Inplace resize support

.github/workflows/ci.yml

@@ -22,12 +22,12 @@ jobs:
 
     - name: Install kubectl, helm, kind and kuttl ⬇️
       env:
-        KUTTL_VERSION: '0.20.0'
-        KUTTL_PLUGIN_FILENAME: 'kubectl-kuttl_0.20.0_linux_x86_64'
+        KUTTL_VERSION: '0.25.0'
+        KUTTL_PLUGIN_FILENAME: 'kubectl-kuttl_0.25.0_linux_x86_64'
       run: bash hack/install-dependencies.sh
 
     - name: Run kind ⚙️
-      run: kind create cluster --name kuttl-cluster
+      run: kind create cluster --name kuttl-cluster --config ./hack/kind-config.yaml
 
     - name: Mount the image in the Kind cluster ⚙️
       run: |
@@ -36,7 +36,7 @@ jobs:
     - name: Run the tests 🔎
       run: |
         echo "Running the tests"
-        kubectl kuttl test test/e2e/ --start-kind=false
+        kubectl kuttl test --config test/e2e/kuttl-test.yaml test/e2e/kuttl --start-kind=false
 
     - name: Clean up Kind cluster ☠️
       if: always()

.gitignore

@@ -31,3 +31,5 @@ hack/tilt/bin
 hack/tilt/chart
 
 *kubeconfig*
+
+e2e.json

Makefile

@@ -59,7 +59,7 @@ endif
 OPERATOR_SDK_VERSION ?= v1.40.0
 
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.31.0
+ENVTEST_K8S_VERSION = 1.35.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -217,7 +217,7 @@ GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.4.3
-CONTROLLER_TOOLS_VERSION ?= v0.16.1
+CONTROLLER_TOOLS_VERSION ?= v0.17.2
 ENVTEST_VERSION ?= release-0.19
 GOLANGCI_LINT_VERSION ?= v1.59.1
 

config/crd/bases/overcommit.inditex.dev_overcommitclasses.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.17.2
   name: overcommitclasses.overcommit.inditex.dev
 spec:
   group: overcommit.inditex.dev

config/crd/bases/overcommit.inditex.dev_overcommits.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.17.2
   name: overcommits.overcommit.inditex.dev
 spec:
   group: overcommit.inditex.dev

config/webhook/manifests.yaml

@@ -13,6 +13,7 @@ webhooks:
       path: /mutate--v1-pod
   failurePolicy: Ignore
   name: mutating-pod-v1.overcommit.inditex.dev
+  reinvocationPolicy: IfNeeded
   rules:
   - apiGroups:
     - ""
@@ -23,6 +24,7 @@ webhooks:
     - UPDATE
     resources:
     - pods
+    - pods/resize
   sideEffects: None
 ---
 apiVersion: admissionregistration.k8s.io/v1

docs/e2e-test.md

@@ -24,5 +24,5 @@ Then build the image and install the test chart in the kind cluster
 And finally run the tests
 
 ```[sh]
-kubectl kuttl test code/test/e2e/ --config code/test/e2e/kuttl-tests.yaml --start-kind=false
+kubectl kuttl test --config test/e2e/kuttl-test.yaml test/e2e/kuttl --start-kind=false
 ```

hack/install-dependencies.sh

@@ -8,7 +8,7 @@
 set -e
 
 #Kubectl
-curl -LO https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl
+curl -LO https://dl.k8s.io/release/v1.35.0/bin/linux/amd64/kubectl
 sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 
 #Helm3
@@ -22,6 +22,6 @@ sudo mv ${KUTTL_PLUGIN_FILENAME} /usr/local/bin/kubectl-kuttl
 sudo chmod +x /usr/local/bin/kubectl-kuttl
 
 #Kind
-curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64
+curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.31.0/kind-linux-amd64
 chmod +x ./kind
 sudo mv ./kind /usr/local/bin/kind

hack/kind-config.yaml

@@ -0,0 +1,24 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+
+featureGates:
+  InPlacePodVerticalScaling: true
+
+nodes:
+- role: control-plane
+  image: kindest/node:v1.35.0
+  kubeadmConfigPatches:
+  - |
+    kind: ClusterConfiguration
+    apiServer:
+      extraArgs:
+        feature-gates: InPlacePodVerticalScaling=true
+    controllerManager:
+      extraArgs:
+        feature-gates: InPlacePodVerticalScaling=true
+    scheduler:
+      extraArgs:
+        feature-gates: InPlacePodVerticalScaling=true
+
+- role: worker
+  image: kindest/node:v1.35.0

internal/resources/generate_resources_pod_mutating_webhooks.go

@@ -175,7 +175,7 @@ func getSelectorClassNotExist(label string) *metav1.LabelSelector {
 	}
 }
 
-func getMatchCondition(isDefault bool, name string, excludedNamespaces string, label string) []admissionv1.MatchCondition {
+func getMatchCondition(excludedNamespaces string) []admissionv1.MatchCondition {
 	matchConditions := []admissionv1.MatchCondition{}
 	matchConditions = append(matchConditions, admissionv1.MatchCondition{
 		Name:       "exclude-namespaces",
@@ -202,11 +202,36 @@ func getObjectSelector(isDefault bool, label string, name string) *metav1.LabelS
 }
 
 func CreateMutatingWebhookConfiguration(class overcommit.OvercommitClass, svc corev1.Service, cert certmanager.Certificate, label string) *admissionv1.MutatingWebhookConfiguration {
-
 	var path = "/mutate--v1-pod"
 	var scope = admissionv1.NamespacedScope
 	var policy = admissionv1.Fail
 	var sideEffect = admissionv1.SideEffectClassNone
+	var reinvocationPolicy = admissionv1.IfNeededReinvocationPolicy
+
+	rules := []admissionv1.RuleWithOperations{
+		{
+			Operations: []admissionv1.OperationType{
+				admissionv1.Create,
+			},
+			Rule: admissionv1.Rule{
+				APIGroups:   []string{""},
+				APIVersions: []string{"v1"},
+				Resources:   []string{"pods"},
+				Scope:       &scope,
+			},
+		},
+		{
+			Operations: []admissionv1.OperationType{
+				admissionv1.Update,
+			},
+			Rule: admissionv1.Rule{
+				APIGroups:   []string{""},
+				APIVersions: []string{"v1"},
+				Resources:   []string{"pods/resize"},
+				Scope:       &scope,
+			},
+		},
+	}
 
 	webhookConfig := &admissionv1.MutatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
@@ -225,23 +250,12 @@ func CreateMutatingWebhookConfiguration(class overcommit.OvercommitClass, svc co
 						Path:      &path,
 					},
 				},
-				Rules: []admissionv1.RuleWithOperations{
-					{
-						Operations: []admissionv1.OperationType{
-							admissionv1.Create,
-						},
-						Rule: admissionv1.Rule{
-							APIGroups:   []string{""},
-							APIVersions: []string{"v1"},
-							Resources:   []string{"pods"},
-							Scope:       &scope,
-						},
-					},
-				},
+				Rules:                   rules,
 				AdmissionReviewVersions: []string{"v1"},
 				FailurePolicy:           &policy,
 				SideEffects:             &sideEffect,
-				MatchConditions:         getMatchCondition(false, class.Name, class.Spec.ExcludedNamespaces, label),
+				ReinvocationPolicy:      &reinvocationPolicy,
+				MatchConditions:         getMatchCondition(class.Spec.ExcludedNamespaces),
 				ObjectSelector:          getObjectSelector(false, label, class.Name),
 			},
 		},
@@ -257,25 +271,15 @@ func CreateMutatingWebhookConfiguration(class overcommit.OvercommitClass, svc co
 					Path:      &path,
 				},
 			},
-			Rules: []admissionv1.RuleWithOperations{
-				{
-					Operations: []admissionv1.OperationType{
-						admissionv1.Create,
-					},
-					Rule: admissionv1.Rule{
-						APIGroups:   []string{""},
-						APIVersions: []string{"v1"},
-						Resources:   []string{"pods"},
-						Scope:       &scope,
-					},
-				},
-			},
+			Rules:                   rules,
 			AdmissionReviewVersions: []string{"v1"},
 			FailurePolicy:           &policy,
 			SideEffects:             &sideEffect,
-			MatchConditions:         getMatchCondition(class.Spec.IsDefault, class.Name, class.Spec.ExcludedNamespaces, label),
+			ReinvocationPolicy:      &reinvocationPolicy,
+			MatchConditions:         getMatchCondition(class.Spec.ExcludedNamespaces),
 			ObjectSelector:          getObjectSelector(class.Spec.IsDefault, label, class.Name),
 		})
 	}
+
 	return webhookConfig
 }

internal/webhook/v1alphav1/mutating/pod_webhook.go

@@ -16,13 +16,12 @@ import (
 	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // nolint:unused
 // log is for logging in this package.
-var podlog = logf.Log.WithName("webhook")
 
 // PodCustomDefaulter struct is responsible for setting default values on the custom resource of the Kind Pod.
 type PodCustomDefaulter struct {
@@ -40,19 +39,27 @@ func (d *PodCustomDefaulter) InjectClient(c client.Client) {
 
 var _ webhook.CustomDefaulter = &PodCustomDefaulter{}
 
-// Default implements webhook.CustomDefaulter so a webhook will be registered for the Kind Pod.
 func (d *PodCustomDefaulter) Default(ctx context.Context, obj runtime.Object) error {
 	pod, ok := obj.(*corev1.Pod)
 	if !ok {
 		return fmt.Errorf("expected a Pod object but got %T", obj)
 	}
 
-	// Call the Overcommit function and pass the EventRecorder
+	isResize := false
+	if req, err := admission.RequestFromContext(ctx); err == nil {
+		isResize = req.SubResource == "resize"
+	}
+
+	if isResize {
+		overcommit.OvercommitOnResize(pod, d.Recorder, d.Client)
+		return nil
+	}
+
 	overcommit.Overcommit(pod, d.Recorder, d.Client)
 	return nil
 }
 
-// +kubebuilder:webhook:path=/mutate--v1-pod,mutating=true,failurePolicy=ignore,sideEffects=None,groups="",resources=pods,verbs=create;update,versions=v1,name=mutating-pod-v1.overcommit.inditex.dev,admissionReviewVersions=v1
+// +kubebuilder:webhook:path=/mutate--v1-pod,mutating=true,failurePolicy=ignore,reinvocationPolicy=IfNeeded,sideEffects=None,groups="",resources=pods;pods/resize,verbs=create;update,versions=v1,name=mutating-pod-v1.overcommit.inditex.dev,admissionReviewVersions=v1
 // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch
 
 // SetupPodWebhookWithManager registers the webhook for Pod in the manager.