1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package controller
16
17 import (
18 "fmt"
19
20 customizev1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/operator/pkg/apis/core/customize/v1alpha1"
21
22 corev1 "k8s.io/api/core/v1"
23 "k8s.io/apimachinery/pkg/api/resource"
24 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
25 )
26
27 var (
28 ControllerResourceCRForControllerManager = &customizev1alpha1.ControllerResource{
29 ObjectMeta: metav1.ObjectMeta{
30 Name: "cnrm-controller-manager",
31 },
32 Spec: customizev1alpha1.ControllerResourceSpec{
33 Containers: []customizev1alpha1.ContainerResourceSpec{
34 {
35 Name: "manager",
36 Resources: corev1.ResourceRequirements{
37 Limits: corev1.ResourceList{
38 corev1.ResourceCPU: resource.MustParse("400m"),
39 },
40 Requests: corev1.ResourceList{
41 corev1.ResourceMemory: resource.MustParse("512Mi"),
42 },
43 },
44 },
45 },
46 },
47 }
48 ControllerResourceCRForWebhookManager = &customizev1alpha1.ControllerResource{
49 ObjectMeta: metav1.ObjectMeta{
50 Name: "cnrm-webhook-manager",
51 },
52 Spec: customizev1alpha1.ControllerResourceSpec{
53 Containers: []customizev1alpha1.ContainerResourceSpec{
54 {
55 Name: "webhook",
56 Resources: corev1.ResourceRequirements{
57 Limits: corev1.ResourceList{
58 corev1.ResourceMemory: resource.MustParse("512Mi"),
59 },
60 Requests: corev1.ResourceList{
61 corev1.ResourceMemory: resource.MustParse("256Mi"),
62 },
63 },
64 },
65 },
66 },
67 }
68 )
69
70 var (
71 nonExistingControllerName = "controller-does-not-exist"
72 ControllerResourceCRForNonExistingController = &customizev1alpha1.ControllerResource{
73 ObjectMeta: metav1.ObjectMeta{
74 Name: nonExistingControllerName,
75 },
76 Spec: customizev1alpha1.ControllerResourceSpec{
77 Containers: []customizev1alpha1.ContainerResourceSpec{},
78 },
79 }
80 ErrNonExistingController = fmt.Sprintf("resource customization for controller %s is not supported", nonExistingControllerName)
81 )
82
83 var (
84 nonExistingContainerName = "recorder"
85 ControllerResourceCRForNonExistingContainer = &customizev1alpha1.ControllerResource{
86 ObjectMeta: metav1.ObjectMeta{
87 Name: "cnrm-controller-manager",
88 },
89 Spec: customizev1alpha1.ControllerResourceSpec{
90 Containers: []customizev1alpha1.ContainerResourceSpec{
91 {
92 Name: nonExistingContainerName,
93 },
94 },
95 },
96 }
97 ErrNonExistingContainer = fmt.Sprintf("failed to apply customization cnrm-controller-manager: resource customization failed for the following containers because there are no matching containers in the manifest: %s", nonExistingContainerName)
98 )
99
100 var ClusterModeComponents = []string{`
101 apiVersion: v1
102 kind: ServiceAccount
103 metadata:
104 annotations:
105 iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
106 name: cnrm-controller-manager
107 namespace: cnrm-system
108 `, `
109 apiVersion: v1
110 kind: Service
111 metadata:
112 name: cnrm-manager
113 namespace: cnrm-system
114 spec:
115 ports:
116 - name: controller-manager
117 port: 443
118 - name: metrics
119 port: 8888
120 selector:
121 cnrm.cloud.google.com/component: cnrm-controller-manager
122 cnrm.cloud.google.com/system: "true"
123 `, `
124 apiVersion: apps/v1
125 kind: StatefulSet
126 metadata:
127 labels:
128 cnrm.cloud.google.com/component: cnrm-controller-manager
129 cnrm.cloud.google.com/system: "true"
130 name: cnrm-controller-manager
131 namespace: cnrm-system
132 spec:
133 selector:
134 matchLabels:
135 cnrm.cloud.google.com/component: cnrm-controller-manager
136 cnrm.cloud.google.com/system: "true"
137 serviceName: cnrm-manager
138 template:
139 metadata:
140 labels:
141 cnrm.cloud.google.com/component: cnrm-controller-manager
142 cnrm.cloud.google.com/system: "true"
143 spec:
144 containers:
145 - args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
146 command: ["/configconnector/manager"]
147 image: gcr.io/gke-release/cnrm/controller:4af93f1
148 name: manager
149 resources:
150 limits:
151 cpu: 200m
152 requests:
153 memory: 256Mi
154 - command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
155 image: gke.gcr.io/prometheus-to-sd:v0.9.1
156 name: prom-to-sd
157 `, `
158 apiVersion: apps/v1
159 kind: Deployment
160 metadata:
161 labels:
162 cnrm.cloud.google.com/component: cnrm-webhook-manager
163 cnrm.cloud.google.com/system: "true"
164 name: cnrm-webhook-manager
165 namespace: cnrm-system
166 spec:
167 revisionHistoryLimit: 1
168 selector:
169 matchLabels:
170 cnrm.cloud.google.com/component: cnrm-webhook-manager
171 cnrm.cloud.google.com/system: "true"
172 template:
173 metadata:
174 labels:
175 cnrm.cloud.google.com/component: cnrm-webhook-manager
176 cnrm.cloud.google.com/system: "true"
177 spec:
178 containers:
179 - command:
180 - /configconnector/webhook
181 env:
182 - name: NAMESPACE
183 valueFrom:
184 fieldRef:
185 fieldPath: metadata.namespace
186 image: gcr.io/gke-release/cnrm/webhook:54aab28
187 imagePullPolicy: Always
188 name: webhook
189 ports:
190 - containerPort: 23232
191 readinessProbe:
192 httpGet:
193 path: /ready
194 port: 23232
195 initialDelaySeconds: 7
196 periodSeconds: 3
197 resources:
198 limits:
199 memory: 128Mi
200 requests:
201 cpu: 250m
202 memory: 128Mi
203 securityContext:
204 allowPrivilegeEscalation: false
205 privileged: false
206 runAsNonRoot: true
207 runAsUser: 1000
208 enableServiceLinks: false
209 serviceAccountName: cnrm-webhook-manager
210 terminationGracePeriodSeconds: 10
211 `}
212
213
214
215 var ClusterModeComponentsWithCustomizedControllerManager = []string{`
216 apiVersion: v1
217 kind: ServiceAccount
218 metadata:
219 annotations:
220 iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
221 name: cnrm-controller-manager
222 namespace: cnrm-system
223 `, `
224 apiVersion: v1
225 kind: Service
226 metadata:
227 name: cnrm-manager
228 namespace: cnrm-system
229 spec:
230 ports:
231 - name: controller-manager
232 port: 443
233 - name: metrics
234 port: 8888
235 selector:
236 cnrm.cloud.google.com/component: cnrm-controller-manager
237 cnrm.cloud.google.com/system: "true"
238 `, `
239 apiVersion: apps/v1
240 kind: StatefulSet
241 metadata:
242 labels:
243 cnrm.cloud.google.com/component: cnrm-controller-manager
244 cnrm.cloud.google.com/system: "true"
245 name: cnrm-controller-manager
246 namespace: cnrm-system
247 spec:
248 selector:
249 matchLabels:
250 cnrm.cloud.google.com/component: cnrm-controller-manager
251 cnrm.cloud.google.com/system: "true"
252 serviceName: cnrm-manager
253 template:
254 metadata:
255 labels:
256 cnrm.cloud.google.com/component: cnrm-controller-manager
257 cnrm.cloud.google.com/system: "true"
258 spec:
259 containers:
260 - args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
261 command: ["/configconnector/manager"]
262 image: gcr.io/gke-release/cnrm/controller:4af93f1
263 name: manager
264 resources:
265 limits:
266 cpu: 400m
267 requests:
268 memory: 512Mi
269 - command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
270 image: gke.gcr.io/prometheus-to-sd:v0.9.1
271 name: prom-to-sd
272 `, `
273 apiVersion: apps/v1
274 kind: Deployment
275 metadata:
276 labels:
277 cnrm.cloud.google.com/component: cnrm-webhook-manager
278 cnrm.cloud.google.com/system: "true"
279 name: cnrm-webhook-manager
280 namespace: cnrm-system
281 spec:
282 revisionHistoryLimit: 1
283 selector:
284 matchLabels:
285 cnrm.cloud.google.com/component: cnrm-webhook-manager
286 cnrm.cloud.google.com/system: "true"
287 template:
288 metadata:
289 labels:
290 cnrm.cloud.google.com/component: cnrm-webhook-manager
291 cnrm.cloud.google.com/system: "true"
292 spec:
293 containers:
294 - command:
295 - /configconnector/webhook
296 env:
297 - name: NAMESPACE
298 valueFrom:
299 fieldRef:
300 fieldPath: metadata.namespace
301 image: gcr.io/gke-release/cnrm/webhook:54aab28
302 imagePullPolicy: Always
303 name: webhook
304 ports:
305 - containerPort: 23232
306 readinessProbe:
307 httpGet:
308 path: /ready
309 port: 23232
310 initialDelaySeconds: 7
311 periodSeconds: 3
312 resources:
313 limits:
314 memory: 128Mi
315 requests:
316 cpu: 250m
317 memory: 128Mi
318 securityContext:
319 allowPrivilegeEscalation: false
320 privileged: false
321 runAsNonRoot: true
322 runAsUser: 1000
323 enableServiceLinks: false
324 serviceAccountName: cnrm-webhook-manager
325 terminationGracePeriodSeconds: 10
326 `}
327
328
329
330 var ClusterModeComponentsWithCustomizedWebhookManager = []string{`
331 apiVersion: v1
332 kind: ServiceAccount
333 metadata:
334 annotations:
335 iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
336 name: cnrm-controller-manager
337 namespace: cnrm-system
338 `, `
339 apiVersion: v1
340 kind: Service
341 metadata:
342 name: cnrm-manager
343 namespace: cnrm-system
344 spec:
345 ports:
346 - name: controller-manager
347 port: 443
348 - name: metrics
349 port: 8888
350 selector:
351 cnrm.cloud.google.com/component: cnrm-controller-manager
352 cnrm.cloud.google.com/system: "true"
353 `, `
354 apiVersion: apps/v1
355 kind: StatefulSet
356 metadata:
357 labels:
358 cnrm.cloud.google.com/component: cnrm-controller-manager
359 cnrm.cloud.google.com/system: "true"
360 name: cnrm-controller-manager
361 namespace: cnrm-system
362 spec:
363 selector:
364 matchLabels:
365 cnrm.cloud.google.com/component: cnrm-controller-manager
366 cnrm.cloud.google.com/system: "true"
367 serviceName: cnrm-manager
368 template:
369 metadata:
370 labels:
371 cnrm.cloud.google.com/component: cnrm-controller-manager
372 cnrm.cloud.google.com/system: "true"
373 spec:
374 containers:
375 - args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
376 command: ["/configconnector/manager"]
377 image: gcr.io/gke-release/cnrm/controller:4af93f1
378 name: manager
379 resources:
380 limits:
381 cpu: 200m
382 requests:
383 memory: 256Mi
384 - command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
385 image: gke.gcr.io/prometheus-to-sd:v0.9.1
386 name: prom-to-sd
387 `, `
388 apiVersion: apps/v1
389 kind: Deployment
390 metadata:
391 labels:
392 cnrm.cloud.google.com/component: cnrm-webhook-manager
393 cnrm.cloud.google.com/system: "true"
394 name: cnrm-webhook-manager
395 namespace: cnrm-system
396 spec:
397 revisionHistoryLimit: 1
398 selector:
399 matchLabels:
400 cnrm.cloud.google.com/component: cnrm-webhook-manager
401 cnrm.cloud.google.com/system: "true"
402 template:
403 metadata:
404 labels:
405 cnrm.cloud.google.com/component: cnrm-webhook-manager
406 cnrm.cloud.google.com/system: "true"
407 spec:
408 containers:
409 - command:
410 - /configconnector/webhook
411 env:
412 - name: NAMESPACE
413 valueFrom:
414 fieldRef:
415 fieldPath: metadata.namespace
416 image: gcr.io/gke-release/cnrm/webhook:54aab28
417 imagePullPolicy: Always
418 name: webhook
419 ports:
420 - containerPort: 23232
421 readinessProbe:
422 httpGet:
423 path: /ready
424 port: 23232
425 initialDelaySeconds: 7
426 periodSeconds: 3
427 resources:
428 limits:
429 memory: 512Mi
430 requests:
431 cpu: 250m
432 memory: 256Mi
433 securityContext:
434 allowPrivilegeEscalation: false
435 privileged: false
436 runAsNonRoot: true
437 runAsUser: 1000
438 enableServiceLinks: false
439 serviceAccountName: cnrm-webhook-manager
440 terminationGracePeriodSeconds: 10
441 `}
442
View as plain text