Calico APIServer configuration

tigera · Aug 29, 2024 · 88031b9 · 88031b9
1 parent 6eeefb1
commit 88031b9
Show file tree

Hide file tree

Showing 7 changed files with 479 additions and 1 deletion.
diff --git a/api/v1/apiserver_types.go b/api/v1/apiserver_types.go
@@ -146,6 +146,10 @@ type APIServerDeploymentPodSpec struct {
 	// WARNING: Please note that this field will override the default API server Deployment tolerations.
 	// +optional
 	Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+
+	// PriorityClassName allows to specify a PriorityClass resource to be used.
+	// +optional
+	PriorityClassName string `json:"priorityClassName,omitempty"`
 }
 
 // APIServerDeploymentPodTemplateSpec is the API server Deployment's PodTemplateSpec
@@ -304,5 +308,10 @@ func (c *APIServerDeployment) GetDeploymentStrategy() *appsv1.DeploymentStrategy
 }
 
 func (c *APIServerDeployment) GetPriorityClassName() string {
+	if c.Spec.Template != nil {
+		if c.Spec.Template.Spec != nil {
+			return c.Spec.Template.Spec.PriorityClassName
+		}
+	}
 	return ""
 }
diff --git a/api/v1/installation_types.go b/api/v1/installation_types.go
@@ -173,6 +173,9 @@ type InstallationSpec struct {
 	// ComponentResources or TyphaAffinity, then these overrides take precedence.
 	TyphaDeployment *TyphaDeployment `json:"typhaDeployment,omitempty"`
 
+	// CalicoApiserverDeployment configures the apiserver Deployment.
+	APIServerDeployment *APIServerDeployment `json:"apiserverDeployment,omitempty"`
+
 	// Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future.
 	// CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.
 	CalicoWindowsUpgradeDaemonSet *CalicoWindowsUpgradeDaemonSet `json:"calicoWindowsUpgradeDaemonSet,omitempty"`

diff --git a/pkg/controller/installation/validation.go b/pkg/controller/installation/validation.go
@@ -23,6 +23,7 @@ import (
 	operatorv1 "github.com/tigera/operator/api/v1"
 	"github.com/tigera/operator/pkg/common"
 	"github.com/tigera/operator/pkg/common/validation"
+	apiserver "github.com/tigera/operator/pkg/common/validation/apiserver"
 	node "github.com/tigera/operator/pkg/common/validation/calico-node"
 	csinodedriver "github.com/tigera/operator/pkg/common/validation/csi-node-driver"
 	kubecontrollers "github.com/tigera/operator/pkg/common/validation/kube-controllers"
@@ -374,6 +375,14 @@ func validateCustomResource(instance *operatorv1.Installation) error {
 		}
 	}
 
+	// Verify the APIServerDeployment overrides, if specified, is valid.
+	if deploy := instance.Spec.APIServerDeployment; deploy != nil {
+		err := validation.ValidateReplicatedPodResourceOverrides(deploy, apiserver.ValidateAPIServerDeploymentContainer, apiserver.ValidateAPIServerDeploymentInitContainer)
+		if err != nil {
+			return fmt.Errorf("Installation spec.APIServerDeployment is not valid: %w", err)
+		}
+	}
+
 	// Verify the CSINodeDriverDaemonSet overrides, if specified, is valid.
 	if ds := instance.Spec.CSINodeDriverDaemonSet; ds != nil {
 		err := validation.ValidateReplicatedPodResourceOverrides(ds, csinodedriver.ValidateCSINodeDriverDaemonSetContainer, validation.NoContainersDefined)

diff --git a/pkg/controller/installation/validation_test.go b/pkg/controller/installation/validation_test.go
@@ -959,6 +959,39 @@ var _ = Describe("Installation validation tests", func() {
 			Expect(err).To(HaveOccurred())
 		})
 	})
+
+	Describe("validate APIServerDeployment", func() {
+		It("should return nil when it is empty", func() {
+			instance.Spec.APIServerDeployment = &operator.APIServerDeployment{}
+			err := validateCustomResource(instance)
+			Expect(err).NotTo(HaveOccurred())
+		})
+
+		It("should return an error if it is invalid", func() {
+			instance.Spec.APIServerDeployment = &operator.APIServerDeployment{
+				Metadata: &operator.Metadata{
+					Labels: map[string]string{
+						"NoUppercaseOrSpecialCharsLike=Equals":    "b",
+						"WowNoUppercaseOrSpecialCharsLike=Equals": "b",
+					},
+					Annotations: map[string]string{
+						"AnnotNoUppercaseOrSpecialCharsLike=Equals": "bar",
+					},
+				},
+			}
+			err := validateCustomResource(instance)
+			Expect(err).To(HaveOccurred())
+
+			var invalidMinReadySeconds int32 = -1
+			instance.Spec.APIServerDeployment = &operator.APIServerDeployment{
+				Spec: &operator.APIServerDeploymentSpec{
+					MinReadySeconds: &invalidMinReadySeconds,
+				},
+			}
+			err = validateCustomResource(instance)
+			Expect(err).To(HaveOccurred())
+		})
+	})
 	Describe("validate Windows configuration", func() {
 		BeforeEach(func() {
 			winDpHNS := operator.WindowsDataplaneHNS

diff --git a/pkg/controller/utils/merge.go b/pkg/controller/utils/merge.go
@@ -180,6 +180,13 @@ func OverrideInstallationSpec(cfg, override operatorv1.InstallationSpec) operato
 		inst.TyphaDeployment = mergeTyphaDeployment(inst.TyphaDeployment, override.TyphaDeployment)
 	}
 
+	switch compareFields(inst.APIServerDeployment, override.APIServerDeployment) {
+	case BOnlySet:
+		inst.APIServerDeployment = override.APIServerDeployment.DeepCopy()
+	case Different:
+		inst.APIServerDeployment = mergeAPIServerDeployment(inst.APIServerDeployment, override.APIServerDeployment)
+	}
+
 	switch compareFields(inst.CalicoWindowsUpgradeDaemonSet, override.CalicoWindowsUpgradeDaemonSet) {
 	case BOnlySet:
 		inst.CalicoWindowsUpgradeDaemonSet = override.CalicoWindowsUpgradeDaemonSet.DeepCopy()
@@ -770,6 +777,97 @@ func mergeTyphaDeployment(cfg, override *operatorv1.TyphaDeployment) *operatorv1
 	return out
 }
 
+func mergeAPIServerDeployment(cfg, override *operatorv1.APIServerDeployment) *operatorv1.APIServerDeployment {
+	out := cfg.DeepCopy()
+
+	switch compareFields(out.Metadata, override.Metadata) {
+	case BOnlySet:
+		out.Metadata = override.Metadata.DeepCopy()
+	case Different:
+		out.Metadata = mergeMetadata(out.Metadata, override.Metadata)
+	}
+
+	mergePodSpec := func(cfg, override *operatorv1.APIServerDeploymentPodSpec) *operatorv1.APIServerDeploymentPodSpec {
+		out := cfg.DeepCopy()
+
+		switch compareFields(out.InitContainers, override.InitContainers) {
+		case BOnlySet, Different:
+			out.InitContainers = make([]operatorv1.APIServerDeploymentInitContainer, len(override.Containers))
+			copy(out.InitContainers, override.InitContainers)
+		}
+
+		switch compareFields(out.Containers, override.Containers) {
+		case BOnlySet, Different:
+			out.Containers = make([]operatorv1.APIServerDeploymentContainer, len(override.Containers))
+			copy(out.Containers, override.Containers)
+		}
+
+		switch compareFields(out.Affinity, override.Affinity) {
+		case BOnlySet, Different:
+			out.Affinity = override.Affinity
+		}
+
+		switch compareFields(out.NodeSelector, override.NodeSelector) {
+		case BOnlySet, Different:
+			out.NodeSelector = override.NodeSelector
+		}
+
+		switch compareFields(out.TopologySpreadConstraints, override.TopologySpreadConstraints) {
+		case BOnlySet, Different:
+			out.TopologySpreadConstraints = override.TopologySpreadConstraints
+		}
+
+		switch compareFields(out.Tolerations, override.Tolerations) {
+		case BOnlySet, Different:
+			out.Tolerations = override.Tolerations
+		}
+		return out
+	}
+	mergeTemplateSpec := func(cfg, override *operatorv1.APIServerDeploymentPodTemplateSpec) *operatorv1.APIServerDeploymentPodTemplateSpec {
+		out := cfg.DeepCopy()
+
+		switch compareFields(out.Metadata, override.Metadata) {
+		case BOnlySet:
+			out.Metadata = override.Metadata.DeepCopy()
+		case Different:
+			out.Metadata = mergeMetadata(out.Metadata, override.Metadata)
+		}
+
+		switch compareFields(out.Spec, override.Spec) {
+		case BOnlySet:
+			out.Spec = override.Spec.DeepCopy()
+		case Different:
+			out.Spec = mergePodSpec(out.Spec, override.Spec)
+		}
+
+		return out
+	}
+	mergeSpec := func(cfg, override *operatorv1.APIServerDeploymentSpec) *operatorv1.APIServerDeploymentSpec {
+		out := cfg.DeepCopy()
+
+		switch compareFields(out.MinReadySeconds, override.MinReadySeconds) {
+		case BOnlySet, Different:
+			out.MinReadySeconds = override.MinReadySeconds
+		}
+
+		switch compareFields(out.Template, override.Template) {
+		case BOnlySet:
+			out.Template = override.Template.DeepCopy()
+		case Different:
+			out.Template = mergeTemplateSpec(out.Template, override.Template)
+		}
+		return out
+	}
+
+	switch compareFields(out.Spec, override.Spec) {
+	case BOnlySet:
+		out.Spec = override.Spec.DeepCopy()
+	case Different:
+		out.Spec = mergeSpec(out.Spec, override.Spec)
+	}
+	return out
+}
+
 func mergeCalicoWindowsUpgradeDaemonSet(cfg, override *operatorv1.CalicoWindowsUpgradeDaemonSet) *operatorv1.CalicoWindowsUpgradeDaemonSet {
 	out := cfg.DeepCopy()