Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added resources field for kube-rbac-proxy container #360

Merged
merged 5 commits into from Sep 27, 2021
Merged

Added resources field for kube-rbac-proxy container #360

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
396bdaa
Added resources field for kube-rbac-proxy container
Sep 22, 2021
107f8cb
fix template generation for rbac proxy container resources
gernest Sep 24, 2021
b5cb3ea
set default resource limits for rbac proxy container
gernest Sep 24, 2021
d8a3371
added comment to specify the use of newly added rbac field
Sep 27, 2021
25ca31c
remove kubebuilder from ci
gernest Sep 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 0 additions & 4 deletions .github/workflows/ce.yaml
View file
Open in desktop
Expand Up @@ -13,10 +13,6 @@ jobs:
with:
wait: 2m
config: hack/kind.yaml
- name: install kubebuilder
uses: RyanSiu1995/kubebuilder-action@v1.1
with:
version: 2.3.1
- name: Install Go
uses: actions/setup-go@v2
with:
Expand Down
4 changes: 0 additions & 4 deletions .github/workflows/pro.yaml
View file
Open in desktop
Expand Up @@ -17,10 +17,6 @@ jobs:
wait: 2m
node_image: ${{ matrix.k8s }}
config: hack/kind.yaml
- name: install kubebuilder
uses: RyanSiu1995/kubebuilder-action@v1.1
with:
version: 2.3.1
- name: Install Go
uses: actions/setup-go@v2
with:
Expand Down
20 changes: 10 additions & 10 deletions config/default/manager_auth_proxy_patch.yaml
View file
Open in desktop
Expand Up @@ -9,13 +9,13 @@ spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
27 changes: 17 additions & 10 deletions config/helm/manager_auth_proxy_patch.yaml
View file
Open in desktop
Expand Up @@ -9,13 +9,20 @@ spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
resources:
limits:
cpu: 50m
memory: 20Mi
requests:
cpu: 50m
memory: 20Mi
14 changes: 14 additions & 0 deletions hack/helm/pre_helm.go
View file
Open in desktop
Expand Up @@ -13,6 +13,7 @@ func main() {
{envFrom, envFromTPL},
{envVars, envVarsTPL},
{resources, resourcesTPL},
{resourcesRBAC, resourcesRBACTPL},
{annotation, annotationTPL},
{securityContext, securityContextTPL},

Expand Down Expand Up @@ -74,6 +75,19 @@ const resourcesTPL = `{{- with .Values.resources }}
{{- toYaml . | nindent 10 }}
{{- end }}`

const resourcesRBAC = ` resources:
limits:
cpu: 50m
memory: 20Mi
requests:
cpu: 50m
memory: 20Mi`

const resourcesRBACTPL = `{{- with .Values.rbac.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}`

const securityContext = ` securityContext:
allowPrivilegeEscalation: false`
const securityContextTPL = `{{- with .Values.securityContext }}
Expand Down
4 changes: 4 additions & 0 deletions helm/templates/all.yaml
View file
Open in desktop
Expand Up @@ -403,6 +403,10 @@ spec:
ports:
- containerPort: 8443
name: https
{{- with .Values.rbac.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
securityContext:
runAsNonRoot: true
serviceAccountName: {{ include "tyk-operator-helm.fullname" . }}-controller-manager
Expand Down
20 changes: 12 additions & 8 deletions helm/values.yaml
View file
Open in desktop
@@ -1,14 +1,14 @@
replicaCount: 1

# loads enviroment variables to the operator.
replicaCount:
1
# loads enviroment variables to the operator.
envFrom:
- secretRef:
name: tyk-operator-conf
envVars:
- name: TYK_HTTPS_INGRESS_PORT
value: "8443"
- name: TYK_HTTP_INGRESS_PORT
value: "8080"
- name: TYK_HTTPS_INGRESS_PORT
value: "8443"
- name: TYK_HTTP_INGRESS_PORT
value: "8080"

image:
repository: tykio/tyk-operator
Expand All @@ -23,4 +23,8 @@ annotations: {}
podAnnotations: {}
podSecurityContext:
allowPrivilegeEscalation: false
resources: {}
resources: {}

#specify necessary resources for kube-rbac-proxy container
rbac:
resources: {}