diff --git a/bottlerocket-update-operator.yaml b/bottlerocket-update-operator.yaml index b9e70ec1..770793c4 100644 --- a/bottlerocket-update-operator.yaml +++ b/bottlerocket-update-operator.yaml @@ -196,6 +196,15 @@ spec: subresources: status: {} --- +# Source: bottlerocket-update-operator/templates/controller-priority-class.yaml +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: brupop-controller-high-priority + namespace: brupop-bottlerocket-aws +preemptionPolicy: Never +value: 1000000 +--- # Source: bottlerocket-update-operator/templates/agent-service-account.yaml apiVersion: v1 kind: ServiceAccount @@ -470,6 +479,7 @@ spec: ports: - port: 80 targetPort: 8080 + name: main selector: brupop.bottlerocket.aws/component: brupop-controller --- @@ -653,6 +663,12 @@ spec: port: 8443 scheme: HTTPS initialDelaySeconds: 5 + resources: + limits: + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi volumeMounts: - mountPath: /etc/brupop-tls-keys name: bottlerocket-tls-keys @@ -721,7 +737,13 @@ spec: value: "info" image: public.ecr.aws/bottlerocket/bottlerocket-update-operator:v1.3.0 name: brupop - priorityClassName: brupop-controller-high-priority + resources: + limits: + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi + priorityClassName: "brupop-controller-high-priority" serviceAccountName: brupop-controller-service-account --- @@ -804,12 +826,3 @@ metadata: namespace: brupop-bottlerocket-aws spec: selfSigned: {} ---- -# Source: bottlerocket-update-operator/templates/controller-priority-class.yaml -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: brupop-controller-high-priority - namespace: brupop-bottlerocket-aws -preemptionPolicy: Never -value: 1000000 diff --git a/deploy/tests/golden/custom-resource-definition.yaml b/deploy/tests/golden/custom-resource-definition.yaml index b7937f5e..927746b6 100644 --- a/deploy/tests/golden/custom-resource-definition.yaml +++ b/deploy/tests/golden/custom-resource-definition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: brupop-bottlerocket-aws/root-certificate + cert-manager.io/inject-ca-from: brupop-bottlerocket-aws/brupop-selfsigned-ca name: bottlerocketshadows.brupop.bottlerocket.aws spec: conversion: diff --git a/deploy/tests/snapshots/insta_tests__generated_crds.snap.new b/deploy/tests/snapshots/insta_tests__generated_crds.snap.new new file mode 100644 index 00000000..1b94aa0e --- /dev/null +++ b/deploy/tests/snapshots/insta_tests__generated_crds.snap.new @@ -0,0 +1,193 @@ +--- +source: deploy/tests/insta_tests.rs +assertion_line: 30 +expression: crds +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: brupop-bottlerocket-aws/brupop-selfsigned-ca + name: bottlerocketshadows.brupop.bottlerocket.aws +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: brupop-apiserver + namespace: brupop-bottlerocket-aws + path: /crdconvert + port: 443 + conversionReviewVersions: + - v2 + - v1 + group: brupop.bottlerocket.aws + names: + kind: BottlerocketShadow + plural: bottlerocketshadows + shortNames: + - brs + singular: bottlerocketshadow + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.current_state + name: State + type: string + - jsonPath: .status.current_version + name: Version + type: string + - jsonPath: .spec.state + name: Target State + type: string + - jsonPath: .spec.version + name: Target Version + type: string + - jsonPath: .status.crash_count + name: Crash Count + type: string + name: v2 + schema: + openAPIV3Schema: + description: Auto-generated derived type for BottlerocketShadowSpec via `CustomResource` + properties: + spec: + description: The `BottlerocketShadowSpec` can be used to drive a node through the update state machine. A node linearly drives towards the desired state. The brupop controller updates the spec to specify a node's desired state, and the host agent drives state changes forward and updates the `BottlerocketShadowStatus`. + properties: + state: + description: Records the desired state of the `BottlerocketShadow` + enum: + - Idle + - StagedAndPerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + - ErrorReset + type: string + state_transition_timestamp: + description: The time at which the most recent state was set as the desired state. + nullable: true + type: string + version: + description: The desired update version, if any. + nullable: true + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + required: + - state + type: object + status: + description: '`BottlerocketShadowStatus` surfaces the current state of a bottlerocket node. The status is updated by the host agent, while the spec is updated by the brupop controller.' + nullable: true + properties: + crash_count: + format: uint32 + minimum: 0.0 + type: integer + current_state: + description: BottlerocketShadowState represents a node's state in the update state machine. + enum: + - Idle + - StagedAndPerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + - ErrorReset + type: string + current_version: + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + state_transition_failure_timestamp: + nullable: true + type: string + target_version: + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + required: + - crash_count + - current_state + - current_version + - target_version + type: object + required: + - spec + title: BottlerocketShadow + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.current_state + name: State + type: string + - jsonPath: .status.current_version + name: Version + type: string + - jsonPath: .spec.state + name: Target State + type: string + - jsonPath: .spec.version + name: Target Version + type: string + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for BottlerocketShadowSpec via `CustomResource` + properties: + spec: + description: The `BottlerocketShadowSpec` can be used to drive a node through the update state machine. A node linearly drives towards the desired state. The brupop controller updates the spec to specify a node's desired state, and the host agent drives state changes forward and updates the `BottlerocketShadowStatus`. + properties: + state: + description: Records the desired state of the `BottlerocketShadow` + enum: + - Idle + - StagedUpdate + - PerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + type: string + state_transition_timestamp: + description: The time at which the most recent state was set as the desired state. + nullable: true + type: string + version: + description: The desired update version, if any. + nullable: true + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + required: + - state + type: object + status: + description: '`BottlerocketShadowStatus` surfaces the current state of a bottlerocket node. The status is updated by the host agent, while the spec is updated by the brupop controller.' + nullable: true + properties: + current_state: + description: BottlerocketShadowState represents a node's state in the update state machine. + enum: + - Idle + - StagedUpdate + - PerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + type: string + current_version: + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + target_version: + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + required: + - current_state + - current_version + - target_version + type: object + required: + - spec + title: BottlerocketShadow + type: object + served: true + storage: false + subresources: + status: {} + diff --git a/models/src/constants.rs b/models/src/constants.rs index ce525b7c..9471f2ee 100644 --- a/models/src/constants.rs +++ b/models/src/constants.rs @@ -39,7 +39,7 @@ pub const PUBLIC_KEY_NAME: &str = "tls.crt"; pub const PRIVATE_KEY_NAME: &str = "tls.key"; pub const TLS_KEY_MOUNT_PATH: &str = "/etc/brupop-tls-keys"; // Certificate object name -pub const ROOT_CERTIFICATE_NAME: &str = "root-certificate"; +pub const ROOT_CERTIFICATE_NAME: &str = "brupop-selfsigned-ca"; // Label keys pub const LABEL_COMPONENT: &str = brupop_domain!("component");