use config in ctr validation

2026-05-09 18:56:57 +00:00 · 2018-12-18 12:16:47 -08:00
parent 7bc1445691
commit bbf2f4f6e7
5 changed files with 56 additions and 34 deletions
--- a/deploy/all.yaml
+++ b/deploy/all.yaml
@@ -5,20 +5,13 @@ metadata:
  name: fairwinds-config
 data:
  config.yml: |
-    Requests:
+    resources:
      cpu:
        min: 100m
-        max: 2000m
+        max: 500m
      memory:
-          min: 100M
-          max: 2000M
-    Limits:
-      cpu:
-        min: 100m
-        max: 2000m
-      memory:
-          min: 100M
-          max: 2000M
+        min: 100M
+        max: 200M
 ---
 apiVersion: v1
 kind: Namespace
--- a/deploy/pod.yaml
+++ b/deploy/pod.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-2
+spec:
+  containers:
+  - name: nginx
+    image: nginx:latest
--- a/main.go
+++ b/main.go
@@ -50,17 +50,16 @@ func main() {
 	// Parse config.
 	viper.SetConfigName("config")
 	viper.AddConfigPath(".")
-	var conf conf.Configuration
 	if err := viper.ReadInConfig(); err != nil {
 		entryLog.Error(err, "config err")
 	}

-	if err := viper.Unmarshal(&conf); err != nil {
+	var c conf.Configuration
+	if err := viper.Unmarshal(&c); err != nil {
 		entryLog.Error(err, "unmarshal config err")
 	}

-	entryLog.Info(fmt.Sprintf("conf requests: %s", conf.Requests))
-	entryLog.Info(fmt.Sprintf("conf limits: %s", conf.Limits))
+	entryLog.Info(fmt.Sprintf("conf: %#v", c))

 	// Setup a Manager
 	entryLog.Info("setting up manager")
@@ -76,7 +75,7 @@ func main() {
 		Operations(admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update).
 		WithManager(mgr).
 		ForType(&corev1.Pod{}).
-		Handlers(&validator.PodValidator{}).
+		Handlers(&validator.PodValidator{Config: c}).
 		Build()
 	if err != nil {
 		entryLog.Error(err, "unable to setup validating webhook")
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1,12 +1,16 @@
 package config

-// example) min: 100m
-type minmax map[string]string
+import (
+	corev1 "k8s.io/api/core/v1"
+)

-// example) cpu.min: 100m
-type resources map[string]minmax
+type resourceQuanityRange struct {
+	Min string
+	Max string
+}
+
+type ResourceListRange map[corev1.ResourceName]resourceQuanityRange

 type Configuration struct {
-	Requests resources
-	Limits   resources
+	Resources ResourceListRange
 }
--- a/pkg/validator/container.go
+++ b/pkg/validator/container.go
@@ -15,9 +15,12 @@
 package validator

 import (
+	"fmt"
 	"strings"

+	conf "github.com/reactiveops/fairwinds/pkg/config"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
 )

 type containerResults struct {
@@ -25,25 +28,38 @@ type containerResults struct {
 	Reason string
 }

-func validateContainer(container corev1.Container) containerResults {
+func validateContainer(conf conf.Configuration, container corev1.Container) containerResults {
 	var sb strings.Builder
 	results := containerResults{
 		Name: container.Name,
 	}

-	resources(container, sb)
-	probes(container, sb)
-	tag(container, sb)
+	sb.WriteString(resources(conf.Resources, container))
+	sb.WriteString(probes(container))
+	sb.WriteString(tag(container))

 	results.Reason = sb.String()
 	return results
 }

-func resources(c corev1.Container, sb strings.Builder) string {
-	log.Info("validating Container:", "container resources", c.Resources)
-	if c.Resources.Requests.Cpu().IsZero() {
-		sb.WriteString("- CPU requests are not set.\n")
+func resources(conf conf.ResourceListRange, c corev1.Container) string {
+	var sb strings.Builder
+	confCPUmin, err := resource.ParseQuantity(conf["cpu"].Min)
+	if err != nil {
+		log.Error(err, "cpu min parse quan")
 	}
+	// CPUmax, err := resource.ParseQuantity(conf["cpu"].Max)
+	// if err != nil {
+	// 	log.Error(err, "cpu max parse quan")
+	// }
+
+	ctrRequests := c.Resources.Requests.Cpu().MilliValue()
+	configMin := confCPUmin.MilliValue()
+	if ctrRequests < configMin {
+		s := fmt.Sprintf("- CPU requests are too low. Expected greater than: %d, Actual: %d.\n", configMin, ctrRequests)
+		sb.WriteString(s)
+	}
+
 	if c.Resources.Requests.Memory().IsZero() {
 		sb.WriteString("- Memory requests are not set.\n")
 	}
@@ -53,11 +69,11 @@ func resources(c corev1.Container, sb strings.Builder) string {
 	if c.Resources.Limits.Memory().IsZero() {
 		sb.WriteString("- Memory limits are not set.\n")
 	}
-
 	return sb.String()
 }

-func probes(c corev1.Container, sb strings.Builder) string {
+func probes(c corev1.Container) string {
+	var sb strings.Builder
 	if c.ReadinessProbe == nil {
 		sb.WriteString("- Readiness Probe is not set.\n")
 	}
@@ -68,7 +84,8 @@ func probes(c corev1.Container, sb strings.Builder) string {
 	return sb.String()
 }

-func tag(c corev1.Container, sb strings.Builder) string {
+func tag(c corev1.Container) string {
+	var sb strings.Builder
 	img := strings.Split(c.Image, ":")
 	if len(img) == 1 || img[1] == "latest" {
 		sb.WriteString("- Image tag is latest.\n")
@@ -77,7 +94,8 @@ func tag(c corev1.Container, sb strings.Builder) string {
 	return sb.String()
 }

-func hostPort(c corev1.Container, sb strings.Builder) string {
+func hostPort(c corev1.Container) string {
+	var sb strings.Builder
 	for _, port := range c.Ports {
 		if port.HostPort != 0 {
 			sb.WriteString("- Host Port set.\n")