Documentation
¶
Index ¶
- Variables
- func EnsureNamespaceExists(c client.Client, name string)
- func GetClusterModeGCPManifest() []string
- func GetClusterModeWorkloadIdentityManifest() []string
- func GetManifestsWithAlphaAndBetaCRDs() []string
- func GetManifestsWithAlphaCRD() []string
- func GetManifestsWithBetaCRD() []string
- func GetManifestsWithDefectiveCRD() []string
- func GetManifestsWithNoCRD() []string
- func GetManifestsWithNonKCCCRD() []string
- func GetPerNamespaceManifest() []string
- func GetSharedComponentsManifest() []string
- func HasOperatorFinalizer(o metav1.Object) bool
- func ManuallyModifyNamespaceTemplates(t *testing.T, template []string, nsName, saName string, ...) []string
- func ManuallyReplaceGSA(components []string, saName string) []string
- func ManuallyReplaceSecretVolume(components []string, secretName string) []string
- func ParseObjects(ctx context.Context, t *testing.T, objects []string) *manifest.Objects
- func ToString(t *testing.T, u *unstructured.Unstructured) string
- func ToUnstructured(t *testing.T, objStr string) *unstructured.Unstructured
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ControllerResourceCRForControllerManagerResources = &customizev1beta1.ControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", }, Spec: customizev1beta1.ControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{ { Name: "manager", Resources: customizev1beta1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("512Mi"), }, }, }, }, }, } ControllerResourceCRForControllerManagerReplicas = &customizev1beta1.ControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", }, Spec: customizev1beta1.ControllerResourceSpec{ Replicas: proto.Int64(int64(4)), Containers: []customizev1beta1.ContainerResourceSpec{ { Name: "manager", Resources: customizev1beta1.ResourceRequirements{ Limits: corev1.ResourceList{}, Requests: corev1.ResourceList{}, }, }, }, }, } ControllerResourceCRForWebhookManagerResourcesAndReplicas = &customizev1beta1.ControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-webhook-manager", }, Spec: customizev1beta1.ControllerResourceSpec{ Replicas: proto.Int64(int64(4)), Containers: []customizev1beta1.ContainerResourceSpec{ { Name: "webhook", Resources: customizev1beta1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("512Mi"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("256Mi"), }, }, }, }, }, } ControllerResourceCRForWebhookManagerWithLargeReplicas = &customizev1beta1.ControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-webhook-manager", }, Spec: customizev1beta1.ControllerResourceSpec{ Replicas: proto.Int64(int64(30)), Containers: []customizev1beta1.ContainerResourceSpec{ { Name: "webhook", Resources: customizev1beta1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("512Mi"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("256Mi"), }, }, }, }, }, } NamespacedControllerResourceCRForControllerManagerResources = &customizev1beta1.NamespacedControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", Namespace: "foo-ns", }, Spec: customizev1beta1.NamespacedControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{ { Name: "manager", Resources: customizev1beta1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("512Mi"), }, }, }, }, }, } NamespacedControllerReconcilerCR = &customizev1alpha1.NamespacedControllerReconciler{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", Namespace: "foo-ns", }, Spec: customizev1alpha1.NamespacedControllerReconcilerSpec{ RateLimit: &customizev1alpha1.RateLimit{ Burst: 30, QPS: 80, }, }, } )
View Source
var ( ControllerResourceCRForNonExistingController = &customizev1beta1.ControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: nonExistingControllerName, }, Spec: customizev1beta1.ControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{}, }, } NamespacedControllerResourceCRForNonExistingController = &customizev1beta1.NamespacedControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: nonExistingControllerName, Namespace: "foo-ns", }, Spec: customizev1beta1.NamespacedControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{}, }, } ErrNonExistingController = fmt.Sprintf("resource customization for controller %s is not supported", nonExistingControllerName) )
View Source
var ( ControllerResourceCRForNonExistingContainer = &customizev1beta1.ControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", }, Spec: customizev1beta1.ControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{ { Name: nonExistingContainerName, }, }, }, } NamespacedControllerResourceCRForNonExistingContainer = &customizev1beta1.NamespacedControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", Namespace: "foo-ns", }, Spec: customizev1beta1.NamespacedControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{ { Name: nonExistingContainerName, }, }, }, } ErrNonExistingContainer = fmt.Sprintf("failed to apply customization cnrm-controller-manager: resource customization failed for the following containers because there are no matching containers in the manifest: %s", nonExistingContainerName) )
View Source
var ( ControllerResourceCRForDuplicatedContainer = &customizev1beta1.ControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", }, Spec: customizev1beta1.ControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{ { Name: "manager", }, { Name: "prom-to-sd", }, { Name: "manager", }, }, }, } ErrDuplicatedContainer = fmt.Sprintf("failed to apply customization cnrm-controller-manager: the following containers are specified multiple times in the Spec: manager") )
View Source
var ( NamespacedControllerResourceCRWrongNamespace = &customizev1beta1.NamespacedControllerResource{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", Namespace: "does-not-match", }, Spec: customizev1beta1.NamespacedControllerResourceSpec{ Containers: []customizev1beta1.ContainerResourceSpec{ { Name: "manager", Resources: customizev1beta1.ResourceRequirements{ Limits: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("400m"), }, Requests: corev1.ResourceList{ corev1.ResourceMemory: resource.MustParse("512Mi"), }, }, }, }, }, } NamespacedControllerReconcilerCRWrongNamespace = &customizev1alpha1.NamespacedControllerReconciler{ ObjectMeta: metav1.ObjectMeta{ Name: "cnrm-controller-manager", Namespace: "does-not-match", }, Spec: customizev1alpha1.NamespacedControllerReconcilerSpec{ RateLimit: &customizev1alpha1.RateLimit{ Burst: 30, QPS: 80, }, }, } )
View Source
var ( ValidatingWebhookCRForDuplicatedWebhook = &customizev1beta1.ValidatingWebhookConfigurationCustomization{ ObjectMeta: metav1.ObjectMeta{ Name: "validating-webhook", }, Spec: customizev1beta1.WebhookConfigurationCustomizationSpec{ Webhooks: []customizev1beta1.WebhookCustomizationSpec{ { Name: "deny-immutable-field-updates", }, { Name: "resource-validation", }, { Name: "deny-immutable-field-updates", }, }, }, } MutatingWebhookCRForDuplicatedWebhook = &customizev1beta1.MutatingWebhookConfigurationCustomization{ ObjectMeta: metav1.ObjectMeta{ Name: "mutating-webhook", }, Spec: customizev1beta1.WebhookConfigurationCustomizationSpec{ Webhooks: []customizev1beta1.WebhookCustomizationSpec{ { Name: "container-annotation-handler", }, { Name: "iam-defaulter", }, { Name: "container-annotation-handler", }, }, }, } ErrDuplicatedWebhookForValidatingWebhookCR = fmt.Sprintf("invalid webhook configuration customization: the following webhooks are specified multiple times in the Spec: deny-immutable-field-updates") ErrDuplicatedWebhookForMutatingWebhookCR = fmt.Sprintf("invalid webhook configuration customization: the following webhooks are specified multiple times in the Spec: container-annotation-handler") )
View Source
var ( NamespacedControllerReconcilerCRForUnsupportedController = &customizev1alpha1.NamespacedControllerReconciler{ ObjectMeta: metav1.ObjectMeta{ Name: unsupportedControllerName, Namespace: "foo-ns", }, Spec: customizev1alpha1.NamespacedControllerReconcilerSpec{ RateLimit: &customizev1alpha1.RateLimit{ Burst: 30, QPS: 80, }, }, } ErrUnsupportedController = fmt.Sprintf("failed to apply rate limit customization %s: "+ "rate limit customization for %s is not supported. "+ "Supported controllers: %s", unsupportedControllerName, unsupportedControllerName, strings.Join(customizev1alpha1.SupportedNamespacedControllers, ", ")) )
View Source
var ClusterModeComponents = []string{`
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
name: cnrm-controller-manager
namespace: cnrm-system
`, `
apiVersion: v1
kind: Service
metadata:
name: cnrm-manager
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
resources:
limits:
cpu: 200m
requests:
memory: 256Mi
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`, `
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook-manager
namespace: cnrm-system
spec:
revisionHistoryLimit: 1
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- command:
- /configconnector/webhook
env:
- name: GOMEMLIMIT
value: 110MiB
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/gke-release/cnrm/webhook:54aab28
imagePullPolicy: Always
name: webhook
ports:
- containerPort: 23232
readinessProbe:
httpGet:
path: /ready
port: 23232
initialDelaySeconds: 7
periodSeconds: 3
resources:
limits:
memory: 128Mi
requests:
cpu: 250m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 1000
enableServiceLinks: false
serviceAccountName: cnrm-webhook-manager
terminationGracePeriodSeconds: 10
`, `
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
annotations:
autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]'
labels:
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook
namespace: cnrm-system
spec:
maxReplicas: 20
minReplicas: 2
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: cnrm-webhook-manager
targetCPUUtilizationPercentage: 90
`}
View Source
var ClusterModeComponentsWithCustomizedControllerManager = []string{`
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
name: cnrm-controller-manager
namespace: cnrm-system
`, `
apiVersion: v1
kind: Service
metadata:
name: cnrm-manager
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
resources:
limits:
cpu: 400m
requests:
memory: 512Mi
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`, `
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook-manager
namespace: cnrm-system
spec:
revisionHistoryLimit: 1
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- command:
- /configconnector/webhook
env:
- name: GOMEMLIMIT
value: 110MiB
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/gke-release/cnrm/webhook:54aab28
imagePullPolicy: Always
name: webhook
ports:
- containerPort: 23232
readinessProbe:
httpGet:
path: /ready
port: 23232
initialDelaySeconds: 7
periodSeconds: 3
resources:
limits:
memory: 128Mi
requests:
cpu: 250m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 1000
enableServiceLinks: false
serviceAccountName: cnrm-webhook-manager
terminationGracePeriodSeconds: 10
`, `
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
annotations:
autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]'
labels:
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook
namespace: cnrm-system
spec:
maxReplicas: 20
minReplicas: 2
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: cnrm-webhook-manager
targetCPUUtilizationPercentage: 90
`}
ClusterModeComponentsWithCustomizedControllerManager is the same as ClusterModeComponents with the following differences: - the "resources" section for cnrm-controller-manager/manager container.
Note that the GOMEMLIMIT env for the webhook manager deployment still has the default "110MiB" value, because there was no memory customization on the webhook manager.
View Source
var ClusterModeComponentsWithCustomizedWebhookManager = []string{`
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
name: cnrm-controller-manager
namespace: cnrm-system
`, `
apiVersion: v1
kind: Service
metadata:
name: cnrm-manager
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
resources:
limits:
cpu: 200m
requests:
memory: 256Mi
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`, `
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook-manager
namespace: cnrm-system
spec:
replicas: 4
revisionHistoryLimit: 1
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- command:
- /configconnector/webhook
env:
- name: GOMEMLIMIT
value: "228170137B"
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/gke-release/cnrm/webhook:54aab28
imagePullPolicy: Always
name: webhook
ports:
- containerPort: 23232
readinessProbe:
httpGet:
path: /ready
port: 23232
initialDelaySeconds: 7
periodSeconds: 3
resources:
limits:
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 1000
enableServiceLinks: false
serviceAccountName: cnrm-webhook-manager
terminationGracePeriodSeconds: 10
`, `
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
annotations:
autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]'
labels:
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook
namespace: cnrm-system
spec:
maxReplicas: 20
minReplicas: 4
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: cnrm-webhook-manager
targetCPUUtilizationPercentage: 90
`}
ClusterModeComponentsWithCustomizedWebhookManager is the same as ClusterModeComponents with the following differences: - the "resources" section for cnrm-webhook-manager/webhook container. - the "replicas" field for cnrm-webhook-manger deployment. - the "minReplicas" field for HorizontalPodAutoscaler. - the "GOMEMLIMIT" environment variable.
View Source
var ClusterModeComponentsWithCustomizedWebhookManagerWithLargeReplicas = []string{`
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
name: cnrm-controller-manager
namespace: cnrm-system
`, `
apiVersion: v1
kind: Service
metadata:
name: cnrm-manager
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
resources:
limits:
cpu: 200m
requests:
memory: 256Mi
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`, `
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook-manager
namespace: cnrm-system
spec:
replicas: 30
revisionHistoryLimit: 1
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-webhook-manager
cnrm.cloud.google.com/system: "true"
spec:
containers:
- command:
- /configconnector/webhook
env:
- name: GOMEMLIMIT
value: "228170137B"
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/gke-release/cnrm/webhook:54aab28
imagePullPolicy: Always
name: webhook
ports:
- containerPort: 23232
readinessProbe:
httpGet:
path: /ready
port: 23232
initialDelaySeconds: 7
periodSeconds: 3
resources:
limits:
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 1000
enableServiceLinks: false
serviceAccountName: cnrm-webhook-manager
terminationGracePeriodSeconds: 10
`, `
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
annotations:
autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]'
labels:
cnrm.cloud.google.com/system: "true"
name: cnrm-webhook
namespace: cnrm-system
spec:
maxReplicas: 30
minReplicas: 30
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: cnrm-webhook-manager
targetCPUUtilizationPercentage: 90
`}
ClusterModeComponentsWithCustomizedWebhookManagerWithLargeReplicas is the same as ClusterModeComponents with the following differences: - the "resources" section for cnrm-webhook-manager/webhook container. - the "replicas" field for cnrm-webhook-manger deployment. - the "minReplicas" field for HorizontalPodAutoscaler. - the "maxReplicas" field for HorizontalPodAutoscaler is also updated to match the value of "minReplcias". - the "GOMEMLIMIT" environment variable.
View Source
var ClusterModeOnlyGCPComponents = []string{`
apiVersion: v1
kind: ServiceAccount
metadata:
name: cnrm-controller-manager
namespace: cnrm-system
`, `
apiVersion: v1
kind: Service
metadata:
name: cnrm-manager
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
spec:
volumes:
- name: gcp-service-account
secret:
secretName: gcp-key
`}
View Source
var ClusterModeOnlyWorkloadIdentityComponents = []string{`
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
name: cnrm-controller-manager
namespace: cnrm-system
`, `
apiVersion: v1
kind: Service
metadata:
name: cnrm-manager
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/system: "true"
`}
View Source
var FooCRD = `` /* 442-byte string literal not displayed */
View Source
var NamespacedComponents = []string{`
apiVersion: v1
kind: Service
metadata:
labels:
cnrm.cloud.google.com/monitored: "true"
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager-${NAMESPACE?}
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`}
View Source
var NamespacedComponentsTemplate = []string{`
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: ${SERVICE_ACCOUNT?}
labels:
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager-${NAMESPACE?}
namespace: cnrm-system
`, `
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-admin-binding-${NAMESPACE?}
namespace: ${NAMESPACE?}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cnrm-admin
subjects:
- kind: ServiceAccount
name: cnrm-controller-manager-${NAMESPACE?}
namespace: cnrm-system
`, `
apiVersion: v1
kind: Service
metadata:
labels:
cnrm.cloud.google.com/monitored: "true"
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager-${NAMESPACE?}
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`}
View Source
var NamespacedComponentsWithCustomizedControllerManager = []string{`
apiVersion: v1
kind: Service
metadata:
labels:
cnrm.cloud.google.com/monitored: "true"
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager-${NAMESPACE?}
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
resources:
limits:
cpu: 400m
requests:
memory: 512Mi
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`}
NamespacedComponentsWithCustomizedControllerManager is the same as NamespacedComponents with the following differences: - the "resources" section for cnrm-controller-manager/manager container.
View Source
var NamespacedComponentsWithRatLimitCustomization = []string{`
apiVersion: v1
kind: Service
metadata:
labels:
cnrm.cloud.google.com/monitored: "true"
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
ports:
- name: controller-manager
port: 443
- name: metrics
port: 8888
selector:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
`, `
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
name: cnrm-controller-manager-${NAMESPACE?}
namespace: cnrm-system
spec:
selector:
matchLabels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
serviceName: cnrm-manager-${NAMESPACE?}
template:
metadata:
labels:
cnrm.cloud.google.com/component: cnrm-controller-manager
cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?}
cnrm.cloud.google.com/system: "true"
spec:
containers:
- args: ["--qps=80", "--burst=30", "--scoped-namespace=${NAMESPACE?}", "--stderrthreshold=INFO", "--prometheus-scrape-endpoint=:8888"]
command: ["/configconnector/manager"]
image: gcr.io/gke-release/cnrm/controller:4af93f1
name: manager
- command: ["/monitor", "--source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]&customLabels[pod_name]", "--stackdriver-prefix=kubernetes.io/internal/addons"]
image: gke.gcr.io/prometheus-to-sd:v0.11.12-gke.11
name: prom-to-sd
`}
NamespacedComponentsWithRatLimitCustomization is the same as NamespacedComponents with the following differences: - the "args" for cnrm-controller-manager/manager container.
View Source
var PerNamespaceControllerManagerPod = `` /* 272-byte string literal not displayed */
View Source
var SystemNs = `apiVersion: v1
kind: Namespace
metadata:
name: cnrm-system
`
Functions ¶
func EnsureNamespaceExists ¶
func GetClusterModeGCPManifest ¶
func GetClusterModeGCPManifest() []string
func GetClusterModeWorkloadIdentityManifest ¶
func GetClusterModeWorkloadIdentityManifest() []string
func GetManifestsWithAlphaAndBetaCRDs ¶ added in v1.103.0
func GetManifestsWithAlphaAndBetaCRDs() []string
func GetManifestsWithAlphaCRD ¶ added in v1.103.0
func GetManifestsWithAlphaCRD() []string
func GetManifestsWithBetaCRD ¶ added in v1.103.0
func GetManifestsWithBetaCRD() []string
func GetManifestsWithDefectiveCRD ¶ added in v1.103.0
func GetManifestsWithDefectiveCRD() []string
func GetManifestsWithNoCRD ¶ added in v1.103.0
func GetManifestsWithNoCRD() []string
func GetManifestsWithNonKCCCRD ¶ added in v1.103.0
func GetManifestsWithNonKCCCRD() []string
func GetPerNamespaceManifest ¶
func GetPerNamespaceManifest() []string
func GetSharedComponentsManifest ¶
func GetSharedComponentsManifest() []string
func HasOperatorFinalizer ¶
func ManuallyReplaceGSA ¶
func ParseObjects ¶
func ToString ¶
func ToString(t *testing.T, u *unstructured.Unstructured) string
func ToUnstructured ¶
func ToUnstructured(t *testing.T, objStr string) *unstructured.Unstructured
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.