Added route controller manager

openshift · Jan 20, 2023 · db78ff5 · db78ff5
1 parent 923fecb
commit db78ff5
Show file tree

Hide file tree

Showing 8 changed files with 379 additions and 4 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "vendor/*|go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2022-05-16T13:33:33Z",
+  "generated_at": "2023-01-18T16:07:35Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -128,7 +128,7 @@
         "hashed_secret": "caa006e5e030a94b2be4abf9d333f029df7fa5fc",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 29,
+        "line_number": 228,
         "type": "Base64 High Entropy String",
         "verified_result": null
       }
@@ -138,15 +138,15 @@
         "hashed_secret": "733c83df12b5f09020cfc0ad9411ba17e7d1a093",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 3198,
+        "line_number": 3617,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 3861,
+        "line_number": 4280,
         "type": "Secret Keyword",
         "verified_result": null
       }

diff --git a/assets/route-controller-manager/config.yaml b/assets/route-controller-manager/config.yaml
@@ -0,0 +1,27 @@
+apiVersion: openshiftcontrolplane.config.openshift.io/v1
+kind: OpenShiftControllerManagerConfig
+build:
+  buildDefaults:
+    resources: {}
+  imageTemplateFormat:
+    format: {{ imageFor "docker-builder" }}
+deployer:
+  imageTemplateFormat:
+    format: {{ imageFor "deployer" }}
+dockerPullSecret:
+  internalRegistryHostname: image-registry.openshift-image-registry.svc:5000
+ingress:
+  ingressIPNetworkCIDR: ''
+kubeClientConfig:
+  kubeConfig: /etc/kubernetes/secret/kubeconfig
+servingInfo:
+  certFile: /etc/kubernetes/secret/server.crt
+  keyFile: /etc/kubernetes/secret/server.key
+  clientCA: /etc/kubernetes/config/serving-ca.crt
+  cipherSuites:
+  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+  - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+  - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+  - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+  - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+  - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
diff --git a/assets/route-controller-manager/route-controller-manager-config-configmap.yaml b/assets/route-controller-manager/route-controller-manager-config-configmap.yaml
@@ -0,0 +1,7 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: route-controller-manager-config
+data:
+  config.yaml: |-
+{{ include "route-controller-manager/config.yaml" 4 }}
diff --git a/assets/route-controller-manager/route-controller-manager-deployment.yaml b/assets/route-controller-manager/route-controller-manager-deployment.yaml
@@ -0,0 +1,113 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: route-controller-manager
+spec:
+  replicas: {{ .Replicas }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: route-controller-manager
+  minReadySeconds: 30
+  template:
+    metadata:
+      labels:
+        app: route-controller-manager
+        clusterID: "{{ .ClusterID }}"
+{{ if .RestartDate }}
+      annotations:
+        openshift.io/restartedAt: "{{ .RestartDate }}"
+{{ end }}
+    spec:
+      tolerations:
+        - key: "dedicated"
+          operator: "Equal"
+          value: "master-{{ .ClusterID }}"
+          effect: NoSchedule
+        - key: "multi-az-worker"
+          operator: "Equal"
+          value: "true"
+          effect: NoSchedule
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            preference:
+              matchExpressions:
+              - key: dedicated
+                operator: In
+                values:
+                - master-{{ .ClusterID }}
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: clusterID
+                      operator: In
+                      values: ["{{ .ClusterID }}"]
+                topologyKey: "kubernetes.io/hostname"
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values: ["route-controller-manager"]
+              topologyKey: "kubernetes.io/hostname"
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values: ["route-controller-manager"]
+              topologyKey: "topology.kubernetes.io/zone"
+      automountServiceAccountToken: false
+{{ if .MasterPriorityClass }}
+      priorityClassName: {{ .MasterPriorityClass }}
+{{ end }}
+      terminationGracePeriodSeconds: 90
+      containers:
+      - name: route-controller-manager
+{{- if .RouteControllerManagerSecurityContext }}
+{{- $securityContext := .RouteControllerManagerSecurityContext }}
+        securityContext:
+          runAsUser: {{ $securityContext.RunAsUser }}
+{{- end }}
+        image: {{ imageFor "route-controller-manager" }}
+        command:
+        - "route-controller-manager"
+        args:
+        - "start"
+        - "--config=/etc/kubernetes/rcmconfig/config.yaml"
+{{ if .RouteControllerManagerResources }}
+        resources:{{ range .RouteControllerManagerResources }}{{ range .ResourceRequest }}
+          requests: {{ if .CPU }}
+            cpu: {{ .CPU }}{{ end }}{{ if .Memory }}
+            memory: {{ .Memory }}{{ end }}{{ end }}{{ range .ResourceLimit }}
+          limits: {{ if .CPU }}
+            cpu: {{ .CPU }}{{ end }}{{ if .Memory }}
+            memory: {{ .Memory }}{{ end }}{{ end }}{{ end }}
+{{ end }}
+        volumeMounts:
+        - mountPath: /etc/kubernetes/secret
+          name: secret
+        - mountPath: /etc/kubernetes/rcmconfig
+          name: rcmconfig
+        - mountPath: /etc/kubernetes/config
+          name: config
+      volumes:
+      - secret:
+          secretName: route-controller-manager
+          defaultMode: 0640
+        name: secret
+      - configMap:
+          name: route-controller-manager
+        name: config
+      - configMap:
+          name: route-controller-manager-config
+        name: rcmconfig
diff --git a/cluster.yaml.example b/cluster.yaml.example
@@ -69,6 +69,13 @@ openshiftControllerManagerResources:
     - resourceLimit:
         - cpu: 200m
           memory: 200Mi
+routeControllerManagerResources:
+    - resourceRequest:
+        - cpu: 23m
+          memory: 78Mi
+    - resourceLimit:
+        - cpu: 200m
+          memory: 200Mi
 clusterVersionOperatorResources:
     - resourceRequest:
         - cpu: 12m
@@ -198,6 +205,8 @@ openshiftAPIServerSecurityContext:
   runAsUser: 1000
 openshiftControllerManagerSecurityContext:
   runAsUser: 1000
+routeControllerManagerSecurityContext:
+  runAsUser: 1000
 clusterPolicyControllerSecurityContext:
   runAsUser: 1000
 oAuthServerSecurityContext:

diff --git a/pkg/api/types.go b/pkg/api/types.go
@@ -33,6 +33,7 @@ type ClusterParams struct {
 	RouterServiceType                         string                 `json:"routerServiceType"`
 	KubeAPIServerResources                    []ResourceRequirements `json:"kubeAPIServerResources"`
 	OpenshiftControllerManagerResources       []ResourceRequirements `json:"openshiftControllerManagerResources"`
+	RouteControllerManagerResources           []ResourceRequirements `json:"routeControllerManagerResources"`
 	ClusterVersionOperatorResources           []ResourceRequirements `json:"clusterVersionOperatorResources"`
 	KubeControllerManagerResources            []ResourceRequirements `json:"kubeControllerManagerResources"`
 	OpenshiftAPIServerResources               []ResourceRequirements `json:"openshiftAPIServerResources"`
@@ -67,6 +68,7 @@ type ClusterParams struct {
 	OpenshiftAPIServerSecurityContext         *SecurityContext       `json:"openshiftAPIServerSecurityContext"`
 	OauthAPIServerSecurityContext             *SecurityContext       `json:"oauthAPIServerSecurityContext"`
 	OpenshiftControllerManagerSecurityContext *SecurityContext       `json:"openshiftControllerManagerSecurityContext"`
+	RouteControllerManagerSecurityContext     *SecurityContext       `json:"routeControllerManagerSecurityContext"`
 	PortierisSecurityContext                  *SecurityContext       `json:"portierisSecurityContext"`
 	ClusterVersionOperatorSecurityContext     *SecurityContext       `json:"clusterVersionOperatorSecurityContext"`
 	KMSSecurityContext                        *SecurityContext       `json:"kmsSecurityContext"`