6
"github.com/pkg/errors"
8
kube_api "k8s.io/apimachinery/pkg/api/resource"
10
"github.com/kumahq/kuma/pkg/config"
11
config_types "github.com/kumahq/kuma/pkg/config/types"
12
"github.com/kumahq/kuma/pkg/core"
15
const defaultServiceAccountName = "system:serviceaccount:kuma-system:kuma-control-plane"
17
var logger = core.Log.WithName("kubernetes-config")
19
func DefaultKubernetesRuntimeConfig() *KubernetesRuntimeConfig {
20
return &KubernetesRuntimeConfig{
21
AdmissionServer: AdmissionServerConfig{
24
ControlPlaneServiceName: "kuma-control-plane",
25
ServiceAccountName: defaultServiceAccountName,
28
VirtualProbesEnabled: true,
29
VirtualProbesPort: 9000,
30
SidecarContainer: SidecarContainer{
31
RedirectPortInbound: 15006,
32
RedirectPortInboundV6: 15010,
33
RedirectPortOutbound: 15001,
34
DataplaneContainer: DataplaneContainer{
35
Image: "kuma/kuma-dp:latest",
38
DrainTime: config_types.Duration{Duration: 30 * time.Second},
39
EnvVars: map[string]string{},
41
ReadinessProbe: SidecarReadinessProbe{
42
InitialDelaySeconds: 1,
48
LivenessProbe: SidecarLivenessProbe{
49
InitialDelaySeconds: 60,
54
Resources: SidecarResources{
55
Requests: SidecarResourceRequests{
59
Limits: SidecarResourceLimits{
66
ContainerPatches: []string{},
67
InitContainer: InitContainer{
68
Image: "kuma/kuma-init:latest",
70
SidecarTraffic: SidecarTraffic{
71
ExcludeInboundPorts: []uint32{},
72
ExcludeOutboundPorts: []uint32{},
74
Exceptions: Exceptions{
75
Labels: map[string]string{
76
// when using DeploymentConfig instead of Deployment, OpenShift will create an extra deployer Pod for which we don't want to inject Kuma
77
"openshift.io/build.name": "*",
78
"openshift.io/deployer-pod-for.name": "*",
81
BuiltinDNS: BuiltinDNS{
88
InstanceIPEnvVarName: "INSTANCE_IP",
89
BPFFSPath: "/sys/fs/bpf",
90
CgroupPath: "/sys/fs/cgroup",
91
ProgramsSourcePath: "/kuma/ebpf",
93
IgnoredServiceSelectorLabels: []string{},
95
MarshalingCacheExpirationTime: config_types.Duration{Duration: 5 * time.Minute},
96
NodeTaintController: NodeTaintController{
99
CniNamespace: "kube-system",
101
ControllersConcurrency: ControllersConcurrency{
104
ClientConfig: ClientConfig{
108
LeaderElection: LeaderElection{
109
LeaseDuration: config_types.Duration{Duration: 15 * time.Second},
110
RenewDeadline: config_types.Duration{Duration: 10 * time.Second},
115
// KubernetesRuntimeConfig defines Kubernetes-specific configuration
116
type KubernetesRuntimeConfig struct {
119
// Admission WebHook Server implemented by the Control Plane.
120
AdmissionServer AdmissionServerConfig `json:"admissionServer"`
121
// Injector-specific configuration
122
Injector Injector `json:"injector,omitempty"`
123
// MarshalingCacheExpirationTime defines a duration for how long
124
// marshaled objects will be stored in the cache. If equal to 0s then
125
// cache is turned off
126
MarshalingCacheExpirationTime config_types.Duration `json:"marshalingCacheExpirationTime" envconfig:"kuma_runtime_kubernetes_marshaling_cache_expiration_time"`
127
// Name of Service Account that is used to run the Control Plane
128
// Deprecated: Use AllowedUsers instead.
129
ServiceAccountName string `json:"serviceAccountName,omitempty" envconfig:"kuma_runtime_kubernetes_service_account_name"`
130
// List of names of Service Accounts that admission requests are allowed.
131
// This list is appended with Control Plane's Service Account and generic-garbage-collector
132
AllowedUsers []string `json:"allowedUsers,omitempty" envconfig:"kuma_runtime_kubernetes_allowed_users"`
133
// ControlPlaneServiceName defines service name of the Kuma control plane. It is used to point Kuma DP to proper URL.
134
ControlPlaneServiceName string `json:"controlPlaneServiceName,omitempty" envconfig:"kuma_runtime_kubernetes_control_plane_service_name"`
135
// NodeTaintController that prevents applications from scheduling until CNI is ready.
136
NodeTaintController NodeTaintController `json:"nodeTaintController"`
137
// Kubernetes' resources reconciliation concurrency configuration
138
ControllersConcurrency ControllersConcurrency `json:"controllersConcurrency"`
139
// Kubernetes client configuration
140
ClientConfig ClientConfig `json:"clientConfig"`
141
// Kubernetes leader election configuration
142
LeaderElection LeaderElection `json:"leaderElection"`
145
type ControllersConcurrency struct {
146
// PodController defines maximum concurrent reconciliations of Pod resources
147
// Default value 10. If set to 0 kube controller-runtime default value of 1 will be used.
148
PodController int `json:"podController" envconfig:"kuma_runtime_kubernetes_controllers_concurrency_pod_controller"`
151
type ClientConfig struct {
152
// Qps defines maximum requests kubernetes client is allowed to make per second.
153
// Default value 100. If set to 0 kube-client default value of 5 will be used.
154
Qps int `json:"qps" envconfig:"kuma_runtime_kubernetes_client_config_qps"`
155
// BurstQps defines maximum burst requests kubernetes client is allowed to make per second
156
// Default value 100. If set to 0 kube-client default value of 10 will be used.
157
BurstQps int `json:"burstQps" envconfig:"kuma_runtime_kubernetes_client_config_burst_qps"`
160
type LeaderElection struct {
161
// LeaseDuration is the duration that non-leader candidates will
162
// wait to force acquire leadership. This is measured against time of
163
// last observed ack. Default is 15 seconds.
164
LeaseDuration config_types.Duration `json:"leaseDuration" envconfig:"kuma_runtime_kubernetes_leader_election_lease_duration"`
165
// RenewDeadline is the duration that the acting controlplane will retry
166
// refreshing leadership before giving up. Default is 10 seconds.
167
RenewDeadline config_types.Duration `json:"renewDeadline" envconfig:"kuma_runtime_kubernetes_leader_election_renew_deadline"`
170
// AdmissionServerConfig defines configuration of the Admission WebHook Server implemented by
172
type AdmissionServerConfig struct {
175
// Address the Admission WebHook Server should be listening on.
176
Address string `json:"address" envconfig:"kuma_runtime_kubernetes_admission_server_address"`
177
// Port the Admission WebHook Server should be listening on.
178
Port uint32 `json:"port" envconfig:"kuma_runtime_kubernetes_admission_server_port"`
179
// Directory with a TLS cert and private key for the Admission WebHook Server.
180
// TLS certificate file must be named `tls.crt`.
181
// TLS key file must be named `tls.key`.
182
CertDir string `json:"certDir" envconfig:"kuma_runtime_kubernetes_admission_server_cert_dir"`
185
// Injector defines configuration of a Kuma Sidecar Injector.
186
type Injector struct {
187
// SidecarContainer defines configuration of the Kuma sidecar container.
188
SidecarContainer SidecarContainer `json:"sidecarContainer,omitempty"`
189
// InitContainer defines configuration of the Kuma init container.
190
InitContainer InitContainer `json:"initContainer,omitempty"`
191
// ContainerPatches is an optional list of ContainerPatch names which will be applied
192
// to init and sidecar containers if workload is not annotated with a patch list.
193
ContainerPatches []string `json:"containerPatches" envconfig:"kuma_runtime_kubernetes_injector_container_patches"`
194
// CNIEnabled if true runs kuma-cp in CNI compatible mode
195
CNIEnabled bool `json:"cniEnabled" envconfig:"kuma_runtime_kubernetes_injector_cni_enabled"`
196
// VirtualProbesEnabled enables automatic converting HttpGet probes to virtual. Virtual probe
197
// serves on sub-path of insecure port 'virtualProbesPort',
198
// i.e :8080/health/readiness -> :9000/8080/health/readiness where 9000 is virtualProbesPort
199
VirtualProbesEnabled bool `json:"virtualProbesEnabled" envconfig:"kuma_runtime_kubernetes_virtual_probes_enabled"`
200
// VirtualProbesPort is a port for exposing virtual probes which are not secured by mTLS
201
VirtualProbesPort uint32 `json:"virtualProbesPort" envconfig:"kuma_runtime_kubernetes_virtual_probes_port"`
202
// SidecarTraffic is a configuration for a traffic that is intercepted by sidecar
203
SidecarTraffic SidecarTraffic `json:"sidecarTraffic"`
204
// Exceptions defines list of exceptions for Kuma injection
205
Exceptions Exceptions `json:"exceptions"`
206
// CaCertFile is CA certificate which will be used to verify a connection to the control plane
207
CaCertFile string `json:"caCertFile" envconfig:"kuma_runtime_kubernetes_injector_ca_cert_file"`
208
BuiltinDNS BuiltinDNS `json:"builtinDNS"`
209
// EBPF is a configuration for ebpf if transparent proxy should be installed
210
// using ebpf instead of iptables
211
EBPF EBPF `json:"ebpf"`
212
// IgnoredServiceSelectorLabels defines a list ignored labels in Service selector.
213
// If Pod matches a Service with ignored labels, but does not match it fully, it gets Ignored inbound.
214
// It is useful when you change Service selector and expect traffic to be sent immediately.
215
// An example of this is ArgoCD's BlueGreen deployment and "rollouts-pod-template-hash" selector.
216
IgnoredServiceSelectorLabels []string `json:"ignoredServiceSelectorLabels" envconfig:"KUMA_RUNTIME_KUBERNETES_INJECTOR_IGNORED_SERVICE_SELECTOR_LABELS"`
219
// Exceptions defines list of exceptions for Kuma injection
220
type Exceptions struct {
221
// Labels is a map of labels for exception. If pod matches label with given value Kuma won't be injected. Specify '*' to match any value.
222
Labels map[string]string `json:"labels" envconfig:"kuma_runtime_kubernetes_exceptions_labels"`
225
type SidecarTraffic struct {
226
// List of inbound ports that will be excluded from interception.
227
// This setting is applied on every pod unless traffic.kuma.io/exclude-inbound-ports annotation is specified on Pod.
228
ExcludeInboundPorts []uint32 `json:"excludeInboundPorts" envconfig:"kuma_runtime_kubernetes_sidecar_traffic_exclude_inbound_ports"`
229
// List of outbound ports that will be excluded from interception.
230
// This setting is applied on every pod unless traffic.kuma.io/exclude-outbound-ports annotation is specified on Pod.
231
ExcludeOutboundPorts []uint32 `json:"excludeOutboundPorts" envconfig:"kuma_runtime_kubernetes_sidecar_traffic_exclude_outbound_ports"`
234
// DataplaneContainer defines the configuration of a Kuma dataplane proxy container.
235
type DataplaneContainer struct {
237
Image string `json:"image,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_image"`
239
UID int64 `json:"uid,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_uid"`
241
GID int64 `json:"gid,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_gui"`
242
// Deprecated: Use KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT instead.
243
AdminPort uint32 `json:"adminPort,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_admin_port"`
244
// Drain time for listeners.
245
DrainTime config_types.Duration `json:"drainTime,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_drain_time"`
247
ReadinessProbe SidecarReadinessProbe `json:"readinessProbe,omitempty"`
249
LivenessProbe SidecarLivenessProbe `json:"livenessProbe,omitempty"`
250
// Compute resource requirements.
251
Resources SidecarResources `json:"resources,omitempty"`
252
// EnvVars are additional environment variables that can be placed on Kuma DP sidecar
253
EnvVars map[string]string `json:"envVars" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_env_vars"`
256
// SidecarContainer defines configuration of the Kuma sidecar container.
257
type SidecarContainer struct {
258
DataplaneContainer `json:",inline"`
259
// Redirect port for inbound traffic.
260
RedirectPortInbound uint32 `json:"redirectPortInbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_inbound"`
261
// Redirect port for inbound IPv6 traffic.
262
RedirectPortInboundV6 uint32 `json:"redirectPortInboundV6,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_inbound_v6"`
263
// Redirect port for outbound traffic.
264
RedirectPortOutbound uint32 `json:"redirectPortOutbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_outbound"`
265
// WaitForDataplaneReady enables a script that waits until Envoy is ready.
266
// With the current Kubernetes behavior, any other container in the Pod will wait until the script is complete.
267
WaitForDataplaneReady bool `json:"waitForDataplaneReady" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_wait_for_dataplane_ready"`
270
// SidecarReadinessProbe defines periodic probe of container service readiness.
271
type SidecarReadinessProbe struct {
274
// Number of seconds after the container has started before readiness probes are initiated.
275
InitialDelaySeconds int32 `json:"initialDelaySeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_readiness_probe_initial_delay_seconds"`
276
// Number of seconds after which the probe times out.
277
TimeoutSeconds int32 `json:"timeoutSeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_readiness_probe_timeout_seconds"`
278
// Number of seconds after which the probe times out.
279
PeriodSeconds int32 `json:"periodSeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_readiness_probe_period_seconds"`
280
// Minimum consecutive successes for the probe to be considered successful after having failed.
281
SuccessThreshold int32 `json:"successThreshold,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_readiness_probe_success_threshold"`
282
// Minimum consecutive failures for the probe to be considered failed after having succeeded.
283
FailureThreshold int32 `json:"failureThreshold,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_readiness_probe_failure_threshold"`
286
// SidecarLivenessProbe defines periodic probe of container service liveness.
287
type SidecarLivenessProbe struct {
290
// Number of seconds after the container has started before liveness probes are initiated.
291
InitialDelaySeconds int32 `json:"initialDelaySeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_liveness_probe_initial_delay_seconds"`
292
// Number of seconds after which the probe times out.
293
TimeoutSeconds int32 `json:"timeoutSeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_liveness_probe_timeout_seconds"`
294
// How often (in seconds) to perform the probe.
295
PeriodSeconds int32 `json:"periodSeconds,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_liveness_probe_period_seconds"`
296
// Minimum consecutive failures for the probe to be considered failed after having succeeded.
297
FailureThreshold int32 `json:"failureThreshold,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_liveness_probe_failure_threshold"`
300
// SidecarResources defines compute resource requirements.
301
type SidecarResources struct {
302
// Minimum amount of compute resources required.
303
Requests SidecarResourceRequests `json:"requests,omitempty"`
304
// Maximum amount of compute resources allowed.
305
Limits SidecarResourceLimits `json:"limits,omitempty"`
308
// SidecarResourceRequests defines the minimum amount of compute resources required.
309
type SidecarResourceRequests struct {
312
// CPU, in cores. (500m = .5 cores)
313
CPU string `json:"cpu,omitempty" envconfig:"kuma_injector_sidecar_container_resources_requests_cpu"`
314
// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
315
Memory string `json:"memory,omitempty" envconfig:"kuma_injector_sidecar_container_resources_requests_memory"`
318
// SidecarResourceLimits defines the maximum amount of compute resources allowed.
319
type SidecarResourceLimits struct {
322
// CPU, in cores. (500m = .5 cores)
323
CPU string `json:"cpu,omitempty" envconfig:"kuma_injector_sidecar_container_resources_limits_cpu"`
324
// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
325
Memory string `json:"memory,omitempty" envconfig:"kuma_injector_sidecar_container_resources_limits_memory"`
328
// InitContainer defines configuration of the Kuma init container.
329
type InitContainer struct {
333
Image string `json:"image,omitempty" envconfig:"kuma_injector_init_container_image"`
336
type BuiltinDNS struct {
339
// Use the built-in DNS
340
Enabled bool `json:"enabled,omitempty" envconfig:"kuma_runtime_kubernetes_injector_builtin_dns_enabled"`
341
// Redirect port for DNS
342
Port uint32 `json:"port,omitempty" envconfig:"kuma_runtime_kubernetes_injector_builtin_dns_port"`
343
// Turn on query logging for DNS
344
Logging bool `json:"logging,omitempty" envconfig:"kuma_runtime_kubernetes_injector_builtin_dns_logging"`
347
// EBPF defines configuration for the ebpf, when transparent proxy is marked to be
348
// installed using ebpf instead of iptables
350
// Install transparent proxy using ebpf
351
Enabled bool `json:"enabled" envconfig:"kuma_runtime_kubernetes_injector_ebpf_enabled"`
352
// Name of the environmental variable which will include IP address of the pod
353
InstanceIPEnvVarName string `json:"instanceIPEnvVarName,omitempty" envconfig:"kuma_runtime_kubernetes_injector_ebpf_instance_ip_env_var_name"`
354
// Path where BPF file system will be mounted for pinning ebpf programs and maps
355
BPFFSPath string `json:"bpffsPath,omitempty" envconfig:"kuma_runtime_kubernetes_injector_ebpf_bpffs_path"`
356
// Path of mounted cgroup2
357
CgroupPath string `json:"cgroupPath,omitempty" envconfig:"kuma_runtime_kubernetes_injector_ebpf_cgroup_path"`
358
// Name of the network interface which should be used to attach to it TC programs
359
// when not specified, we will try to automatically determine it
360
TCAttachIface string `json:"tcAttachIface,omitempty" envconfig:"kuma_runtime_kubernetes_injector_ebpf_tc_attach_iface"`
361
// Path where compiled eBPF programs are placed
362
ProgramsSourcePath string `json:"programsSourcePath,omitempty" envconfig:"kuma_runtime_kubernetes_injector_ebpf_programs_source_path"`
365
type NodeTaintController struct {
366
// If true enables the taint controller.
367
Enabled bool `json:"enabled" envconfig:"kuma_runtime_kubernetes_node_taint_controller_enabled"`
368
// Value of app label on CNI pod that indicates if node can be ready.
369
CniApp string `json:"cniApp" envconfig:"kuma_runtime_kubernetes_node_taint_controller_cni_app"`
370
// Value of CNI namespace.
371
CniNamespace string `json:"cniNamespace" envconfig:"kuma_runtime_kubernetes_node_taint_controller_cni_namespace"`
374
func (n *NodeTaintController) Validate() error {
375
if n.Enabled && n.CniApp == "" {
376
return errors.New(".CniApp has to be set when .Enabled is true")
381
var _ config.Config = &KubernetesRuntimeConfig{}
383
func (c *KubernetesRuntimeConfig) PostProcess() error {
384
return multierr.Combine(
385
c.AdmissionServer.PostProcess(),
386
c.Injector.PostProcess(),
390
func (c *KubernetesRuntimeConfig) Validate() error {
392
if err := c.AdmissionServer.Validate(); err != nil {
393
errs = multierr.Append(errs, errors.Wrapf(err, ".AdmissionServer is not valid"))
395
if err := c.Injector.Validate(); err != nil {
396
errs = multierr.Append(errs, errors.Wrapf(err, ".Injector is not valid"))
398
if c.MarshalingCacheExpirationTime.Duration < 0 {
399
errs = multierr.Append(errs, errors.Errorf(".MarshalingCacheExpirationTime must be positive or equal to 0"))
401
if c.ServiceAccountName != defaultServiceAccountName {
402
logger.Info("[WARNING]: using deprecated configuration option - .ServiceAccountName, please use AllowedUsers.")
407
var _ config.Config = &AdmissionServerConfig{}
409
func (c *AdmissionServerConfig) Validate() error {
412
errs = multierr.Append(errs, errors.Errorf(".Port must be in the range [0, 65535]"))
415
errs = multierr.Append(errs, errors.Errorf(".CertDir should not be empty"))
420
var _ config.Config = &Injector{}
422
func (i *Injector) Sanitize() {
423
i.InitContainer.Sanitize()
424
i.SidecarContainer.Sanitize()
427
func (i *Injector) PostProcess() error {
428
return multierr.Combine(
429
i.InitContainer.PostProcess(),
430
i.SidecarContainer.PostProcess(),
434
func (i *Injector) Validate() error {
436
if err := i.SidecarContainer.Validate(); err != nil {
437
errs = multierr.Append(errs, errors.Wrapf(err, ".SidecarContainer is not valid"))
439
if err := i.InitContainer.Validate(); err != nil {
440
errs = multierr.Append(errs, errors.Wrapf(err, ".InitContainer is not valid"))
445
var _ config.Config = &SidecarContainer{}
447
func (c *SidecarContainer) Sanitize() {
448
c.Resources.Sanitize()
449
c.LivenessProbe.Sanitize()
450
c.ReadinessProbe.Sanitize()
453
func (c *SidecarContainer) PostProcess() error {
454
return multierr.Combine(
455
c.Resources.PostProcess(),
456
c.LivenessProbe.PostProcess(),
457
c.ReadinessProbe.PostProcess(),
461
func (c *SidecarContainer) Validate() error {
464
errs = multierr.Append(errs, errors.Errorf(".Image must be non-empty"))
466
if 65535 < c.RedirectPortInbound {
467
errs = multierr.Append(errs, errors.Errorf(".RedirectPortInbound must be in the range [0, 65535]"))
469
if 0 != c.RedirectPortInboundV6 && 65535 < c.RedirectPortInboundV6 {
470
errs = multierr.Append(errs, errors.Errorf(".RedirectPortInboundV6 must be in the range [0, 65535]"))
472
if 65535 < c.RedirectPortOutbound {
473
errs = multierr.Append(errs, errors.Errorf(".RedirectPortOutbound must be in the range [0, 65535]"))
475
if 65535 < c.AdminPort {
476
errs = multierr.Append(errs, errors.Errorf(".AdminPort must be in the range [0, 65535]"))
478
if c.DrainTime.Duration <= 0 {
479
errs = multierr.Append(errs, errors.Errorf(".DrainTime must be positive"))
481
if err := c.ReadinessProbe.Validate(); err != nil {
482
errs = multierr.Append(errs, errors.Wrapf(err, ".ReadinessProbe is not valid"))
484
if err := c.LivenessProbe.Validate(); err != nil {
485
errs = multierr.Append(errs, errors.Wrapf(err, ".LivenessProbe is not valid"))
487
if err := c.Resources.Validate(); err != nil {
488
errs = multierr.Append(errs, errors.Wrapf(err, ".Resources is not valid"))
493
var _ config.Config = &InitContainer{}
495
func (c *InitContainer) Validate() error {
498
errs = multierr.Append(errs, errors.Errorf(".Image must be non-empty"))
503
var _ config.Config = &SidecarReadinessProbe{}
505
func (c *SidecarReadinessProbe) Validate() error {
507
if c.InitialDelaySeconds < 1 {
508
errs = multierr.Append(errs, errors.Errorf(".InitialDelaySeconds must be >= 1"))
510
if c.TimeoutSeconds < 1 {
511
errs = multierr.Append(errs, errors.Errorf(".TimeoutSeconds must be >= 1"))
513
if c.PeriodSeconds < 1 {
514
errs = multierr.Append(errs, errors.Errorf(".PeriodSeconds must be >= 1"))
516
if c.SuccessThreshold < 1 {
517
errs = multierr.Append(errs, errors.Errorf(".SuccessThreshold must be >= 1"))
519
if c.FailureThreshold < 1 {
520
errs = multierr.Append(errs, errors.Errorf(".FailureThreshold must be >= 1"))
525
var _ config.Config = &SidecarLivenessProbe{}
527
func (c *SidecarLivenessProbe) Validate() error {
529
if c.InitialDelaySeconds < 1 {
530
errs = multierr.Append(errs, errors.Errorf(".InitialDelaySeconds must be >= 1"))
532
if c.TimeoutSeconds < 1 {
533
errs = multierr.Append(errs, errors.Errorf(".TimeoutSeconds must be >= 1"))
535
if c.PeriodSeconds < 1 {
536
errs = multierr.Append(errs, errors.Errorf(".PeriodSeconds must be >= 1"))
538
if c.FailureThreshold < 1 {
539
errs = multierr.Append(errs, errors.Errorf(".FailureThreshold must be >= 1"))
544
var _ config.Config = &SidecarResources{}
546
func (c *SidecarResources) Sanitize() {
548
c.Requests.Sanitize()
551
func (c *SidecarResources) PostProcess() error {
552
return multierr.Combine(
553
c.Limits.PostProcess(),
554
c.Requests.PostProcess(),
558
func (c *SidecarResources) Validate() error {
560
if err := c.Requests.Validate(); err != nil {
561
errs = multierr.Append(errs, errors.Wrapf(err, ".Requests is not valid"))
563
if err := c.Limits.Validate(); err != nil {
564
errs = multierr.Append(errs, errors.Wrapf(err, ".Limits is not valid"))
569
var _ config.Config = &SidecarResourceRequests{}
571
func (c *SidecarResourceRequests) Validate() error {
573
if _, err := kube_api.ParseQuantity(c.CPU); err != nil {
574
errs = multierr.Append(errs, errors.Wrapf(err, ".CPU is not valid"))
576
if _, err := kube_api.ParseQuantity(c.Memory); err != nil {
577
errs = multierr.Append(errs, errors.Wrapf(err, ".Memory is not valid"))
582
var _ config.Config = &SidecarResourceLimits{}
584
func (c *SidecarResourceLimits) Validate() error {
586
if _, err := kube_api.ParseQuantity(c.CPU); err != nil {
587
errs = multierr.Append(errs, errors.Wrapf(err, ".CPU is not valid"))
589
if _, err := kube_api.ParseQuantity(c.Memory); err != nil {
590
errs = multierr.Append(errs, errors.Wrapf(err, ".Memory is not valid"))
595
var _ config.Config = &BuiltinDNS{}
597
func (c *BuiltinDNS) Validate() error {
600
errs = multierr.Append(errs, errors.Errorf(".port must be in the range [0, 65535]"))