diff --git a/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs b/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs index 50cfdee..ef428d9 100644 --- a/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs +++ b/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs @@ -186,18 +186,16 @@ private V1Container CreateInitContainer(PatchingContext context, securityContent.Capabilities.Drop ??= MergeDropCapabilities(containerSecurityContext); // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container - var (cpuRequest, memoryRequest) = _operatorOptions.initRequests; - var (cpuLimit, memoryLimit) = _operatorOptions.initLimits; - + var initOptions = _operatorOptions.InitContainerOptions; var resources = new V1ResourceRequirements(); resources.Requests ??= new Dictionary(StringComparer.Ordinal); - resources.Requests.TryAdd("cpu", new ResourceQuantity(cpuRequest)); - resources.Requests.TryAdd("memory", new ResourceQuantity(memoryRequest)); + resources.Requests.TryAdd("cpu", new ResourceQuantity(initOptions.CpuRequest)); + resources.Requests.TryAdd("memory", new ResourceQuantity(initOptions.MemoryRequest)); resources.Limits ??= new Dictionary(StringComparer.Ordinal); - resources.Limits.TryAdd("cpu", new ResourceQuantity(cpuLimit)); - resources.Limits.TryAdd("memory", new ResourceQuantity(memoryLimit)); + resources.Limits.TryAdd("cpu", new ResourceQuantity(initOptions.CpuLimit)); + resources.Limits.TryAdd("memory", new ResourceQuantity(initOptions.MemoryLimit)); var initContainer = new V1Container("contrast-init") { diff --git a/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs b/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs index 1b0cfca..ef88f9e 100644 --- a/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs +++ b/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs @@ -91,32 +91,32 @@ protected override void Load(ContainerBuilder builder) chaosPercent = parsedChaosPercent; } - var @cpuRequest = "100m"; - var @cpuLimit = "100m"; + var cpuRequest = "100m"; + var cpuLimit = "100m"; if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_CPU_REQUEST", out var cpuRequestStr)) { - logger.LogOptionValue("initcontainer-cpu-request", @cpuRequest, cpuRequestStr); - @cpuRequest = cpuRequestStr; + logger.LogOptionValue("initcontainer-cpu-request", cpuRequest, cpuRequestStr); + cpuRequest = cpuRequestStr; } if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_CPU_LIMIT", out var cpuLimitStr)) { - logger.LogOptionValue("initcontainer-cpu-limit", @cpuLimit, cpuLimitStr); - @cpuLimit = cpuLimitStr; + logger.LogOptionValue("initcontainer-cpu-limit", cpuLimit, cpuLimitStr); + cpuLimit = cpuLimitStr; } - var @memoryLimit = "64Mi"; - var @memoryRequest = "64Mi"; + var memoryLimit = "64Mi"; + var memoryRequest = "64Mi"; if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_MEMORY_REQUEST", out var memoryRequestStr)) { - logger.LogOptionValue("initcontainer-memory-request", @memoryRequest, memoryRequestStr); - @memoryRequest = memoryRequestStr; + logger.LogOptionValue("initcontainer-memory-request", memoryRequest, memoryRequestStr); + memoryRequest = memoryRequestStr; } if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_MEMORY_LIMIT", out var memoryLimitStr)) { - logger.LogOptionValue("initcontainer-memory-limit", @memoryLimit, memoryLimitStr); - @memoryLimit = memoryLimitStr; + logger.LogOptionValue("initcontainer-memory-limit", memoryLimit, memoryLimitStr); + memoryLimit = memoryLimitStr; } return new OperatorOptions( @@ -128,8 +128,7 @@ protected override void Load(ContainerBuilder builder) runInitContainersAsNonRoot, suppressSeccompProfile, chaosPercent / 100m, - (cpuRequest, memoryRequest), - (cpuLimit, memoryLimit) + new InitContainerOptions(cpuRequest, cpuLimit, memoryRequest, memoryLimit) ); }).SingleInstance(); diff --git a/src/Contrast.K8s.AgentOperator/Options/InitContainerOptions.cs b/src/Contrast.K8s.AgentOperator/Options/InitContainerOptions.cs new file mode 100644 index 0000000..b2963ff --- /dev/null +++ b/src/Contrast.K8s.AgentOperator/Options/InitContainerOptions.cs @@ -0,0 +1,10 @@ +// Contrast Security, Inc licenses this file to you under the Apache 2.0 License. +// See the LICENSE file in the project root for more information. + +namespace Contrast.K8s.AgentOperator.Options; + +public record InitContainerOptions( + string CpuRequest, + string CpuLimit, + string MemoryRequest, + string MemoryLimit); diff --git a/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs b/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs index d2736b6..5ea3a5a 100644 --- a/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs +++ b/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs @@ -13,6 +13,5 @@ public record OperatorOptions(string Namespace, bool RunInitContainersAsNonRoot, bool SuppressSeccompProfile, decimal ChaosRatio, - (string cpuRequest, string memoryRequest) initRequests, - (string cpuLimit, string memoryLimit) initLimits, + InitContainerOptions InitContainerOptions, string FieldManagerName = "agents.contrastsecurity.com");