Merge pull request #2061 from FabianKramm/main

refactor: enable limitRange / resourceQuota in duo
loft-sh · Aug 14, 2024 · fb5034c · fb5034c
2 parents 0b8b19c + f8dfcc8
commit fb5034c
Show file tree

Hide file tree

Showing 9 changed files with 122 additions and 21 deletions.
diff --git a/chart/templates/limitrange.yaml b/chart/templates/limitrange.yaml
@@ -1,4 +1,5 @@
-{{- if .Values.policies.limitRange.enabled }}
+{{- if or (eq (toString .Values.policies.limitRange.enabled) "true") (eq (toString .Values.policies.resourceQuota.enabled) "true") }}
+{{- if not (eq (toString .Values.policies.limitRange.enabled) "false") }}
 apiVersion: v1
 kind: LimitRange
 metadata:
@@ -33,3 +34,4 @@ spec:
       {{- end }}
     type: Container
 {{- end }}
+{{- end }}
diff --git a/chart/templates/resourcequota.yaml b/chart/templates/resourcequota.yaml
@@ -1,4 +1,5 @@
-{{- if .Values.policies.resourceQuota.enabled }}
+{{- if or (eq (toString .Values.policies.resourceQuota.enabled) "true") (eq (toString .Values.policies.limitRange.enabled) "true") }}
+{{- if not (eq (toString .Values.policies.resourceQuota.enabled) "false") }}
 apiVersion: v1
 kind: ResourceQuota
 metadata:
@@ -39,5 +40,5 @@ spec:
   scopes:
 {{- toYaml .Values.policies.resourceQuota.scopes | nindent 4 }}
   {{- end}}
-
+{{- end }}
 {{- end }}
diff --git a/chart/tests/limitrange_test.yaml b/chart/tests/limitrange_test.yaml
@@ -28,3 +28,43 @@ tests:
       - lengthEqual:
           path: spec.limits
           count: 1
+
+  - it: check enabled
+    release:
+      name: my-release
+      namespace: my-namespace
+    set:
+      policies:
+        resourceQuota:
+          enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+
+  - it: check disabled
+    release:
+      name: my-release
+      namespace: my-namespace
+    set:
+      policies:
+        resourceQuota:
+          enabled: true
+        limitRange:
+          enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: check disabled both false
+    release:
+      name: my-release
+      namespace: my-namespace
+    set:
+      policies:
+        resourceQuota:
+          enabled: false
+        limitRange:
+          enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/chart/tests/resourcequota_test.yaml b/chart/tests/resourcequota_test.yaml
@@ -28,3 +28,43 @@ tests:
       - equal:
           path: spec.hard["requests.cpu"]
           value: "10"
+
+  - it: check enabled
+    release:
+      name: my-release
+      namespace: my-namespace
+    set:
+      policies:
+        limitRange:
+          enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+
+  - it: check disabled
+    release:
+      name: my-release
+      namespace: my-namespace
+    set:
+      policies:
+        resourceQuota:
+          enabled: false
+        limitRange:
+          enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: check disabled both false
+    release:
+      name: my-release
+      namespace: my-namespace
+    set:
+      policies:
+        resourceQuota:
+          enabled: false
+        limitRange:
+          enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/chart/values.schema.json b/chart/values.schema.json
@@ -1812,8 +1812,15 @@
     "LimitRange": {
       "properties": {
         "enabled": {
-          "type": "boolean",
-          "description": "Enabled defines if the limit range should be deployed by vCluster."
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "boolean"
+            }
+          ],
+          "description": "Enabled defines if the limit range should be deployed by vCluster. \"auto\" means that if resourceQuota is enabled,\nthe limitRange will be enabled as well."
         },
         "default": {
           "type": "object",
@@ -2523,8 +2530,15 @@
     "ResourceQuota": {
       "properties": {
         "enabled": {
-          "type": "boolean",
-          "description": "Enabled defines if the resource quota should be enabled."
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "boolean"
+            }
+          ],
+          "description": "Enabled defines if the resource quota should be enabled. \"auto\" means that if limitRange is enabled,\nthe resourceQuota will be enabled as well."
         },
         "quota": {
           "type": "object",

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -733,8 +733,9 @@ networking:
 policies:
   # ResourceQuota specifies resource quota options.
   resourceQuota:
-    # Enabled defines if the resource quota should be enabled.
-    enabled: false
+    # Enabled defines if the resource quota should be enabled. "auto" means that if limitRange is enabled,
+    # the resourceQuota will be enabled as well.
+    enabled: auto
     labels: {}
     annotations: {}
     # Quota are the quota options
@@ -762,8 +763,9 @@ policies:
 
   # LimitRange specifies limit range options.
   limitRange:
-    # Enabled defines if the limit range should be deployed by vCluster.
-    enabled: false
+    # Enabled defines if the limit range should be deployed by vCluster. "auto" means that if resourceQuota is enabled,
+    # the limitRange will be enabled as well.
+    enabled: auto
     labels: {}
     annotations: {}
     # Default are the default limits for the limit range

diff --git a/config/config.go b/config/config.go
@@ -1482,8 +1482,9 @@ func (p Policies) JSONSchemaExtend(base *jsonschema.Schema) {
 }
 
 type ResourceQuota struct {
-	// Enabled defines if the resource quota should be enabled.
-	Enabled bool `json:"enabled,omitempty"`
+	// Enabled defines if the resource quota should be enabled. "auto" means that if limitRange is enabled,
+	// the resourceQuota will be enabled as well.
+	Enabled StrBool `json:"enabled,omitempty" jsonschema:"oneof_type=string;boolean"`
 
 	// Quota are the quota options
 	Quota map[string]interface{} `json:"quota,omitempty"`
@@ -1513,8 +1514,9 @@ type LabelSelectorRequirement struct {
 }
 
 type LimitRange struct {
-	// Enabled defines if the limit range should be deployed by vCluster.
-	Enabled bool `json:"enabled,omitempty"`
+	// Enabled defines if the limit range should be deployed by vCluster. "auto" means that if resourceQuota is enabled,
+	// the limitRange will be enabled as well.
+	Enabled StrBool `json:"enabled,omitempty" jsonschema:"oneof_type=string;boolean"`
 
 	// Default are the default limits for the limit range
 	Default map[string]interface{} `json:"default,omitempty"`

diff --git a/config/legacyconfig/migrate.go b/config/legacyconfig/migrate.go
@@ -385,14 +385,14 @@ func convertBaseValues(oldConfig BaseHelm, newConfig *config.Config) error {
 			newConfig.Policies.NetworkPolicy.Enabled = true
 		}
 		if oldConfig.Isolation.ResourceQuota.Enabled != nil {
-			newConfig.Policies.ResourceQuota.Enabled = *oldConfig.Isolation.ResourceQuota.Enabled
+			newConfig.Policies.ResourceQuota.Enabled = config.StrBool(strconv.FormatBool(*oldConfig.Isolation.ResourceQuota.Enabled))
 		} else {
-			newConfig.Policies.ResourceQuota.Enabled = true
+			newConfig.Policies.ResourceQuota.Enabled = "true"
 		}
 		if oldConfig.Isolation.LimitRange.Enabled != nil {
-			newConfig.Policies.LimitRange.Enabled = *oldConfig.Isolation.LimitRange.Enabled
+			newConfig.Policies.LimitRange.Enabled = config.StrBool(strconv.FormatBool(*oldConfig.Isolation.LimitRange.Enabled))
 		} else {
-			newConfig.Policies.LimitRange.Enabled = true
+			newConfig.Policies.LimitRange.Enabled = "true"
 		}
 		if oldConfig.Isolation.PodSecurityStandard == "" {
 			newConfig.Policies.PodSecurityStandard = "baseline"

diff --git a/config/values.yaml b/config/values.yaml
@@ -428,7 +428,7 @@ networking:
 
 policies:
   resourceQuota:
-    enabled: false
+    enabled: auto
     labels: {}
     annotations: {}
     quota:
@@ -452,7 +452,7 @@ policies:
     scopes: []
 
   limitRange:
-    enabled: false
+    enabled: auto
     labels: {}
     annotations: {}
     default: