From 54020bc4788e392435aba1eeb2d636d4f8e7bc27 Mon Sep 17 00:00:00 2001 From: AWS Controllers for Kubernetes Bot <82905295+ack-bot@users.noreply.github.com> Date: Wed, 6 Mar 2024 17:27:31 -0600 Subject: [PATCH] Update to ACK runtime `v0.32.0`, code-generator `v0.32.1` (#19) ### Update to ACK runtime `v0.32.0`, code-generator `v0.32.1` ---------- * ACK code-generator `v0.32.1` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.32.1) * ACK runtime `v0.32.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.32.0) ---------- NOTE: This PR increments the release version of service controller from `v0.0.3` to `v0.0.4` Once this PR is merged, release `v0.0.4` will be automatically created for `organizations-controller` **Please close this PR, if you do not want the new patch release for `organizations-controller`** ---------- #### stdout for `make build-controller`: ``` building ack-generate ... ok. ==== building organizations-controller ==== Copying common custom resource definitions into organizations Building Kubernetes API objects for organizations Generating deepcopy code for organizations Generating custom resource definitions for organizations Building service controller for organizations Generating RBAC manifests for organizations Running gofmt against generated code for organizations Updating additional GitHub repository maintenance files ==== building organizations-controller release artifacts ==== Building release artifacts for organizations-v0.0.4 Generating common custom resource definitions Generating custom resource definitions for organizations Generating RBAC manifests for organizations ``` ---------- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- apis/v1alpha1/ack-generate-metadata.yaml | 8 +++--- cmd/controller/main.go | 19 ++++++++++++++ config/controller/deployment.yaml | 16 ++++++++++++ config/controller/kustomization.yaml | 2 +- go.mod | 4 +-- go.sum | 8 +++--- helm/Chart.yaml | 4 +-- helm/templates/NOTES.txt | 2 +- helm/templates/_helpers.tpl | 3 ++- helm/templates/deployment.yaml | 32 ++++++++++++++++++++++-- helm/values.schema.json | 8 +++++- helm/values.yaml | 8 +++++- 12 files changed, 95 insertions(+), 19 deletions(-) diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index 9730b3f..cb8e23f 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,9 +1,9 @@ ack_generate_info: - build_date: "2024-02-14T04:03:37Z" - build_hash: 947081ffebdeefcf2c61c4ca6d7e68810bdf9d08 + build_date: "2024-03-06T21:28:07Z" + build_hash: a5ba3c851434263128a1464a2c41e528779eeefa go_version: go1.22.0 - version: v0.30.0 -api_directory_checksum: 37b933d95cb4cee8d623aa354c10fe43c29575ed + version: v0.32.1 +api_directory_checksum: 2b3e49c747df63b01cfb28a5d6dc48b1ed9665cf api_version: v1alpha1 aws_sdk_go_version: v1.44.167 generator_config_info: diff --git a/cmd/controller/main.go b/cmd/controller/main.go index 415cf36..f68d442 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -30,6 +30,7 @@ import ( clientgoscheme "k8s.io/client-go/kubernetes/scheme" ctrlrt "sigs.k8s.io/controller-runtime" ctrlrtcache "sigs.k8s.io/controller-runtime/pkg/cache" + ctrlrthealthz "sigs.k8s.io/controller-runtime/pkg/healthz" ctrlrtmetrics "sigs.k8s.io/controller-runtime/pkg/metrics" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" ctrlrtwebhook "sigs.k8s.io/controller-runtime/pkg/webhook" @@ -116,6 +117,9 @@ func main() { LeaderElection: ackCfg.EnableLeaderElection, LeaderElectionID: "ack-" + awsServiceAPIGroup, LeaderElectionNamespace: ackCfg.LeaderElectionNamespace, + HealthProbeBindAddress: ackCfg.HealthzAddr, + LivenessEndpointName: "/healthz", + ReadinessEndpointName: "/readyz", }) if err != nil { setupLog.Error( @@ -166,6 +170,21 @@ func main() { os.Exit(1) } + if err = mgr.AddHealthzCheck("health", ctrlrthealthz.Ping); err != nil { + setupLog.Error( + err, "unable to set up health check", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + if err = mgr.AddReadyzCheck("check", ctrlrthealthz.Ping); err != nil { + setupLog.Error( + err, "unable to set up ready check", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + setupLog.Info( "starting manager", "aws.service", awsServiceAlias, diff --git a/config/controller/deployment.yaml b/config/controller/deployment.yaml index 3ed272b..811a1a1 100644 --- a/config/controller/deployment.yaml +++ b/config/controller/deployment.yaml @@ -39,6 +39,8 @@ spec: - --enable-leader-election=$(ENABLE_LEADER_ELECTION) - --leader-election-namespace - "$(LEADER_ELECTION_NAMESPACE)" + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" image: controller:latest name: controller ports: @@ -72,6 +74,8 @@ spec: value: "false" - name: LEADER_ELECTION_NAMESPACE value: "ack-system" + - name: "RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS" + value: "1" securityContext: allowPrivilegeEscalation: false privileged: false @@ -79,6 +83,18 @@ spec: capabilities: drop: - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 securityContext: seccompProfile: type: RuntimeDefault diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index 9876444..43c76a0 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/organizations-controller - newTag: 0.0.3 + newTag: 0.0.4 diff --git a/go.mod b/go.mod index 04b1360..50a244b 100644 --- a/go.mod +++ b/go.mod @@ -5,14 +5,14 @@ go 1.21 toolchain go1.21.5 require ( - github.com/aws-controllers-k8s/runtime v0.30.0 + github.com/aws-controllers-k8s/runtime v0.32.0 github.com/aws/aws-sdk-go v1.49.0 github.com/go-logr/logr v1.4.1 github.com/spf13/pflag v1.0.5 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.0 k8s.io/client-go v0.29.0 - sigs.k8s.io/controller-runtime v0.17.0 + sigs.k8s.io/controller-runtime v0.17.2 ) require ( diff --git a/go.sum b/go.sum index 2528b62..0877638 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/aws-controllers-k8s/runtime v0.30.0 h1:AibYRdi/7xUA3t8BA0u8g+J+OioaTAT6R4Vq8hxLiYw= -github.com/aws-controllers-k8s/runtime v0.30.0/go.mod h1:Pv1ozlUaO11KO2mwPN/HzhAtZ70ZDE9UP24mjsbkul0= +github.com/aws-controllers-k8s/runtime v0.32.0 h1:R0dQs8vRlK50KZ7rgdExqExdlUgFSAzDT8q1HCxc1uc= +github.com/aws-controllers-k8s/runtime v0.32.0/go.mod h1:6qr9ULkjOHo0fTwEUkE+48IxHqNbHxvvf/9JzGoR8pM= github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY= github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -215,8 +215,8 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= -sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 19b28ba..ed1564b 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: organizations-chart description: A Helm chart for the ACK service controller for AWS Organizations (Organizations) -version: 0.0.3 -appVersion: 0.0.3 +version: 0.0.4 +appVersion: 0.0.4 home: https://github.com/aws-controllers-k8s/organizations-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index 3709998..388c013 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/organizations-controller:0.0.3". +This chart deploys "public.ecr.aws/aws-controllers-k8s/organizations-controller:0.0.4". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 7507d90..17f9cce 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -44,7 +44,8 @@ If release name contains chart name it will be used as a full name. {{/* The path the shared credentials file is mounted */}} {{- define "ack-organizations-controller.aws.credentials.path" -}} -{{- printf "%s/%s" (include "aws.credentials.secret_mount_path" .) .Values.aws.credentials.secretKey -}} +{{ $secret_mount_path := include "ack-organizations-controller.aws.credentials.secret_mount_path" . }} +{{- printf "%s/%s" $secret_mount_path .Values.aws.credentials.secretKey -}} {{- end -}} {{/* The rules a of ClusterRole or Role */}} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index f4b8763..a17256c 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -64,13 +64,21 @@ spec: - --leader-election-namespace - "$(LEADER_ELECTION_NAMESPACE)" {{- end }} -{{- if gt .Values.reconcile.defaultResyncPeriod 0.0 }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} - --reconcile-default-resync-seconds - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)" {{- end }} {{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} - --reconcile-resource-resync-seconds - "$(RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }})" +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - --reconcile-resource-max-concurrent-syncs + - "$(RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }})" {{- end }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -99,13 +107,21 @@ spec: value: {{ .Values.log.level | quote }} - name: ACK_RESOURCE_TAGS value: {{ join "," .Values.resourceTags | quote }} -{{- if gt .Values.reconcile.defaultResyncPeriod 0.0 }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} - name: RECONCILE_DEFAULT_RESYNC_SECONDS value: {{ .Values.reconcile.defaultResyncPeriod | quote }} {{- end }} {{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} - name: RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }} value: {{ $key }}={{ $value }} +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - name: RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS + value: {{ .Values.reconcile.defaultMaxConcurrentSyncs | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - name: RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }} + value: {{ $key }}={{ $value }} {{- end }} {{- if .Values.aws.credentials.secretName }} - name: AWS_SHARED_CREDENTIALS_FILE @@ -132,6 +148,18 @@ spec: capabilities: drop: - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 securityContext: seccompProfile: type: RuntimeDefault diff --git a/helm/values.schema.json b/helm/values.schema.json index ac28b68..742163e 100644 --- a/helm/values.schema.json +++ b/helm/values.schema.json @@ -223,13 +223,19 @@ "enum": ["delete", "retain"] }, "reconcile": { - "description": "Reconcile resync settings. Parameters to tune the controller's drift remediation period.", + "description": "Reconcile settings. This is used to configure the controller's reconciliation behavior. e.g resyncPeriod and maxConcurrentSyncs", "properties": { "defaultResyncPeriod": { "type": "number" }, "resourceResyncPeriods": { "type": "object" + }, + "defaultMaxConcurentSyncs": { + "type": "number" + }, + "resourceMaxConcurrentSyncs": { + "type": "object" } }, "type": "object" diff --git a/helm/values.yaml b/helm/values.yaml index b2b816a..7084864 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/organizations-controller - tag: 0.0.3 + tag: 0.0.4 pullPolicy: IfNotPresent pullSecrets: [] @@ -128,6 +128,12 @@ reconcile: # An object representing the reconcile resync configuration for each specific resource. resourceResyncPeriods: {} + # The default number of concurrent syncs that a reconciler can perform. + defaultMaxConcurrentSyncs: 1 + # An object representing the reconcile max concurrent syncs configuration for each specific + # resource. + resourceMaxConcurrentSyncs: {} + serviceAccount: # Specifies whether a service account should be created create: true