[cilium] Add support for choosing resources

Cilium as a CNI is a critical component for cluster so it would be safe
to have some guaranteed resources as well as allowing the users to
define them based on their needs.

In this commit, we init default requested resources and add the
capability of user defined values.

Signed-off-by: dntosas <ntosas@gmail.com>

docs/networking/cilium.md

@@ -138,6 +138,18 @@ Once the secret has been created, encryption can be enabled by setting `enableEn
       enableEncryption: true
 ```
 
+#### Resources in Cilium
+{{ kops_feature_table(kops_added_default='1.21', k8s_min='1.20') }}
+
+As of kOps 1.20, it is possible to choose your own values for Cilium Agents + Operator. Example:
+```yaml
+  networking:
+    cilium:
+      cpuRequest: "25m"
+      memoryRequest: "128Mi"
+      cpuLimit: "100m"
+      memoryLimit: "300Mi"
+```
 
 ## Getting help
 

k8s/crds/kops.k8s.io_clusters.yaml

@@ -3398,6 +3398,22 @@ spec:
                           fetches information from the container runtime and this
                           field is ignored. Default: none'
                         type: string
+                      cpuLimit:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'CPULimit CPU limit of Cilium agent + operator
+                          container. (default: -)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      cpuRequest:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'CPURequest CPU request of Cilium agent + operator
+                          container. (default: 25m)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
                       debug:
                         description: Debug runs Cilium in debug mode.
                         type: boolean
@@ -3588,6 +3604,22 @@ spec:
                           be removed in the future. Setting this has no effect.
                         format: int32
                         type: integer
+                      memoryLimit:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'MemoryLimit memory limit of Cilium agent + operator
+                          container. (default: -)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      memoryRequest:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'MemoryRequest memory request of Cilium agent
+                          + operator container. (default: 128Mi)'
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
                       monitorAggregation:
                         description: 'MonitorAggregation sets the level of packet
                           monitoring. Possible values are "low", "medium", or "maximum".

pkg/apis/kops/networking.go

@@ -261,6 +261,15 @@ type CiliumNetworkingSpec struct {
 	// Version is the version of the Cilium agent and the Cilium Operator.
 	Version string `json:"version,omitempty"`
 
+	// MemoryRequest memory request of Cilium agent + operator container. (default: 128Mi)
+	MemoryRequest *resource.Quantity `json:"memoryRequest,omitempty"`
+	// CPURequest CPU request of Cilium agent + operator container. (default: 25m)
+	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
+	// MemoryLimit memory limit of Cilium agent + operator container. (default: -)
+	MemoryLimit *resource.Quantity `json:"memoryLimit,omitempty"`
+	// CPULimit CPU limit of Cilium agent + operator container. (default: -)
+	CPULimit *resource.Quantity `json:"cpuLimit,omitempty"`
+
 	// AccessLog is not implemented and may be removed in the future.
 	// Setting this has no effect.
 	AccessLog string `json:"accessLog,omitempty"`

pkg/apis/kops/v1alpha2/networking.go

@@ -259,6 +259,15 @@ type CiliumNetworkingSpec struct {
 	// Version is the version of the Cilium agent and the Cilium Operator.
 	Version string `json:"version,omitempty"`
 
+	// MemoryRequest memory request of Cilium agent + operator container. (default: 128Mi)
+	MemoryRequest *resource.Quantity `json:"memoryRequest,omitempty"`
+	// CPURequest CPU request of Cilium agent + operator container. (default: 25m)
+	CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
+	// MemoryLimit memory limit of Cilium agent + operator container. (default: -)
+	MemoryLimit *resource.Quantity `json:"memoryLimit,omitempty"`
+	// CPULimit CPU limit of Cilium agent + operator container. (default: -)
+	CPULimit *resource.Quantity `json:"cpuLimit,omitempty"`
+
 	// AccessLog is not implemented and may be removed in the future.
 	// Setting this has no effect.
 	AccessLog string `json:"accessLog,omitempty"`

pkg/apis/kops/validation/validation.go

@@ -771,6 +771,14 @@ func validateNetworkingCilium(cluster *kops.Cluster, v *kops.CiliumNetworkingSpe
 		}
 	}
 
+	if v.CPULimit != nil && (v.CPURequest < v.CPULimit) {
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("cpuLimit"), v.CPULimit, "Cilium CPU limits can't be lower than the requested ones"))
+	}
+
+	if v.MemoryLimit != nil && (v.MemoryRequest < v.MemoryLimit) {
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("memoryLimit"), v.MemoryLimit, "Cilium Memory limits can't be lower than the requested ones"))
+	}
+
 	return allErrs
 }
 

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.8.yaml.template

@@ -522,7 +522,17 @@ spec:
           protocol: TCP
         {{- end }}
         {{ end }}
-
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
+          limits:
+            {{- if .CPULimit }}
+            cpu: {{ .CPULimit }}
+            {{- end }}
+            {{- if .MemoryLimit }}
+            memory: {{ .MemoryLimit }}
+            {{- end }}
         readinessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -772,6 +782,17 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
+          limits:
+            {{- if .CPULimit }}
+            cpu: {{ .CPULimit }}
+            {{- end }}
+            {{- if .MemoryLimit }}
+            memory: {{ .MemoryLimit }}
+            {{- end }}
         livenessProbe:
           httpGet:
             host: "127.0.0.1"
@@ -915,4 +936,4 @@ spec:
           path: /var/run/cilium
           type: Directory
         name: hubble-sock-dir
-{{ end }}
+{{ end }}

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.9.yaml.template

@@ -525,6 +525,17 @@ spec:
           periodSeconds: 30
           successThreshold: 1
           timeoutSeconds: 5
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
+          limits:
+            {{- if .CPULimit }}
+            cpu: {{ .CPULimit }}
+            {{- end }}
+            {{- if .MemoryLimit }}
+            memory: {{ .MemoryLimit }}
+            {{- end }}
         readinessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -823,6 +834,17 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
+          limits:
+            {{- if .CPULimit }}
+            cpu: {{ .CPULimit }}
+            {{- end }}
+            {{- if .MemoryLimit }}
+            memory: {{ .MemoryLimit }}
+            {{- end }}
         livenessProbe:
           httpGet:
             host: '127.0.0.1'
@@ -891,7 +913,7 @@ spec:
   strategy:
     rollingUpdate:
       maxUnavailable: 1
-      type: RollingUpdate    
+      type: RollingUpdate
   template:
     metadata:
       labels:
@@ -951,4 +973,4 @@ spec:
             path: config.yaml
         name: config
 {{ end }}
-{{ end }}
+{{ end }}

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template

@@ -461,6 +461,17 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
+          limits:
+            {{- if .CPULimit }}
+            cpu: {{ .CPULimit }}
+            {{- end }}
+            {{- if .MemoryLimit }}
+            memory: {{ .MemoryLimit }}
+            {{- end }}
         readinessProbe:
           exec:
             command:
@@ -750,6 +761,17 @@ spec:
           name: prometheus
           protocol: TCP
         {{ end }}
+        resources:
+          requests:
+            cpu: {{ or .CPURequest "25m" }}
+            memory: {{ or .MemoryRequest "128Mi" }}
+          limits:
+            {{- if .CPULimit }}
+            cpu: {{ .CPULimit }}
+            {{- end }}
+            {{- if .MemoryLimit }}
+            memory: {{ .MemoryLimit }}
+            {{- end }}
         livenessProbe:
           httpGet:
             host: "127.0.0.1"