Move init container options to new record

Contrast-Security-OSS · May 17, 2024 · 422cdaf · 422cdaf
1 parent 0c5bc1e
commit 422cdaf
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 23 deletions.
diff --git a/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs b/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs
@@ -186,18 +186,16 @@ private V1Container CreateInitContainer(PatchingContext context,
         securityContent.Capabilities.Drop ??= MergeDropCapabilities(containerSecurityContext);
 
         // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
-        var (cpuRequest, memoryRequest) = _operatorOptions.initRequests;
-        var (cpuLimit, memoryLimit) = _operatorOptions.initLimits;
-
+        var initOptions = _operatorOptions.InitContainerOptions;
         var resources = new V1ResourceRequirements();
 
         resources.Requests ??= new Dictionary<string, ResourceQuantity>(StringComparer.Ordinal);
-        resources.Requests.TryAdd("cpu", new ResourceQuantity(cpuRequest));
-        resources.Requests.TryAdd("memory", new ResourceQuantity(memoryRequest));
+        resources.Requests.TryAdd("cpu", new ResourceQuantity(initOptions.CpuRequest));
+        resources.Requests.TryAdd("memory", new ResourceQuantity(initOptions.MemoryRequest));
 
         resources.Limits ??= new Dictionary<string, ResourceQuantity>(StringComparer.Ordinal);
-        resources.Limits.TryAdd("cpu", new ResourceQuantity(cpuLimit));
-        resources.Limits.TryAdd("memory", new ResourceQuantity(memoryLimit));
+        resources.Limits.TryAdd("cpu", new ResourceQuantity(initOptions.CpuLimit));
+        resources.Limits.TryAdd("memory", new ResourceQuantity(initOptions.MemoryLimit));
 
         var initContainer = new V1Container("contrast-init")
         {

diff --git a/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs b/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs
@@ -91,32 +91,32 @@ protected override void Load(ContainerBuilder builder)
                 chaosPercent = parsedChaosPercent;
             }
 
-            var @cpuRequest = "100m";
-            var @cpuLimit = "100m";
+            var cpuRequest = "100m";
+            var cpuLimit = "100m";
             if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_CPU_REQUEST", out var cpuRequestStr))
             {
-                logger.LogOptionValue("initcontainer-cpu-request", @cpuRequest, cpuRequestStr);
-                @cpuRequest = cpuRequestStr;
+                logger.LogOptionValue("initcontainer-cpu-request", cpuRequest, cpuRequestStr);
+                cpuRequest = cpuRequestStr;
             }
 
             if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_CPU_LIMIT", out var cpuLimitStr))
             {
-                logger.LogOptionValue("initcontainer-cpu-limit", @cpuLimit, cpuLimitStr);
-                @cpuLimit = cpuLimitStr;
+                logger.LogOptionValue("initcontainer-cpu-limit", cpuLimit, cpuLimitStr);
+                cpuLimit = cpuLimitStr;
             }
 
-            var @memoryLimit = "64Mi";
-            var @memoryRequest = "64Mi";
+            var memoryLimit = "64Mi";
+            var memoryRequest = "64Mi";
             if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_MEMORY_REQUEST", out var memoryRequestStr))
             {
-                logger.LogOptionValue("initcontainer-memory-request", @memoryRequest, memoryRequestStr);
-                @memoryRequest = memoryRequestStr;
+                logger.LogOptionValue("initcontainer-memory-request", memoryRequest, memoryRequestStr);
+                memoryRequest = memoryRequestStr;
             }
 
             if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_MEMORY_LIMIT", out var memoryLimitStr))
             {
-                logger.LogOptionValue("initcontainer-memory-limit", @memoryLimit, memoryLimitStr);
-                @memoryLimit = memoryLimitStr;
+                logger.LogOptionValue("initcontainer-memory-limit", memoryLimit, memoryLimitStr);
+                memoryLimit = memoryLimitStr;
             }
 
             return new OperatorOptions(
@@ -128,8 +128,7 @@ protected override void Load(ContainerBuilder builder)
                 runInitContainersAsNonRoot,
                 suppressSeccompProfile,
                 chaosPercent / 100m,
-                (cpuRequest, memoryRequest),
-                (cpuLimit, memoryLimit)
+                new InitContainerOptions(cpuRequest, cpuLimit, memoryRequest, memoryLimit)
             );
         }).SingleInstance();
 

diff --git a/src/Contrast.K8s.AgentOperator/Options/InitContainerOptions.cs b/src/Contrast.K8s.AgentOperator/Options/InitContainerOptions.cs
@@ -0,0 +1,10 @@
+// Contrast Security, Inc licenses this file to you under the Apache 2.0 License.
+// See the LICENSE file in the project root for more information.
+
+namespace Contrast.K8s.AgentOperator.Options;
+
+public record InitContainerOptions(
+    string CpuRequest,
+    string CpuLimit,
+    string MemoryRequest,
+    string MemoryLimit);
diff --git a/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs b/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs
@@ -13,6 +13,5 @@ public record OperatorOptions(string Namespace,
                               bool RunInitContainersAsNonRoot,
                               bool SuppressSeccompProfile,
                               decimal ChaosRatio,
-                              (string cpuRequest, string memoryRequest) initRequests,
-                              (string cpuLimit, string memoryLimit) initLimits,
+                              InitContainerOptions InitContainerOptions,
                               string FieldManagerName = "agents.contrastsecurity.com");