Skip to content

Commit 92fcad3

Browse files
committed
Allow rolling update maxSurge maxUnavailable to be configurable
1 parent 20300c4 commit 92fcad3

File tree

3 files changed

+39
-14
lines changed

3 files changed

+39
-14
lines changed

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,3 +22,6 @@ bin
2222
*.swp
2323
*.swo
2424
*~
25+
26+
# executable
27+
egress-operator

README.md

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,17 @@
11
# egress-operator
2+
23
An operator to produce egress gateway pods and control access to them with network policies, and a coredns plugin to route egress traffic to these pods.
34

45
The idea is that instead of authorizing egress traffic with protocol inspection,
56
you instead create a internal clusterIP for every external service you use, lock
67
it down to only a few pods via a network policy, and then set up your dns server
78
to resolve the external service to that clusterIP.
89

9-
Built with kubebuilder: https://book.kubebuilder.io/
10+
Built with kubebuilder: <https://book.kubebuilder.io/>
1011

1112
The operator accepts ExternalService objects, which aren't namespaced, which define a dns name and ports for an external service.
1213
In the `egress-operator-system` namespace, it creates:
14+
1315
- An envoy configmap for a TCP/UDP proxy to that service (UDP not working until the next envoy release that enables it)
1416
- A deployment for some envoy pods with that config
1517
- A horizontal pod autoscaler to keep the deployment correctly sized
@@ -31,24 +33,28 @@ In the `egress-operator-system` namespace, it creates:
3133
```bash
3234
make run
3335
```
36+
3437
This creates an ExternalService object to see the controller-manager creating managed resources in the remote cluster.
3538

3639
### Setting up CoreDNS plugin
3740

3841
The CoreDNS plugin rewrites responses for external service hostnames managed by egress-operator.
3942

4043
Build a CoreDNS image which contains the plugin:
44+
4145
```bash
4246
cd coredns-plugin
4347
make docker-build docker-push IMG=yourrepo/egress-operator-coredns:latest
4448
```
4549

4650
You'll need to swap out the image of your coredns kubedns Deployment for `yourrepo/egress-operator-coredns:latest`:
51+
4752
```bash
4853
kubectl edit deploy coredns -n kube-system # Your Deployment name may vary
4954
```
5055

5156
And edit the coredns Corefile in ConfigMap to put in `egressoperator egress-operator-system cluster.local`:
57+
5258
```bash
5359
kubectl edit configmap coredns-config -n kube-system # Your ConfigMap name may vary
5460
```
@@ -171,10 +177,12 @@ spec:
171177
...
172178
```
173179

174-
| Variable name | Default | Description |
175-
| ---------------------- | --------------------------------- | -------------------------------------------------- |
176-
| ENVOY_IMAGE | `envoyproxy/envoy-alpine:v1.16.5` | Name of the Envoy Proxy image to use |
177-
| TAINT_TOLERATION_KEY | Empty, no tolerations applied | Toleration key to apply to gateway pods |
178-
| TAINT_TOLERATION_VALUE | Empty, no tolerations applied | Toleration value to apply to gateway pods |
179-
| NODE_SELECTOR_KEY | Empty, no node selector added | Node selector label key to apply to gateway pods |
180-
| NODE_SELECTOR_VALUE | Empty, no node selector added | Node selector label value to apply to gateway pods |
180+
| Variable name | Default | Description |
181+
| ------------------------------ | --------------------------------- | ------------------------------------------------------- |
182+
| ENVOY_IMAGE | `envoyproxy/envoy-alpine:v1.16.5` | Name of the Envoy Proxy image to use |
183+
| TAINT_TOLERATION_KEY | Empty, no tolerations applied | Toleration key to apply to gateway pods |
184+
| TAINT_TOLERATION_VALUE | Empty, no tolerations applied | Toleration value to apply to gateway pods |
185+
| NODE_SELECTOR_KEY | Empty, no node selector added | Node selector label key to apply to gateway pods |
186+
| NODE_SELECTOR_VALUE | Empty, no node selector added | Node selector label value to apply to gateway pods |
187+
| ROLLING_UPDATE_MAX_UNAVAILABLE | 25% | Rolling Update max unavailable to apply to gateway pods |
188+
| ROLLING_UPDATE_MAX_SURGE | 25% | Rolling Update max surge to apply to gateway pods |

controllers/deployment.go

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -76,9 +76,9 @@ func deployment(es *egressv1.ExternalService, configHash string) *appsv1.Deploym
7676
tv, vok := os.LookupEnv("TAINT_TOLERATION_VALUE")
7777
if kok && vok {
7878
tolerations = append(tolerations, corev1.Toleration{
79-
Key: tk,
80-
Value: tv,
81-
Effect: corev1.TaintEffectNoSchedule,
79+
Key: tk,
80+
Value: tv,
81+
Effect: corev1.TaintEffectNoSchedule,
8282
})
8383
}
8484

@@ -91,6 +91,9 @@ func deployment(es *egressv1.ExternalService, configHash string) *appsv1.Deploym
9191
}
9292
}
9393

94+
maxUnavailableStr := lookupEnvOr("ROLLING_UPDATE_MAX_UNAVAILABLE", "25%")
95+
maxSurgeStr := lookupEnvOr("ROLLING_UPDATE_MAX_SURGE", "25%")
96+
9497
var resources corev1.ResourceRequirements
9598
if es.Spec.Resources != nil {
9699
resources = *es.Spec.Resources
@@ -107,6 +110,9 @@ func deployment(es *egressv1.ExternalService, configHash string) *appsv1.Deploym
107110
}
108111
}
109112

113+
maxUnavailable := intstr.Parse(maxUnavailableStr)
114+
maxSurge := intstr.Parse(maxSurgeStr)
115+
110116
return &appsv1.Deployment{
111117
ObjectMeta: metav1.ObjectMeta{
112118
Name: es.Name,
@@ -120,8 +126,8 @@ func deployment(es *egressv1.ExternalService, configHash string) *appsv1.Deploym
120126
Strategy: appsv1.DeploymentStrategy{
121127
Type: appsv1.RollingUpdateDeploymentStrategyType,
122128
RollingUpdate: &appsv1.RollingUpdateDeployment{
123-
MaxUnavailable: intstr.ValueOrDefault(nil, intstr.FromString("25%")),
124-
MaxSurge: intstr.ValueOrDefault(nil, intstr.FromString("25%")),
129+
MaxUnavailable: &maxUnavailable,
130+
MaxSurge: &maxSurge,
125131
},
126132
},
127133
Selector: metav1.SetAsLabelSelector(labelsToSelect(es)),
@@ -131,7 +137,7 @@ func deployment(es *egressv1.ExternalService, configHash string) *appsv1.Deploym
131137
Annotations: a,
132138
},
133139
Spec: corev1.PodSpec{
134-
Tolerations: tolerations,
140+
Tolerations: tolerations,
135141
NodeSelector: nodeSelector,
136142
Containers: []corev1.Container{
137143
{
@@ -201,3 +207,11 @@ func deployment(es *egressv1.ExternalService, configHash string) *appsv1.Deploym
201207
},
202208
}
203209
}
210+
211+
func lookupEnvOr(envKey, envDefaultValue string) string {
212+
valueStr, isSet := os.LookupEnv(envKey)
213+
if !isSet || len(valueStr) == 0 {
214+
return envDefaultValue
215+
}
216+
return valueStr
217+
}

0 commit comments

Comments
 (0)