[cilium] Add support for choosing resources

Cilium as a CNI is a critical component for the cluster so it would be safe
to have some guaranteed resources as well as allowing the users to
define them based on their needs.

In this commit, we init default requested resources and add the
capability of user-defined values.

Signed-off-by: dntosas <ntosas@gmail.com>

docs/networking/cilium.md

@@ -147,8 +147,6 @@ As of kOps 1.20, it is possible to choose your own values for Cilium Agents + Op
     cilium:
       cpuRequest: "25m"
       memoryRequest: "128Mi"
-      cpuLimit: "100m"
-      memoryLimit: "300Mi"
 ```
 
 ## Getting help

k8s/crds/kops.k8s.io_clusters.yaml

@@ -3398,6 +3398,14 @@ spec:
                           fetches information from the container runtime and this
                           field is ignored. Default: none'
                         type: string
+                      cpuRequest:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'CPURequest CPU request of Cilium agent + operator
+                          container. (default: 25m)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
                       debug:
                         description: Debug runs Cilium in debug mode.
                         type: boolean
@@ -3588,6 +3596,14 @@ spec:
                           be removed in the future. Setting this has no effect.
                         format: int32
                         type: integer
+                      memoryRequest:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'MemoryRequest memory request of Cilium agent
+                          + operator container. (default: 128Mi)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
                       monitorAggregation:
                         description: 'MonitorAggregation sets the level of packet
                           monitoring. Possible values are "low", "medium", or "maximum".

pkg/apis/kops/networking.go

@@ -261,6 +261,11 @@ type CiliumNetworkingSpec struct {
 	// Version is the version of the Cilium agent and the Cilium Operator.
 	Version string `json:"version,omitempty"`
 
+	// MemoryRequest memory request of Cilium agent + operator container. (default: 128Mi)
+	MemoryRequest *resource.Quantity `json:"memoryRequest,omitempty"`
+	// CPURequest CPU request of Cilium agent + operator container. (default: 25m)
+	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
+
 	// AccessLog is not implemented and may be removed in the future.
 	// Setting this has no effect.
 	AccessLog string `json:"accessLog,omitempty"`

pkg/apis/kops/v1alpha2/networking.go

@@ -259,6 +259,11 @@ type CiliumNetworkingSpec struct {
 	// Version is the version of the Cilium agent and the Cilium Operator.
 	Version string `json:"version,omitempty"`
 
+	// MemoryRequest memory request of Cilium agent + operator container. (default: 128Mi)
+	MemoryRequest *resource.Quantity `json:"memoryRequest,omitempty"`
+	// CPURequest CPU request of Cilium agent + operator container. (default: 25m)
+	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
+
 	// AccessLog is not implemented and may be removed in the future.
 	// Setting this has no effect.
 	AccessLog string `json:"accessLog,omitempty"`

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -1636,6 +1636,8 @@ func Convert_kops_CertManagerConfig_To_v1alpha2_CertManagerConfig(in *kops.CertM
 
 func autoConvert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *CiliumNetworkingSpec, out *kops.CiliumNetworkingSpec, s conversion.Scope) error {
 	out.Version = in.Version
+	out.MemoryRequest = in.MemoryRequest
+	out.CPURequest = in.CPURequest
 	out.AccessLog = in.AccessLog
 	out.AgentLabels = in.AgentLabels
 	out.AgentPrometheusPort = in.AgentPrometheusPort
@@ -1728,6 +1730,8 @@ func Convert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *Cili
 
 func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha2_CiliumNetworkingSpec(in *kops.CiliumNetworkingSpec, out *CiliumNetworkingSpec, s conversion.Scope) error {
 	out.Version = in.Version
+	out.MemoryRequest = in.MemoryRequest
+	out.CPURequest = in.CPURequest
 	out.AccessLog = in.AccessLog
 	out.AgentLabels = in.AgentLabels
 	out.AgentPrometheusPort = in.AgentPrometheusPort

pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go

@@ -431,6 +431,16 @@ func (in *CertManagerConfig) DeepCopy() *CertManagerConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CiliumNetworkingSpec) DeepCopyInto(out *CiliumNetworkingSpec) {
 	*out = *in
+	if in.MemoryRequest != nil {
+		in, out := &in.MemoryRequest, &out.MemoryRequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
+	if in.CPURequest != nil {
+		in, out := &in.CPURequest, &out.CPURequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
 	if in.AgentLabels != nil {
 		in, out := &in.AgentLabels, &out.AgentLabels
 		*out = make([]string, len(*in))

pkg/apis/kops/zz_generated.deepcopy.go

@@ -531,6 +531,16 @@ func (in *ChannelSpec) DeepCopy() *ChannelSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CiliumNetworkingSpec) DeepCopyInto(out *CiliumNetworkingSpec) {
 	*out = *in
+	if in.MemoryRequest != nil {
+		in, out := &in.MemoryRequest, &out.MemoryRequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
+	if in.CPURequest != nil {
+		in, out := &in.CPURequest, &out.CPURequest
+		x := (*in).DeepCopy()
+		*out = &x
+	}
 	if in.AgentLabels != nil {
 		in, out := &in.AgentLabels, &out.AgentLabels
 		*out = make([]string, len(*in))

pkg/model/components/cilium.go

@@ -18,6 +18,7 @@ package components
 
 import (
 	"github.com/blang/semver/v4"
+	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/wellknownports"
 	"k8s.io/kops/upup/pkg/fi"
@@ -92,6 +93,16 @@ func (b *CiliumOptionsBuilder) BuildOptions(o interface{}) error {
 		c.EnableRemoteNodeIdentity = fi.Bool(true)
 	}
 
+	if c.CPURequest == nil {
+		defaultCPURequest := resource.MustParse("25m")
+		c.CPURequest = &defaultCPURequest
+	}
+
+	if c.MemoryRequest == nil {
+		defaultMemoryRequest := resource.MustParse("128Mi")
+		c.MemoryRequest = &defaultMemoryRequest
+	}
+
 	hubble := c.Hubble
 	if hubble != nil {
 		if hubble.Enabled == nil {

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.8.yaml.template

@@ -522,7 +522,10 @@ spec:
           protocol: TCP
         {{- end }}
         {{ end }}
-
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         readinessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -772,6 +775,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         livenessProbe:
           httpGet:
             host: "127.0.0.1"
@@ -915,4 +922,4 @@ spec:
           path: /var/run/cilium
           type: Directory
         name: hubble-sock-dir
-{{ end }}
+{{ end }}

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.9.yaml.template

@@ -525,6 +525,10 @@ spec:
           periodSeconds: 30
           successThreshold: 1
           timeoutSeconds: 5
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         readinessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -823,6 +827,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         livenessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -891,7 +899,7 @@ spec:
   strategy:
     rollingUpdate:
       maxUnavailable: 1
-      type: RollingUpdate    
+      type: RollingUpdate
   template:
     metadata:
       labels:
@@ -951,4 +959,4 @@ spec:
             path: config.yaml
         name: config
 {{ end }}
-{{ end }}
+{{ end }}

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template

@@ -461,6 +461,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         readinessProbe:
           exec:
             command:
@@ -750,6 +754,10 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
         livenessProbe:
           httpGet:
             host: "127.0.0.1"

upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml

@@ -70,7 +70,7 @@ spec:
     version: 1.17.0
   - id: k8s-1.12
     manifest: networking.cilium.io/k8s-1.12-v1.9.yaml
-    manifestHash: a1d86d4d8501a5f4adfc7e6c356377730a507c86
+    manifestHash: dea8534ba3aa267f877f7c2f68a1899fe869e1d3
     name: networking.cilium.io
     needsRollingUpdate: all
     selector: