⭐ Add Resource to Nodes type (#421)

Nodes resource requirements can now be configured seperatly. Fixes #390 Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Jul 4, 2022 · ef08378 · ef08378
1 parent e18f260
commit ef08378
Show file tree

Hide file tree

Showing 6 changed files with 107 additions and 17 deletions.
diff --git a/api/v1alpha2/mondooauditconfig_types.go b/api/v1alpha2/mondooauditconfig_types.go
@@ -67,7 +67,8 @@ type KubernetesResources struct {
 }
 
 type Nodes struct {
-	Enable bool `json:"enable,omitempty"`
+	Enable    bool                        `json:"enable,omitempty"`
+	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
 }
 
 type Admission struct {

diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go
diff --git a/config/crd/bases/k8s.mondoo.com_mondooauditconfigs.yaml b/config/crd/bases/k8s.mondoo.com_mondooauditconfigs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: mondooauditconfigs.k8s.mondoo.com
 spec:
@@ -105,6 +105,33 @@ spec:
                 properties:
                   enable:
                     type: boolean
+                  resources:
+                    description: ResourceRequirements describes the compute resource
+                      requirements.
+                    properties:
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                    type: object
                 type: object
               scanner:
                 description: Scanner defines the settings for the Mondoo scanner that
@@ -203,9 +230,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/config/crd/bases/k8s.mondoo.com_mondoooperatorconfigs.yaml b/config/crd/bases/k8s.mondoo.com_mondoooperatorconfigs.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: mondoooperatorconfigs.k8s.mondoo.com
 spec:
@@ -99,9 +99,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/controllers/nodes/resources.go b/controllers/nodes/resources.go
@@ -66,7 +66,7 @@ func CronJob(image string, node corev1.Node, m v1alpha2.MondooAuditConfig) *batc
 										"--inventory-file", "/etc/opt/mondoo/inventory.yml",
 										"--score-threshold", "0",
 									},
-									Resources: k8s.ResourcesRequirementsWithDefaults(m.Spec.Scanner.Resources),
+									Resources: k8s.ResourcesRequirementsWithDefaults(m.Spec.Nodes.Resources),
 									SecurityContext: &corev1.SecurityContext{
 										AllowPrivilegeEscalation: pointer.Bool(false),
 										ReadOnlyRootFilesystem:   pointer.Bool(true),

diff --git a/controllers/nodes/resources_test.go b/controllers/nodes/resources_test.go
@@ -10,11 +10,17 @@ import (
 	"github.com/stretchr/testify/assert"
 	"go.mondoo.com/mondoo-operator/api/v1alpha2"
 	"go.mondoo.com/mondoo-operator/pkg/constants"
+	"go.mondoo.com/mondoo-operator/pkg/utils/k8s"
 	"go.mondoo.com/mondoo-operator/tests/framework/utils"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+const (
+	testMondooAuditConfigName = "mondoo-config"
+)
+
 func TestCronJobName(t *testing.T) {
 	rand.Seed(time.Now().UnixNano())
 	prefix := "mondoo-client"
@@ -85,6 +91,64 @@ func TestConfigMapName(t *testing.T) {
 	}
 }
 
+func TestResources(t *testing.T) {
+	rand.Seed(time.Now().UnixNano())
+	tests := []struct {
+		name              string
+		mondooauditconfig func() *v1alpha2.MondooAuditConfig
+		expectedResources corev1.ResourceRequirements
+	}{
+		{
+			name: "resources should match default",
+			mondooauditconfig: func() *v1alpha2.MondooAuditConfig {
+				return testMondooAuditConfig()
+			},
+			expectedResources: k8s.DefaultMondooClientResources,
+		},
+		{
+			name: "resources should match spec",
+			mondooauditconfig: func() *v1alpha2.MondooAuditConfig {
+				mac := testMondooAuditConfig()
+				mac.Spec.Nodes.Resources = corev1.ResourceRequirements{
+					Limits: corev1.ResourceList{
+						corev1.ResourceMemory: resource.MustParse("100m"),
+						corev1.ResourceCPU:    resource.MustParse("100m"),
+					},
+					Requests: corev1.ResourceList{
+						corev1.ResourceMemory: resource.MustParse("100m"),
+						corev1.ResourceCPU:    resource.MustParse("100m"),
+					},
+				}
+				return mac
+			},
+			expectedResources: corev1.ResourceRequirements{
+				Limits: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("100m"),
+					corev1.ResourceCPU:    resource.MustParse("100m"),
+				},
+
+				Requests: corev1.ResourceList{
+					corev1.ResourceMemory: resource.MustParse("100m"),
+					corev1.ResourceCPU:    resource.MustParse("100m"),
+				},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			testNode := &corev1.Node{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-node-name",
+				},
+			}
+			mac := *test.mondooauditconfig()
+			cronJobSepc := CronJob("test123", *testNode, mac)
+			assert.Equal(t, test.expectedResources, cronJobSepc.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Resources)
+		})
+	}
+}
+
 func TestInventory(t *testing.T) {
 	randName := utils.RandString(10)
 	auditConfig := v1alpha2.MondooAuditConfig{ObjectMeta: metav1.ObjectMeta{Name: "mondoo-client"}}
@@ -101,3 +165,12 @@ func TestInventory(t *testing.T) {
 	assert.Contains(t, inventory, constants.MondooAssetsIntegrationLabel)
 	assert.Contains(t, inventory, integrationMRN)
 }
+
+func testMondooAuditConfig() *v1alpha2.MondooAuditConfig {
+	return &v1alpha2.MondooAuditConfig{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      testMondooAuditConfigName,
+			Namespace: testNamespace,
+		},
+	}
+}