Skip to content

Commit

Permalink
cdi changes
Browse files Browse the repository at this point in the history 
Signed-off-by: Yaroslav Borbat <[email protected]>
  • Loading branch information
@yaroslavborbat @diafour
yaroslavborbat authored and diafour committed Apr 16, 2024
1 parent 8c73631 commit 685d221
Show file tree
Hide file tree
Showing 6 changed files with 255 additions and 5 deletions.
100 changes: 100 additions & 0 deletions images/cdi-artifact/patches/007-content-type-json.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
diff --git a/cmd/cdi-apiserver/apiserver.go b/cmd/cdi-apiserver/apiserver.go
index 156b6fc..048e538 100644
--- a/cmd/cdi-apiserver/apiserver.go
+++ b/cmd/cdi-apiserver/apiserver.go
@@ -25,9 +25,9 @@ import (
"os"

"github.com/kelseyhightower/envconfig"
-
snapclient "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
"github.com/pkg/errors"
+ apiruntime "k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/klog/v2"
@@ -107,6 +107,7 @@ func main() {
if err != nil {
klog.Fatalf("Unable to get kube config: %v\n", errors.WithStack(err))
}
+ cfg.ContentType = apiruntime.ContentTypeJSON

client, err := kubernetes.NewForConfig(cfg)
if err != nil {
diff --git a/cmd/cdi-controller/controller.go b/cmd/cdi-controller/controller.go
index dbf6295..4c665eb 100644
--- a/cmd/cdi-controller/controller.go
+++ b/cmd/cdi-controller/controller.go
@@ -154,7 +154,7 @@ func start() {
if err != nil {
klog.Fatalf("Unable to get kube config: %v\n", errors.WithStack(err))
}
-
+ cfg.ContentType = apiruntime.ContentTypeJSON
client, err := kubernetes.NewForConfig(cfg)
if err != nil {
klog.Fatalf("Unable to get kube client: %v\n", errors.WithStack(err))
@@ -178,8 +178,9 @@ func start() {
NewCache: getNewManagerCache(namespace),
Scheme: scheme,
}
-
- mgr, err := manager.New(config.GetConfigOrDie(), opts)
+ cfg = config.GetConfigOrDie()
+ cfg.ContentType = apiruntime.ContentTypeJSON
+ mgr, err := manager.New(cfg, opts)
if err != nil {
klog.Errorf("Unable to setup controller manager: %v", err)
os.Exit(1)
diff --git a/cmd/cdi-operator/operator.go b/cmd/cdi-operator/operator.go
index 0a9b30d..211f8cf 100644
--- a/cmd/cdi-operator/operator.go
+++ b/cmd/cdi-operator/operator.go
@@ -29,6 +29,7 @@ import (
promv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
"go.uber.org/zap/zapcore"
extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+ apiruntime "k8s.io/apimachinery/pkg/runtime"
apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
"sigs.k8s.io/controller-runtime/pkg/client/config"
logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -82,6 +83,7 @@ func main() {
log.Error(err, "")
os.Exit(1)
}
+ cfg.ContentType = apiruntime.ContentTypeJSON

managerOpts := manager.Options{
Namespace: namespace,
diff --git a/cmd/cdi-uploadproxy/uploadproxy.go b/cmd/cdi-uploadproxy/uploadproxy.go
index fc55ae1..2d4fe58 100644
--- a/cmd/cdi-uploadproxy/uploadproxy.go
+++ b/cmd/cdi-uploadproxy/uploadproxy.go
@@ -7,17 +7,17 @@ import (

"github.com/kelseyhightower/envconfig"
"github.com/pkg/errors"
+ apiruntime "k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/klog/v2"
- "sigs.k8s.io/controller-runtime/pkg/manager/signals"
-
cdiclient "kubevirt.io/containerized-data-importer/pkg/client/clientset/versioned"
"kubevirt.io/containerized-data-importer/pkg/uploadproxy"
"kubevirt.io/containerized-data-importer/pkg/util"
certfetcher "kubevirt.io/containerized-data-importer/pkg/util/cert/fetcher"
certwatcher "kubevirt.io/containerized-data-importer/pkg/util/cert/watcher"
cryptowatch "kubevirt.io/containerized-data-importer/pkg/util/tls-crypto-watch"
+ "sigs.k8s.io/controller-runtime/pkg/manager/signals"
)

const (
@@ -79,6 +79,7 @@ func main() {
if err != nil {
klog.Fatalf("Unable to get kube config: %v\n", errors.WithStack(err))
}
+ cfg.ContentType = apiruntime.ContentTypeJSON
client, err := kubernetes.NewForConfig(cfg)
if err != nil {
klog.Fatalf("Unable to get kube client: %v\n", errors.WithStack(err))
5 changes: 4 additions & 1 deletion images/cdi-artifact/patches/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,7 @@ Also, remove short names and change categories. Just in case.

Add `spec.customizeComponents` to the crd cdi to customize resources.

https://github.com/kubevirt/containerized-data-importer/pull/3070
https://github.com/kubevirt/containerized-data-importer/pull/3070

#### `007-content-type-json.patch`
set ContentTypeJson for kubernetes clients.
74 changes: 74 additions & 0 deletions templates/cdi/_helpers.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{{- define "cdi.strategic_affinity_patch" -}}
{{- $labelValue := index . 0 -}}
'{{ include "cdi.tmplAntiAffinity" (list $labelValue) | fromYaml | toJson }}'
{{- end }}

{{- define "cdi.tmplAntiAffinity" -}}
{{- $labelValue := index . 0 -}}
spec:
template:
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- {{ $labelValue }}
topologyKey: kubernetes.io/hostname
{{- end -}}


{{- define "cdi.strategic_kubeproxy_patch" -}}
{{- $context := index . 0 -}}
{{- $containerName := index . 1 -}}
{{- $webhookProxy := index . 2 -}}
'{{ include "cdi.tmplKubeProxy" (list $context $containerName $webhookProxy) | fromYaml | toJson }}'
{{- end }}

{{- define "cdi.tmplKubeProxy" -}}
{{- $context := index . 0 -}}
{{- $containerName := index . 1 -}}
{{- $webhookProxy := index . 2 -}}
{{- $proxyImage := include "helm_lib_module_image" (list $context "kubeApiProxy") }}
spec:
template:
spec:
volumes:
- name: kube-api-proxy-kubeconfig
configMap:
name: kube-api-proxy-kubeconfig
containers:
- name: proxy
image: {{ $proxyImage }}
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WEBHOOK_PROXY
value: '{{ $webhookProxy }}'
- name: {{ $containerName }}
env:
- name: KUBECONFIG
value: /kubeconfig.local/proxy.kubeconfig
volumeMounts:
- name: kube-api-proxy-kubeconfig
mountPath: /kubeconfig.local
{{- end -}}
34 changes: 34 additions & 0 deletions templates/cdi/cdi-operator/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,37 @@ spec:
spec:
{{- include "helm_lib_pod_anti_affinity_for_ha" (list . (dict "app" "cdi-operator")) | nindent 6 }}
containers:
- name: proxy
image: {{ include "helm_lib_module_image" (list . "kubeApiProxy") }}
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WEBHOOK_PROXY
value: "no"
resources:
requests:
{{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
{{- include "cdi_operator_resources" . | nindent 12 }}
{{- end }}
- name: cdi-operator
{{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . | nindent 8 }}
env:
{{- include "cdi_images" . | nindent 8 }}
- name: KUBECONFIG
value: "/kubeconfig.local/proxy.kubeconfig"
- name: DEPLOY_CLUSTER_RESOURCES
value: "true"
- name: OPERATOR_VERSION
Expand All @@ -97,8 +124,15 @@ spec:
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
{{- include "cdi_operator_resources" . | nindent 12 }}
{{- end }}
volumeMounts:
- name: kube-api-proxy-kubeconfig
mountPath: /kubeconfig.local
{{- include "helm_lib_priority_class" (tuple . "cluster-low") | nindent 6 }}
{{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }}
{{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }}
{{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }}
serviceAccountName: cdi-operator
volumes:
- name: kube-api-proxy-kubeconfig
configMap:
name: kube-api-proxy-kubeconfig
27 changes: 23 additions & 4 deletions templates/cdi/cdi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,17 @@ spec:
resourceName: cdi-uploadproxy
patch: '[{"op":"replace","path":"/spec/replicas","value":0}]'
type: json

- resourceType: Deployment
resourceName: cdi-apiserver
patch: {{ include "cdi.strategic_kubeproxy_patch" (list . "cdi-apiserver" "yes") }}
type: strategic

- resourceType: Deployment
resourceName: cdi-deployment
patch: {{ include "cdi.strategic_kubeproxy_patch" (list . "cdi-controller" "no") }}
type: strategic

{{- if ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
- resourceType: Deployment
resourceName: cdi-apiserver
Expand All @@ -45,6 +56,14 @@ spec:
resourceName: cdi-deployment
patch: '[{"op":"replace","path":"/spec/template/spec/containers/0/resources/requests","value":{}}]'
type: json
- resourceType: Deployment
resourceName: cdi-apiserver
patch: '[{"op":"replace","path":"/spec/template/spec/containers/1/resources/requests","value":{}}]'
type: json
- resourceType: Deployment
resourceName: cdi-deployment
patch: '[{"op":"replace","path":"/spec/template/spec/containers/1/resources/requests","value":{}}]'
type: json
{{- end }}

{{- if (include "helm_lib_ha_enabled" .) }}
Expand All @@ -54,17 +73,17 @@ spec:
type: json
- resourceType: Deployment
resourceName: cdi-apiserver
patch: '[{"op":"replace","path":"/spec/template/spec/affinity","value":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"cdi.kubevirt.io","operator":"In","values":["cdi-apiserver"]}]},"topologyKey":"kubernetes.io/hostname"}]}}}]'
type: json
patch: {{ include "cdi.strategic_affinity_patch" (list "cdi-apiserver") }}
type: strategic

- resourceType: Deployment
resourceName: cdi-deployment
patch: '[{"op":"replace","path":"/spec/replicas","value":2}]'
type: json
- resourceType: Deployment
resourceName: cdi-deployment
patch: '[{"op":"replace","path":"/spec/template/spec/affinity","value":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["containerized-data-importer"]}]},"topologyKey":"kubernetes.io/hostname"}]}}}]'
type: json
patch: {{ include "cdi.strategic_affinity_patch" (list "containerized-data-importer") }}
type: strategic
{{- end }}
workload:
nodeSelector:
Expand Down
20 changes: 20 additions & 0 deletions templates/kube-api-proxy-kubeconfig-cm.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-api-proxy-kubeconfig
namespace: d8-{{ .Chart.Name }}
{{- include "helm_lib_module_labels" (list .) | nindent 2 }}
data:
proxy.kubeconfig: |
apiVersion: v1
kind: Config
clusters:
- cluster:
server: http://127.0.0.1:23915
name: proxy.api.server
contexts:
- context:
cluster: proxy.api.server
name: proxy.api.server
current-context: proxy.api.server

0 comments on commit 685d221

Please sign in to comment.