From 9d89a7c101ca8550e6c68aeaf70f627d951bccb9 Mon Sep 17 00:00:00 2001 From: Nathan Coleman Date: Thu, 1 Feb 2024 12:17:31 -0500 Subject: [PATCH] Respect connectInject.initContainer.resources for v1 API gateways --- control-plane/api-gateway/common/helm_config.go | 4 ++++ control-plane/api-gateway/gatekeeper/init.go | 7 ++++++- control-plane/subcommand/inject-connect/v1controllers.go | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/control-plane/api-gateway/common/helm_config.go b/control-plane/api-gateway/common/helm_config.go index 7ce8e0778a..9b0ab1d7e8 100644 --- a/control-plane/api-gateway/common/helm_config.go +++ b/control-plane/api-gateway/common/helm_config.go @@ -6,6 +6,8 @@ package common import ( "strings" "time" + + v1 "k8s.io/api/core/v1" ) const componentAuthMethod = "k8s-component-auth-method" @@ -40,6 +42,8 @@ type HelmConfig struct { // MapPrivilegedServicePorts is the value which Consul will add to privileged container port values (ports < 1024) // defined on a Gateway. MapPrivilegedServicePorts int + + InitContainerResources *v1.ResourceRequirements } type ConsulConfig struct { diff --git a/control-plane/api-gateway/gatekeeper/init.go b/control-plane/api-gateway/gatekeeper/init.go index 2bfa3f8e83..1cd616bfc9 100644 --- a/control-plane/api-gateway/gatekeeper/init.go +++ b/control-plane/api-gateway/gatekeeper/init.go @@ -11,10 +11,11 @@ import ( corev1 "k8s.io/api/core/v1" + "k8s.io/utils/pointer" + "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" "github.com/hashicorp/consul-k8s/control-plane/namespaces" - "k8s.io/utils/pointer" ) const ( @@ -169,6 +170,10 @@ func initContainer(config common.HelmConfig, name, namespace string) (corev1.Con }) } + if config.InitContainerResources != nil { + container.Resources = *config.InitContainerResources + } + // Openshift Assigns the security context for us, do not enable if it is enabled. if !config.EnableOpenShift { container.SecurityContext = &corev1.SecurityContext{ diff --git a/control-plane/subcommand/inject-connect/v1controllers.go b/control-plane/subcommand/inject-connect/v1controllers.go index 541ac00f49..3dfa99bc48 100644 --- a/control-plane/subcommand/inject-connect/v1controllers.go +++ b/control-plane/subcommand/inject-connect/v1controllers.go @@ -128,6 +128,7 @@ func (c *Command) configureV1Controllers(ctx context.Context, mgr manager.Manage ConsulTLSServerName: c.consul.TLSServerName, ConsulPartition: c.consul.Partition, ConsulCACert: string(c.caCertPem), + InitContainerResources: &c.initContainerResources, }, AllowK8sNamespacesSet: allowK8sNamespaces, DenyK8sNamespacesSet: denyK8sNamespaces,