Open shokohsc opened 2 years ago
angelnu
commented
2 years ago @shokohsc - it can be done. The difficulty will depend on how complex it needs to be as we would need to pass it though env variables OR parse from a configmap.
Did you try with gatekeeper? Any trade-offs using it?
shokohsc
commented
2 years ago @angelnu Hello, sorry for delay, it appears it cannot be done via gatekeeper (v0.3.9) as it'll pick up the pod after the gateway admission controller (this is actually fine and what is, I guess, the intended behavior) and gateway manager errors like so:
Operation cannot be fulfilled on mutatorpodstatuses.status.gatekeeper.sh \"gatekeeper--audit--5fb5589dcd--6jsmc-assign-gateway--sidecar\": the object has been modified; please apply your changes to the latest version and try again
I applied this Assign CRD:
apiVersion: mutations.gatekeeper.sh/v1beta1
kind: Assign
metadata:
name: gateway-sidecar
spec:
applyTo:
- groups: [""]
kinds: ["Pod"]
versions: ["v1"]
match:
scope: Cluster
kinds:
- apiGroups: ["*"]
kinds: ["Pod"]
namespaceSelector:
matchLabels:
routed-gateway: "true"
location: "spec.containers[name:gateway-sidecar].resources"
parameters:
assign:
value:
requests:
cpu: 10m
memory: 64M
limits:
cpu: 100m
memory: 64MIn the end, I don't think using another webhook (as in installing a whole project) to edit what this admission controller could do should be the way to go. As for how resources could be defined from, your guess is as good as mine. I don't know golang so I won't be of any help on the matter unfortunately.
Hello, thanks for this project, this is very useful.
I'd like to define resources for the injected
gateway-sidecarcontainer, I can see here that this is not yet possible.Could it be done ? Not much of a go programmer myself. I imagine that the settings.sh file could be used to look for variables containing cpu/memory requests and limits to be defined.
Or maybe using some project like gatekeeper to apply another mutation ?
Cheers