Move InitContainerOptions out of operator options

Contrast-Security-OSS · May 17, 2024 · df09604 · df09604
1 parent 422cdaf
commit df09604
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 18 deletions.
diff --git a/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs b/src/Contrast.K8s.AgentOperator/Core/Reactions/Injecting/Patching/PodPatcher.cs
@@ -27,13 +27,15 @@ public class PodPatcher : IPodPatcher
     private readonly IGlobMatcher _globMatcher;
     private readonly IClusterIdState _clusterIdState;
     private readonly OperatorOptions _operatorOptions;
+    private readonly InitContainerOptions _initOptions;
 
-    public PodPatcher(Func<IEnumerable<IAgentPatcher>> patchersFactory, IGlobMatcher globMatcher, IClusterIdState clusterIdState, OperatorOptions operatorOptions)
+    public PodPatcher(Func<IEnumerable<IAgentPatcher>> patchersFactory, IGlobMatcher globMatcher, IClusterIdState clusterIdState, OperatorOptions operatorOptions, InitContainerOptions initOptions)
     {
         _patchersFactory = patchersFactory;
         _globMatcher = globMatcher;
         _clusterIdState = clusterIdState;
         _operatorOptions = operatorOptions;
+        _initOptions = initOptions;
     }
 
     public ValueTask Patch(PatchingContext context, V1Pod pod, CancellationToken cancellationToken = default)
@@ -186,16 +188,15 @@ private V1Container CreateInitContainer(PatchingContext context,
         securityContent.Capabilities.Drop ??= MergeDropCapabilities(containerSecurityContext);
 
         // https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
-        var initOptions = _operatorOptions.InitContainerOptions;
         var resources = new V1ResourceRequirements();
 
         resources.Requests ??= new Dictionary<string, ResourceQuantity>(StringComparer.Ordinal);
-        resources.Requests.TryAdd("cpu", new ResourceQuantity(initOptions.CpuRequest));
-        resources.Requests.TryAdd("memory", new ResourceQuantity(initOptions.MemoryRequest));
+        resources.Requests.TryAdd("cpu", new ResourceQuantity(_initOptions.CpuRequest));
+        resources.Requests.TryAdd("memory", new ResourceQuantity(_initOptions.MemoryRequest));
 
         resources.Limits ??= new Dictionary<string, ResourceQuantity>(StringComparer.Ordinal);
-        resources.Limits.TryAdd("cpu", new ResourceQuantity(initOptions.CpuLimit));
-        resources.Limits.TryAdd("memory", new ResourceQuantity(initOptions.MemoryLimit));
+        resources.Limits.TryAdd("cpu", new ResourceQuantity(_initOptions.CpuLimit));
+        resources.Limits.TryAdd("memory", new ResourceQuantity(_initOptions.MemoryLimit));
 
         var initContainer = new V1Container("contrast-init")
         {

diff --git a/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs b/src/Contrast.K8s.AgentOperator/Modules/OptionsModule.cs
@@ -91,6 +91,21 @@ protected override void Load(ContainerBuilder builder)
                 chaosPercent = parsedChaosPercent;
             }
 
+            return new OperatorOptions(
+                @namespace,
+                settleDuration,
+                eventQueueSize,
+                fullMode,
+                eventQueueMergeWindowSeconds,
+                runInitContainersAsNonRoot,
+                suppressSeccompProfile,
+                chaosPercent / 100m);
+        }).SingleInstance();
+
+        builder.Register(context =>
+        {
+            var logger = context.Resolve<IOptionsLogger>();
+
             var cpuRequest = "100m";
             var cpuLimit = "100m";
             if (GetEnvironmentVariableAsString("CONTRAST_INITCONTAINER_CPU_REQUEST", out var cpuRequestStr))
@@ -119,17 +134,7 @@ protected override void Load(ContainerBuilder builder)
                 memoryLimit = memoryLimitStr;
             }
 
-            return new OperatorOptions(
-                @namespace,
-                settleDuration,
-                eventQueueSize,
-                fullMode,
-                eventQueueMergeWindowSeconds,
-                runInitContainersAsNonRoot,
-                suppressSeccompProfile,
-                chaosPercent / 100m,
-                new InitContainerOptions(cpuRequest, cpuLimit, memoryRequest, memoryLimit)
-            );
+            return new InitContainerOptions(cpuRequest, cpuLimit, memoryRequest, memoryLimit);
         }).SingleInstance();
 
         builder.Register(context =>

diff --git a/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs b/src/Contrast.K8s.AgentOperator/Options/OperatorOptions.cs
@@ -13,5 +13,4 @@ public record OperatorOptions(string Namespace,
                               bool RunInitContainersAsNonRoot,
                               bool SuppressSeccompProfile,
                               decimal ChaosRatio,
-                              InitContainerOptions InitContainerOptions,
                               string FieldManagerName = "agents.contrastsecurity.com");