Skip to content

Commit

Permalink
feat: add resources to initContainer and cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@redhatrises
redhatrises committed Oct 30, 2023
1 parent ec073e4 commit 1e19742
Show file tree
Hide file tree
Showing 2 changed files with 88 additions and 8 deletions.
47 changes: 43 additions & 4 deletions internal/controller/assets/daemonset.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,19 @@ func Daemonset(dsName, image, serviceAccount string, node *falconv1alpha1.Falcon
Command: common.FalconShellCommand,
Args: initArgs(node),
VolumeMounts: volumeMounts(node, "falconstore-hostdir"),
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Requests: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Claims: []corev1.ResourceClaim{},
},
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
RunAsUser: &runAsRoot,
Expand Down Expand Up @@ -355,6 +368,19 @@ func RemoveNodeDirDaemonset(dsName, image, serviceAccount string, node *falconv1
Image: image,
Command: common.FalconShellCommand,
Args: cleanupArgs(node),
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Requests: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Claims: []corev1.ResourceClaim{},
},
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
RunAsUser: &runAsRoot,
Expand All @@ -368,15 +394,28 @@ func RemoveNodeDirDaemonset(dsName, image, serviceAccount string, node *falconv1
ServiceAccountName: serviceAccount,
Containers: []corev1.Container{
{
Name: "cleanup-sleep",
Image: image,
Command: common.FalconShellCommand,
Args: common.CleanupSleep(),
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Requests: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Claims: []corev1.ResourceClaim{},
},
SecurityContext: &corev1.SecurityContext{
Privileged: &nonPrivileged,
ReadOnlyRootFilesystem: &readOnlyFs,
AllowPrivilegeEscalation: &allowEscalation,
},
Name: "cleanup-sleep",
Image: image,
Command: common.FalconShellCommand,
Args: common.CleanupSleep(),
},
},
Volumes: volumesCleanup(node),
Expand Down
49 changes: 45 additions & 4 deletions internal/controller/assets/daemonset_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/google/go-cmp/cmp"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
)
Expand Down Expand Up @@ -231,6 +232,19 @@ func TestDaemonset(t *testing.T) {
Image: image,
Command: common.FalconShellCommand,
Args: initArgs(&falconNode),
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Requests: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Claims: []corev1.ResourceClaim{},
},
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
RunAsUser: &runAsRoot,
Expand Down Expand Up @@ -272,6 +286,7 @@ func TestDaemonset(t *testing.T) {
MountPath: common.FalconStoreFile,
},
},
Resources: dsResources(&falconNode),
},
},
Volumes: []corev1.Volume{
Expand Down Expand Up @@ -349,6 +364,19 @@ func TestRemoveNodeDirDaemonset(t *testing.T) {
Image: image,
Command: common.FalconShellCommand,
Args: cleanupArgs(&falconNode),
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Requests: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Claims: []corev1.ResourceClaim{},
},
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
RunAsUser: &runAsRoot,
Expand All @@ -366,15 +394,28 @@ func TestRemoveNodeDirDaemonset(t *testing.T) {
ServiceAccountName: common.NodeServiceAccountName,
Containers: []corev1.Container{
{
Name: "cleanup-sleep",
Image: image,
Command: common.FalconShellCommand,
Args: common.CleanupSleep(),
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Requests: corev1.ResourceList{
"cpu": resource.MustParse("10m"),
"ephemeral-storage": resource.MustParse("10Mi"),
"memory": resource.MustParse("50Mi"),
},
Claims: []corev1.ResourceClaim{},
},
SecurityContext: &corev1.SecurityContext{
Privileged: &nonPrivileged,
ReadOnlyRootFilesystem: &readOnlyFs,
AllowPrivilegeEscalation: &allowEscalation,
},
Name: "cleanup-sleep",
Image: image,
Command: common.FalconShellCommand,
Args: common.CleanupSleep(),
},
},
Volumes: []corev1.Volume{
Expand Down

0 comments on commit 1e19742

Please sign in to comment.