Merge pull request #11248 from dntosas/cilium-resources

[cilium] Add support for choosing resources

docs/contributing/adding_a_feature.md

@@ -87,6 +87,8 @@ Then we conditionally move cilium-operator to masters:
       {{ '{{ end }}' }}
 ```
 
+After changing manifest files remember to run `bash hack/update-expected.sh` in order to get updated [manifestHash](https://github.com/kubernetes/kops/blob/master/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml#L74) values.
+
 ## Configuring kubelet
 
 When Cilium is in ENI mode `kubelet` needs to be configured with the local IP address, so that it can distinguish it

docs/networking/cilium.md

@@ -138,6 +138,16 @@ Once the secret has been created, encryption can be enabled by setting `enableEn
       enableEncryption: true
 ```
 
+#### Resources in Cilium
+{{ kops_feature_table(kops_added_default='1.21', k8s_min='1.20') }}
+
+As of kOps 1.20, it is possible to choose your own values for Cilium Agents + Operator. Example:
+```yaml
+  networking:
+    cilium:
+      cpuRequest: "25m"
+      memoryRequest: "128Mi"
+```
 
 ## Getting help
 

k8s/crds/kops.k8s.io_clusters.yaml

@@ -3402,6 +3402,14 @@ spec:
                           fetches information from the container runtime and this
                           field is ignored. Default: none'
                         type: string
+                      cpuRequest:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'CPURequest CPU request of Cilium agent + operator
+                          container. (default: 25m)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
                       debug:
                         description: Debug runs Cilium in debug mode.
                         type: boolean
@@ -3592,6 +3600,14 @@ spec:
                           be removed in the future. Setting this has no effect.
                         format: int32
                         type: integer
+                      memoryRequest:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'MemoryRequest memory request of Cilium agent
+                          + operator container. (default: 128Mi)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
                       monitorAggregation:
                         description: 'MonitorAggregation sets the level of packet
                           monitoring. Possible values are "low", "medium", or "maximum".

pkg/apis/kops/networking.go

@@ -261,6 +261,11 @@ type CiliumNetworkingSpec struct {
 	// Version is the version of the Cilium agent and the Cilium Operator.
 	Version string `json:"version,omitempty"`
 
+	// MemoryRequest memory request of Cilium agent + operator container. (default: 128Mi)
+	MemoryRequest *resource.Quantity `json:"memoryRequest,omitempty"`
+	// CPURequest CPU request of Cilium agent + operator container. (default: 25m)
+	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
+
 	// AccessLog is not implemented and may be removed in the future.
 	// Setting this has no effect.
 	AccessLog string `json:"accessLog,omitempty"`

pkg/apis/kops/v1alpha2/networking.go

@@ -259,6 +259,11 @@ type CiliumNetworkingSpec struct {
 	// Version is the version of the Cilium agent and the Cilium Operator.
 	Version string `json:"version,omitempty"`
 
+	// MemoryRequest memory request of Cilium agent + operator container. (default: 128Mi)
+	MemoryRequest *resource.Quantity `json:"memoryRequest,omitempty"`
+	// CPURequest CPU request of Cilium agent + operator container. (default: 25m)
+	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
+
 	// AccessLog is not implemented and may be removed in the future.
 	// Setting this has no effect.
 	AccessLog string `json:"accessLog,omitempty"`

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -1646,6 +1646,8 @@ func Convert_kops_CertManagerConfig_To_v1alpha2_CertManagerConfig(in *kops.CertM
 
 func autoConvert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *CiliumNetworkingSpec, out *kops.CiliumNetworkingSpec, s conversion.Scope) error {
 	out.Version = in.Version
+	out.MemoryRequest = in.MemoryRequest
+	out.CPURequest = in.CPURequest
 	out.AccessLog = in.AccessLog
 	out.AgentLabels = in.AgentLabels
 	out.AgentPrometheusPort = in.AgentPrometheusPort
@@ -1738,6 +1740,8 @@ func Convert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *Cili
 
 func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha2_CiliumNetworkingSpec(in *kops.CiliumNetworkingSpec, out *CiliumNetworkingSpec, s conversion.Scope) error {
 	out.Version = in.Version
+	out.MemoryRequest = in.MemoryRequest
+	out.CPURequest = in.CPURequest
 	out.AccessLog = in.AccessLog
 	out.AgentLabels = in.AgentLabels
 	out.AgentPrometheusPort = in.AgentPrometheusPort

pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go

@@ -431,6 +431,16 @@ func (in *CertManagerConfig) DeepCopy() *CertManagerConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CiliumNetworkingSpec) DeepCopyInto(out *CiliumNetworkingSpec) {
 	*out = *in
+	if in.MemoryRequest != nil {
+		in, out := &in.MemoryRequest, &out.MemoryRequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
+	if in.CPURequest != nil {
+		in, out := &in.CPURequest, &out.CPURequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
 	if in.AgentLabels != nil {
 		in, out := &in.AgentLabels, &out.AgentLabels
 		*out = make([]string, len(*in))

pkg/apis/kops/zz_generated.deepcopy.go

@@ -531,6 +531,16 @@ func (in *ChannelSpec) DeepCopy() *ChannelSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CiliumNetworkingSpec) DeepCopyInto(out *CiliumNetworkingSpec) {
 	*out = *in
+	if in.MemoryRequest != nil {
+		in, out := &in.MemoryRequest, &out.MemoryRequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
+	if in.CPURequest != nil {
+		in, out := &in.CPURequest, &out.CPURequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
 	if in.AgentLabels != nil {
 		in, out := &in.AgentLabels, &out.AgentLabels
 		*out = make([]string, len(*in))

pkg/model/components/cilium.go

@@ -18,6 +18,7 @@ package components
 
 import (
 	"github.com/blang/semver/v4"
+	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/wellknownports"
 	"k8s.io/kops/upup/pkg/fi"
@@ -92,6 +93,16 @@ func (b *CiliumOptionsBuilder) BuildOptions(o interface{}) error {
 		c.EnableRemoteNodeIdentity = fi.Bool(true)
 	}
 
+	if c.CPURequest == nil {
+		defaultCPURequest := resource.MustParse("25m")
+		c.CPURequest = &defaultCPURequest
+	}
+
+	if c.MemoryRequest == nil {
+		defaultMemoryRequest := resource.MustParse("128Mi")
+		c.MemoryRequest = &defaultMemoryRequest
+	}
+
 	hubble := c.Hubble
 	if hubble != nil {
 		if hubble.Enabled == nil {

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.8.yaml.template

@@ -522,7 +522,10 @@ spec:
           protocol: TCP
         {{- end }}
         {{ end }}
-
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         readinessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -772,6 +775,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         livenessProbe:
           httpGet:
             host: "127.0.0.1"
@@ -915,4 +922,4 @@ spec:
           path: /var/run/cilium
           type: Directory
         name: hubble-sock-dir
-{{ end }}
+{{ end }}

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.9.yaml.template

@@ -525,6 +525,10 @@ spec:
           periodSeconds: 30
           successThreshold: 1
           timeoutSeconds: 5
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         readinessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -823,6 +827,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         livenessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -891,7 +899,7 @@ spec:
   strategy:
     rollingUpdate:
       maxUnavailable: 1
-      type: RollingUpdate    
+      type: RollingUpdate
   template:
     metadata:
       labels:
@@ -951,4 +959,4 @@ spec:
             path: config.yaml
         name: config
 {{ end }}
-{{ end }}
+{{ end }}

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template

@@ -461,6 +461,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         readinessProbe:
           exec:
             command:
@@ -750,6 +754,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         livenessProbe:
           httpGet:
             host: "127.0.0.1"

upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml

@@ -71,7 +71,7 @@ spec:
     version: 1.17.0
   - id: k8s-1.12
     manifest: networking.cilium.io/k8s-1.12-v1.9.yaml
-    manifestHash: a1d86d4d8501a5f4adfc7e6c356377730a507c86
+    manifestHash: dea8534ba3aa267f877f7c2f68a1899fe869e1d3
     name: networking.cilium.io
     needsRollingUpdate: all
     selector: