deployment class will use the Progressing condition to evaluate timeout instead of the one defined for the class

What needs to be improved?

• The test is still a work in progress

• In order to replicate the case of overriding the timeout and causing a deploy to fail, I tried to use an invalid image, or an image with an invalid entrypoint. In either case, kubernetes-deploy fails the deploy due to detecting unrecoverable states.

• The current test attempts to deploy 10 nginx containers with a 2 second progressDeadlineSeconds with a minReadySeconds set to 1 second. This causes the deploy to time out.

• Fixed the test by creating a simple busy box container that simply sleeps and the test deployment adds a readiness probe to run ls with a progressDeadlineSeconds of 2 seconds which causes the deployment to timeout.

• Open to suggestions if there is a better way to write this test

[karanthukral]

cc/ @Shopify/cloudplatform

[karanthukral]

The following events keep the deployment "progressing"

Kubernetes marks a Deployment as progressing when one of the following tasks is performed:
- The Deployment creates a new ReplicaSet.
- The Deployment is scaling up its newest ReplicaSet.
- The Deployment is scaling down its older ReplicaSet(s).
- New Pods become ready or available (ready for at least MinReadySeconds).

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

[KnVerey]

We should also make sure the deploy output is clear about what happened in the case of a progress-based timeout, whether that's by including something in @status or maybe a custom prefix on the timeout_message.

[KnVerey]

This will set @progress to nil if the Progressing condition isn't last.

[KnVerey]

Since there isn't a default value for this (i.e. if it isn't set in the template, it won't be set ever), we can look at @definition["spec"]["progressDeadlineSeconds"] for this instead of querying the API. As a rule, I try to keep all API queries inside the sync method. This reduces the number of overall calls (since e.g. deploy_succeeded? might get called a bunch of times in a row), and also makes sure we keep a consistent view of the cluster within a given polling cycle.

EDIT: In the end I don't think we should override this anyway (see my other comment).

[KnVerey]

If they had progressDeadlineSeconds in their spec but the status condition is missing, we'd fail the deploy with a very short timeout. That's probably not what we want. I'm thinking what you have right here is correct--if the status condition failed, time out without bothering to look at the actual progressDeadlineSeconds number. However, IMO the class-level hard timeout that kicks in if the condition is missing should retain its normal definition.

[karanthukral]

I am not entirely sure what you mean here? The current logic falls back to the default logic if the progress condition does not exist. Isn't that what we want?

[KnVerey]

Sorry, I probably should have commented on def timeout instead. I was trying to say we should remove that override so that it always uses TIMEOUT. Here's an example of the scenario I'm worried about:

• spec.progressDeadlineSeconds is set to a low value, e.g. 30s
• the deployment has a ton of pods and a conservative rollout strategy, so it takes, say, 5min to finish
• partway through, for whatever reason, we don't observe the status condition (so @progress becomes nil)
• deploy_timed_out? sees @progress == nil and uses super, which thinks the timeout is 30s
• deploy times out even though it was still progressing, which is what we're trying to avoid with this feature

Of course landing in the super when progressDeadlineSeconds was set would be unexpected. But what I'm trying to say is if that happens for some reason, I think the sane behaviour would be to use the global timeout.

[karanthukral]

I'll remove the def timeout override 👍

[KnVerey]

Would the test/fixtures/long-running/undying-deployment.yml.erb fixture work for this? It just sleeps, and you can modify it to add the progressDeadlineSeconds by using the block form of deploy_fixtures.

[karanthukral]

So I tried this and was able to add the progressDeadlineSeconds into the spec but adding a readinessProbe is not as easy. We need a readinessProbe so that the container fails the ready check causing the timeout

EDIT: nvm figured it out

[KnVerey]

Oh true, I probably should have suggested test/fixtures/invalid/bad_probe.yml instead.

[karanthukral]

@KnVerey made the changes you recommended except the one question. The tests started failing with:

KubernetesDeployTest#test_deploy_result_logging_for_mixed_result_deploy:
  | RuntimeError: can't modify frozen String

Have you ever seen that before or have any ideas why this could be happening after I wrote the timeout_message method in deployment.rb

EDIT: Figured it out, fixing it

[KnVerey]

I think this could be shortened to:
@progress = deployment_data["status"]["conditions"].find { |condition| condition['type'] == 'Progressing' }

[KnVerey]

Sorry, I probably should have commented on def timeout instead. I was trying to say we should remove that override so that it always uses TIMEOUT. Here's an example of the scenario I'm worried about:

• spec.progressDeadlineSeconds is set to a low value, e.g. 30s
• the deployment has a ton of pods and a conservative rollout strategy, so it takes, say, 5min to finish
• partway through, for whatever reason, we don't observe the status condition (so @progress becomes nil)
• deploy_timed_out? sees @progress == nil and uses super, which thinks the timeout is 30s
• deploy times out even though it was still progressing, which is what we're trying to avoid with this feature

Of course landing in the super when progressDeadlineSeconds was set would be unexpected. But what I'm trying to say is if that happens for some reason, I think the sane behaviour would be to use the global timeout.

[KnVerey]

Oh true, I probably should have suggested test/fixtures/invalid/bad_probe.yml instead.

[karanthukral]

cc/ @ibawt

[ibawt]

code LGTM, I'll just have to whip this on core and see what happens I think.

[ibawt]

cc @dwradcliffe this is how we can avoid bumping the global timeout for deployments/services

[karanthukral]

@KnVerey can I get a 👍 on the final changes?