capp v2

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.23 as builder
+FROM golang:1.24.6 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Makefile

@@ -67,7 +67,7 @@ test-e2e: ginkgo
 	@test -n "${KUBECONFIG}" -o -r ${HOME}/.kube/config || (echo "Failed to find kubeconfig in ~/.kube/config or no KUBECONFIG set"; exit 1)
 	echo "Running e2e tests"
 	go clean -testcache
-	$(LOCALBIN)/ginkgo -p --vv ./test/e2e_tests/... -coverprofile cover.out -timeout
+	$(LOCALBIN)/ginkgo -p --nodes=12 --vv -coverprofile cover.out -timeout 10m ./test/e2e_tests/...
 
 .PHONY: lint
 lint: golangci-lint ## Run golangci-lint linter

PROJECT

@@ -25,4 +25,16 @@ resources:
   kind: CappRevision
   path: github.com/dana-team/container-app-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: dana.io
+  group: rcs
+  kind: CappConfig
+  path: github.com/dana-team/container-app-operator/api/rcs/v1alpha1
+  version: v1alpha1
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
 version: "3"

README.md

@@ -215,4 +215,4 @@ spec:
     passwordSecret: es-elastic-user
   scaleMetric: concurrency
   state: enabled
-```
+```

api/v1alpha1/cappconfig_types.go

@@ -1,13 +1,26 @@
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
 
 // CappConfigSpec defines the desired state of CappConfig
 type CappConfigSpec struct {
 	// +kubebuilder:validation:Required
 	DNSConfig DNSConfig `json:"dnsConfig"`
+
 	// +kubebuilder:validation:Required
 	AutoscaleConfig AutoscaleConfig `json:"autoscaleConfig"`
+
+	// DefaultResources is the default resources to be assigned to Capp.
+	// If other resources are specified then they override the default values.
+	DefaultResources corev1.ResourceRequirements `json:"defaultResources"`
+
+	// InvalidHostnamePatterns is an optional slice of regex patterns to be used to validate the hostname of the Capp.
+	// If the Capp hostname matches a pattern, it is blocked from being created.
+	// +kubebuilder:default:={}
+	InvalidHostnamePatterns []string `json:"invalidHostnamePatterns"`
 }
 
 type DNSConfig struct {

charts/container-app-operator/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/container-app-operator/Chart.yaml

@@ -1,7 +1,6 @@
 apiVersion: v2
 name: container-app-operator
-description: A Helm chart for container-app-operator
-
+description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,14 +10,12 @@ description: A Helm chart for container-app-operator
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.0
-
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "latest"
+appVersion: "0.1.0"

charts/container-app-operator/README.md

@@ -1,53 +1,46 @@
 # container-app-operator
 
-![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
 
-A Helm chart for container-app-operator
+A Helm chart for Kubernetes
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| affinity | object | `{}` | Node affinity rules for scheduling pods. Allows you to specify advanced node selection constraints. |
-| config | object | `{"autoscaleConfig":{"activationScale":3,"concurrency":10,"cpu":80,"memory":70,"rps":200},"dnsConfig":{"cname":"ingress.capp-zone.com.","issuer":"cert-issuer","provider":"dns-default","zone":"capp-zone.com."}}` | Configuration for Cappconfig CRD |
-| config.autoscaleConfig.activationScale | int | `3` | The default activationScale for autoscaling. |
+| config | object | `{"autoscaleConfig":{"activationScale":3,"concurrency":10,"cpu":80,"memory":70,"rps":200},"defaultResources":{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"100Mi"}},"dnsConfig":{"cname":"ingress.capp-zone.com.","issuer":"cert-issuer","provider":"dns-default","zone":"capp-zone.com."},"enabled":true,"invalidHostnamePatterns":[""]}` | Configuration for CappConfig CRD |
+| config.autoscaleConfig.activationScale | int | `3` | The default activation scale (minimum replicas before scaling starts). |
 | config.autoscaleConfig.concurrency | int | `10` | The default concurrency limit for autoscaling. |
 | config.autoscaleConfig.cpu | int | `80` | The default CPU utilization percentage for autoscaling. |
 | config.autoscaleConfig.memory | int | `70` | The default memory utilization percentage for autoscaling. |
 | config.autoscaleConfig.rps | int | `200` | The default Requests Per Second (RPS) threshold for autoscaling. |
+| config.defaultResources.limits | object | `{"cpu":"200m","memory":"200Mi"}` | Default compute resource limits applied to all Capp workloads. |
+| config.defaultResources.limits.cpu | string | `"200m"` | Maximum requested CPU per Capp workload. |
+| config.defaultResources.limits.memory | string | `"200Mi"` | Maximum allowed memory per Capp workload. |
+| config.defaultResources.requests.cpu | string | `"100m"` | Default requested CPU per Capp workload. |
+| config.defaultResources.requests.memory | string | `"100Mi"` | Default requested memory per Capp workload. |
 | config.dnsConfig.cname | string | `"ingress.capp-zone.com."` | The canonical name that CNAMEs created by the operator should point at. |
-| config.dnsConfig.issuer | string | `"cert-issuer"` | The name of the Certificate External Issuer name |
+| config.dnsConfig.issuer | string | `"cert-issuer"` | The name of the Certificate External Issuer name. |
 | config.dnsConfig.provider | string | `"dns-default"` | The name of the Crossplane DNS provider config. |
 | config.dnsConfig.zone | string | `"capp-zone.com."` | The DNS zone for the application. |
-| fullnameOverride | string | `""` |  |
-| image.manager.pullPolicy | string | `"IfNotPresent"` | The pull policy for the image. |
-| image.manager.repository | string | `"ghcr.io/dana-team/container-app-operator"` | The repository of the manager container image. |
-| image.manager.tag | string | `""` | The tag of the manager container image. |
-| klusterlet | object | `{"enabled":true,"namespace":"open-cluster-management-agent","serviceAccountName":"klusterlet-work-sa"}` | Configuration for the service account used by the Klusterlet work. |
-| klusterlet.enabled | bool | `true` | Flag to indiciate whether to deploy Klusterlet-related resources (defaults to true) |
-| klusterlet.namespace | string | `"open-cluster-management-agent"` | The namespace where the service account resides. |
-| klusterlet.serviceAccountName | string | `"klusterlet-work-sa"` | The name of the Klusterset service account. |
-| livenessProbe | object | `{"initialDelaySeconds":15,"periodSeconds":20}` | Configuration for the liveness probe. |
-| livenessProbe.initialDelaySeconds | int | `15` | The initial delay before the liveness probe is initiated. |
-| livenessProbe.periodSeconds | int | `20` | The frequency (in seconds) with which the probe will be performed. |
-| manager | object | `{"args":["--leader-elect","--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080"],"command":["/manager"],"ports":{"health":{"containerPort":8081,"name":"health","protocol":"TCP"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}}` | Configuration for the manager container. |
-| manager.args | list | `["--leader-elect","--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080"]` | Command-line arguments passed to the manager container. |
-| manager.command | list | `["/manager"]` | Command-line commands passed to the manager container. |
-| manager.ports.health.containerPort | int | `8081` | The port for the health check endpoint. |
-| manager.ports.health.name | string | `"health"` | The name of the health check port. |
-| manager.ports.health.protocol | string | `"TCP"` | The protocol used by the health check endpoint. |
-| manager.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}` | Resource requests and limits for the manager container. |
-| manager.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | Security settings for the manager container. |
-| nameOverride | string | `""` |  |
-| nodeSelector | object | `{}` | Node selector for scheduling pods. Allows you to specify node labels for pod assignment. |
-| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configuration for the readiness probe. |
-| readinessProbe.initialDelaySeconds | int | `5` | The initial delay before the readiness probe is initiated. |
-| readinessProbe.periodSeconds | int | `10` | The frequency (in seconds) with which the probe will be performed. |
-| replicaCount | int | `1` | The number of replicas for the deployment. |
-| securityContext | object | `{}` | Pod-level security context for the entire pod. |
-| service | object | `{"httpsPort":8443,"protocol":"TCP","targetPort":"https"}` | Configuration for the metrics service. |
-| service.httpsPort | int | `8443` | The port for the HTTPS endpoint. |
-| service.protocol | string | `"TCP"` | The protocol used by the HTTPS endpoint. |
-| service.targetPort | string | `"https"` | The name of the target port. |
-| tolerations | list | `[]` | Node tolerations for scheduling pods. Allows the pods to be scheduled on nodes with matching taints. |
+| config.enabled | bool | `true` | Enable or disable creation of the CappConfig resource by Helm. |
+| config.invalidHostnamePatterns[0] | string | `""` | A list of regex patterns that hostnames of Capp workloads must not match. If a Capp hostname matches one of these patterns, its creation will be blocked. |
+| controllerManager.manager.args | list | `["--metrics-bind-address=:8443","--leader-elect"]` | Arguments passed to the controller manager container. |
+| controllerManager.manager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Whether a process can gain more privileges than its parent process. |
+| controllerManager.manager.containerSecurityContext.capabilities | object | `{"drop":["ALL"]}` | Linux capabilities to drop from the container for improved security. |
+| controllerManager.manager.image.imagePullPolicy | string | `"IfNotPresent"` | Controller manager container image pull policy. |
+| controllerManager.manager.image.repository | string | `"controller"` | Controller manager container image repository. |
+| controllerManager.manager.image.tag | string | `"latest"` | Controller manager container image tag. |
+| controllerManager.manager.resources.limits.cpu | string | `"500m"` | Maximum CPU limit for the controller manager container. |
+| controllerManager.manager.resources.limits.memory | string | `"128Mi"` | Maximum memory limit for the controller manager container. |
+| controllerManager.manager.resources.requests.cpu | string | `"10m"` | Minimum CPU request for the controller manager container. |
+| controllerManager.manager.resources.requests.memory | string | `"64Mi"` | Minimum memory request for the controller manager container. |
+| controllerManager.podSecurityContext.runAsNonRoot | bool | `true` | Run controller manager pods as non-root user. |
+| controllerManager.replicas | int | `1` | Number of replicas for the controller manager Deployment. |
+| controllerManager.serviceAccount.annotations | object | `{}` | Annotations to add to the service account used by the controller manager. |
+| kubernetesClusterDomain | string | `"cluster.local"` | Domain name of the Kubernetes cluster. |
+| webhookService.ports | list | `[{"port":443,"protocol":"TCP","targetPort":9443}]` | List of ports exposed by the webhook service. |
+| webhookService.type | string | `"ClusterIP"` | Type of Kubernetes Service to expose the webhook (ClusterIP, NodePort, LoadBalancer). |
 
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)