From d343a0fcc165d6c7529413c6e1eb3a352624a3ba Mon Sep 17 00:00:00 2001 From: Greg Pontejos Date: Tue, 24 Sep 2024 15:21:41 -0500 Subject: [PATCH] update limits, documentation, and Makefile version --- Makefile | 2 +- api/falcon/v1alpha1/falconadmission_types.go | 6 +++--- .../falcon.crowdstrike.com_falconadmissions.yaml | 12 ++++++------ deploy/falcon-operator.yaml | 12 ++++++------ docs/resources/admission/README.md | 14 ++++++++++---- 5 files changed, 26 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index 3e5a7257..6fa313f5 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 1.1.0 +VERSION ?= 1.3.0 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") diff --git a/api/falcon/v1alpha1/falconadmission_types.go b/api/falcon/v1alpha1/falconadmission_types.go index de828aea..551f315d 100644 --- a/api/falcon/v1alpha1/falconadmission_types.go +++ b/api/falcon/v1alpha1/falconadmission_types.go @@ -141,15 +141,15 @@ type FalconAdmissionConfigSpec struct { ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Client Resources",order=9,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"} - // +kubebuilder:default:={"limits":{"cpu":"750m","memory":"256Mi"},"requests":{"cpu":"500m","memory":"256Mi"}} + // +kubebuilder:default:={"limits":{"cpu":"750m","memory":"384Mi"},"requests":{"cpu":"500m","memory":"384Mi"}} ResourcesClient *corev1.ResourceRequirements `json:"resourcesClient,omitempty"` // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Watcher Resources",order=14,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"} - // +kubebuilder:default:={"limits":{"cpu":"750m","memory":"256Mi"},"requests":{"cpu":"500m","memory":"256Mi"}} + // +kubebuilder:default:={"limits":{"cpu":"750m","memory":"384Mi"},"requests":{"cpu":"500m","memory":"384Mi"}} ResourcesWatcher *corev1.ResourceRequirements `json:"resourcesWatcher,omitempty"` // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Resources",order=10,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"} - //+kubebuilder:default:={"limits":{"cpu":"300m","memory":"512Mi"},"requests":{"cpu":"300m","memory":"512Mi"}} + //+kubebuilder:default:={"limits":{"cpu":"300m","memory":"256Mi"},"requests":{"cpu":"300m","memory":"256Mi"}} ResourcesAC *corev1.ResourceRequirements `json:"resources,omitempty"` // Type of Deployment update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. diff --git a/config/crd/bases/falcon.crowdstrike.com_falconadmissions.yaml b/config/crd/bases/falcon.crowdstrike.com_falconadmissions.yaml index 588a0279..4ba65612 100644 --- a/config/crd/bases/falcon.crowdstrike.com_falconadmissions.yaml +++ b/config/crd/bases/falcon.crowdstrike.com_falconadmissions.yaml @@ -114,10 +114,10 @@ spec: default: limits: cpu: 300m - memory: 512Mi + memory: 256Mi requests: cpu: 300m - memory: 512Mi + memory: 256Mi description: ResourceRequirements describes the compute resource requirements. properties: @@ -171,10 +171,10 @@ spec: default: limits: cpu: 750m - memory: 256Mi + memory: 384Mi requests: cpu: 500m - memory: 256Mi + memory: 384Mi description: ResourceRequirements describes the compute resource requirements. properties: @@ -228,10 +228,10 @@ spec: default: limits: cpu: 750m - memory: 256Mi + memory: 384Mi requests: cpu: 500m - memory: 256Mi + memory: 384Mi description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/deploy/falcon-operator.yaml b/deploy/falcon-operator.yaml index c7056f09..403b6fc9 100644 --- a/deploy/falcon-operator.yaml +++ b/deploy/falcon-operator.yaml @@ -128,10 +128,10 @@ spec: default: limits: cpu: 300m - memory: 512Mi + memory: 256Mi requests: cpu: 300m - memory: 512Mi + memory: 256Mi description: ResourceRequirements describes the compute resource requirements. properties: @@ -185,10 +185,10 @@ spec: default: limits: cpu: 750m - memory: 256Mi + memory: 384Mi requests: cpu: 500m - memory: 256Mi + memory: 384Mi description: ResourceRequirements describes the compute resource requirements. properties: @@ -242,10 +242,10 @@ spec: default: limits: cpu: 750m - memory: 256Mi + memory: 384Mi requests: cpu: 500m - memory: 256Mi + memory: 384Mi description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/docs/resources/admission/README.md b/docs/resources/admission/README.md index 4f90e22f..629a6706 100644 --- a/docs/resources/admission/README.md +++ b/docs/resources/admission/README.md @@ -32,6 +32,12 @@ spec: ``` ### FalconAdmission Reference Manual +#### Falcon Operator Support for Falcon Admission Controller + +| Falcon Operator Version | Falcon Admission Controller Version | +|:-----------------------------|:------------------------------------------| +| `<= 1.2.x` | `< 7.20.x` | +| `>= 1.3.x` | `>= 7.20.x` | #### Falcon API Settings | Spec | Description | @@ -59,10 +65,10 @@ spec: | admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller | | admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller | | admissionConfig.disabledNamespaces.namespaces | (optional) Configure the list of namespaces the Falcon Admission Controller validating webhook should ignore | -| admissionConfig.deployWatcher | (optional) Determines if falcon-watcher container is added to the Falcon Admission Controller Pod | -| admissionConfig.snapshotsEnabled | (optional) Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility. | -| admissionConfig.snapshotsInterval | (optional) Time interval between two snapshots of Kubernetes resources in the cluster | -| admissionConfig.watcherEnabled | (optional) Determines if Kubernetes resources are watched for cluster visibility | +| admissionConfig.deployWatcher | (optional) Determines if the falcon-watcher container is added to the Falcon Admission Controller Pod | +| admissionConfig.snapshotsEnabled | (optional) Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility in. Requires falcon-watcher container. | +| admissionConfig.snapshotsInterval | (optional) Time interval between two snapshots of Kubernetes resources in the cluster. Requires falcon-watcher container. | +| admissionConfig.watcherEnabled | (optional) Determines if Kubernetes resources are watched for cluster visibility. Requires falcon-watcher container. | | admissionConfig.replicas | (optional) Currently ignored and internally set to 1 | | admissionConfig.imagePullPolicy | (optional) Configure the image pull policy of the Falcon Admission Controller | | admissionConfig.imagePullSecrets | (optional) Configure the image pull secrets of the Falcon Admission Controller |