From 1e19742ec513bb6e5774bb343431ff31151e9171 Mon Sep 17 00:00:00 2001 From: Gabe Alford Date: Mon, 30 Oct 2023 16:24:18 -0600 Subject: [PATCH] feat: add resources to initContainer and cleanup --- internal/controller/assets/daemonset.go | 47 +++++++++++++++++-- internal/controller/assets/daemonset_test.go | 49 ++++++++++++++++++-- 2 files changed, 88 insertions(+), 8 deletions(-) diff --git a/internal/controller/assets/daemonset.go b/internal/controller/assets/daemonset.go index 5fc25d02..aeea41e7 100644 --- a/internal/controller/assets/daemonset.go +++ b/internal/controller/assets/daemonset.go @@ -267,6 +267,19 @@ func Daemonset(dsName, image, serviceAccount string, node *falconv1alpha1.Falcon Command: common.FalconShellCommand, Args: initArgs(node), VolumeMounts: volumeMounts(node, "falconstore-hostdir"), + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Requests: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Claims: []corev1.ResourceClaim{}, + }, SecurityContext: &corev1.SecurityContext{ Privileged: &privileged, RunAsUser: &runAsRoot, @@ -355,6 +368,19 @@ func RemoveNodeDirDaemonset(dsName, image, serviceAccount string, node *falconv1 Image: image, Command: common.FalconShellCommand, Args: cleanupArgs(node), + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Requests: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Claims: []corev1.ResourceClaim{}, + }, SecurityContext: &corev1.SecurityContext{ Privileged: &privileged, RunAsUser: &runAsRoot, @@ -368,15 +394,28 @@ func RemoveNodeDirDaemonset(dsName, image, serviceAccount string, node *falconv1 ServiceAccountName: serviceAccount, Containers: []corev1.Container{ { + Name: "cleanup-sleep", + Image: image, + Command: common.FalconShellCommand, + Args: common.CleanupSleep(), + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Requests: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Claims: []corev1.ResourceClaim{}, + }, SecurityContext: &corev1.SecurityContext{ Privileged: &nonPrivileged, ReadOnlyRootFilesystem: &readOnlyFs, AllowPrivilegeEscalation: &allowEscalation, }, - Name: "cleanup-sleep", - Image: image, - Command: common.FalconShellCommand, - Args: common.CleanupSleep(), }, }, Volumes: volumesCleanup(node), diff --git a/internal/controller/assets/daemonset_test.go b/internal/controller/assets/daemonset_test.go index da4260e6..1a7ebe68 100644 --- a/internal/controller/assets/daemonset_test.go +++ b/internal/controller/assets/daemonset_test.go @@ -8,6 +8,7 @@ import ( "github.com/google/go-cmp/cmp" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" ) @@ -231,6 +232,19 @@ func TestDaemonset(t *testing.T) { Image: image, Command: common.FalconShellCommand, Args: initArgs(&falconNode), + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Requests: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Claims: []corev1.ResourceClaim{}, + }, SecurityContext: &corev1.SecurityContext{ Privileged: &privileged, RunAsUser: &runAsRoot, @@ -272,6 +286,7 @@ func TestDaemonset(t *testing.T) { MountPath: common.FalconStoreFile, }, }, + Resources: dsResources(&falconNode), }, }, Volumes: []corev1.Volume{ @@ -349,6 +364,19 @@ func TestRemoveNodeDirDaemonset(t *testing.T) { Image: image, Command: common.FalconShellCommand, Args: cleanupArgs(&falconNode), + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Requests: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Claims: []corev1.ResourceClaim{}, + }, SecurityContext: &corev1.SecurityContext{ Privileged: &privileged, RunAsUser: &runAsRoot, @@ -366,15 +394,28 @@ func TestRemoveNodeDirDaemonset(t *testing.T) { ServiceAccountName: common.NodeServiceAccountName, Containers: []corev1.Container{ { + Name: "cleanup-sleep", + Image: image, + Command: common.FalconShellCommand, + Args: common.CleanupSleep(), + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Requests: corev1.ResourceList{ + "cpu": resource.MustParse("10m"), + "ephemeral-storage": resource.MustParse("10Mi"), + "memory": resource.MustParse("50Mi"), + }, + Claims: []corev1.ResourceClaim{}, + }, SecurityContext: &corev1.SecurityContext{ Privileged: &nonPrivileged, ReadOnlyRootFilesystem: &readOnlyFs, AllowPrivilegeEscalation: &allowEscalation, }, - Name: "cleanup-sleep", - Image: image, - Command: common.FalconShellCommand, - Args: common.CleanupSleep(), }, }, Volumes: []corev1.Volume{