-
Notifications
You must be signed in to change notification settings - Fork 99
/
package_repo_app.go
100 lines (86 loc) · 3.74 KB
/
package_repo_app.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// Copyright 2024 The Carvel Authors.
// SPDX-License-Identifier: Apache-2.0
package pkgrepository
import (
"os"
"time"
kcv1alpha1 "carvel.dev/kapp-controller/pkg/apis/kappctrl/v1alpha1"
pkgingv1alpha1 "carvel.dev/kapp-controller/pkg/apis/packaging/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
var (
kappDebug = os.Getenv("KAPPCTRL_PKGR_KAPP_DEBUG") == "true"
)
func NewPackageRepoApp(pkgRepository *pkgingv1alpha1.PackageRepository) (*kcv1alpha1.App, error) {
desiredApp := &kcv1alpha1.App{}
desiredApp.Name = pkgRepository.Name
desiredApp.Namespace = pkgRepository.Namespace
desiredApp.DeletionTimestamp = pkgRepository.DeletionTimestamp
desiredApp.Generation = pkgRepository.Generation
kappRawOpts := []string{
"--kube-api-qps=30",
"--kube-api-burst=40",
// Default kapp-controller service account allows listing all namespaces
// but does not allow listing of most resources in such namespaces --
// instead of spinning wheels trying to list, scope to "current" namespace
"--dangerous-scope-to-fallback-allowed-namespaces=true",
// Skip waiting since there are no wait rules defined for Packages
"--wait=false",
}
if kappDebug {
kappRawOpts = append(kappRawOpts, "--debug=true")
}
kappDeployRawOpts := append([]string{
"--logs=false",
"--app-changes-max-to-keep=5",
// in the case where two packages in different PKGRs are identical,
// first we have to tell kapp it's ok if the new PKGR takes ownership
// but then we use the rebase rule (below) to actually not override the ownership
// but without this flag the rebase rule won't get a chance to run. So in conclusion
// it's a fake-out and we shouldn't actually take ownership of existing resources.
"--dangerous-override-ownership-of-existing-resources=true",
// GKE for some reason does not like high volume of GETs for our API server
// and ends up taking very long time to respond to SubjectAccessReviews (SAR).
// We can disable existing check entirely since we use a rebase rule to enforce
// non-transference of ownership in the case that we have multiple packages of
// the same name.
"--existing-non-labeled-resources-check=false",
// ... could in theory just lower concurrency, but decided to turn it off entirely.
// (on GKE, 6 was a sweet spot, 10 exhibited hanging behaviour)
// "--existing-non-labeled-resources-check-concurrency=6",
}, kappRawOpts...)
kappDeleteRawOpts := append([]string{}, kappRawOpts...)
desiredApp.Spec = kcv1alpha1.AppSpec{
Fetch: []kcv1alpha1.AppFetch{{
Image: pkgRepository.Spec.Fetch.Image,
Inline: pkgRepository.Spec.Fetch.Inline,
Git: pkgRepository.Spec.Fetch.Git,
HTTP: pkgRepository.Spec.Fetch.HTTP,
ImgpkgBundle: pkgRepository.Spec.Fetch.ImgpkgBundle,
}},
Template: []kcv1alpha1.AppTemplate{}, // Template step hardcoded into app_template.go
Deploy: []kcv1alpha1.AppDeploy{{
Kapp: &kcv1alpha1.AppDeployKapp{
RawOptions: kappDeployRawOpts,
Delete: &kcv1alpha1.AppDeployKappDelete{
RawOptions: kappDeleteRawOpts,
},
},
}},
Paused: pkgRepository.Spec.Paused,
}
if pkgRepository.Spec.SyncPeriod == nil {
desiredApp.Spec.SyncPeriod = &metav1.Duration{Duration: time.Minute * 10}
} else {
desiredApp.Spec.SyncPeriod = pkgRepository.Spec.SyncPeriod
}
desiredApp.Status = kcv1alpha1.AppStatus{
Fetch: pkgRepository.Status.Fetch,
Template: pkgRepository.Status.Template,
Deploy: pkgRepository.Status.Deploy,
GenericStatus: pkgRepository.Status.GenericStatus,
ConsecutiveReconcileSuccesses: pkgRepository.Status.ConsecutiveReconcileSuccesses,
ConsecutiveReconcileFailures: pkgRepository.Status.ConsecutiveReconcileFailures,
}
return desiredApp, nil
}