Added capability to provide metadata prefetch memory request and limi…

…ts to fuse csi annotations> Additionally added unit tests verifying changes.
GoogleCloudPlatform · Feb 12, 2025 · 2689b35 · 2689b35
1 parent 9ae5955
commit 2689b35
Show file tree

Hide file tree

Showing 7 changed files with 323 additions and 30 deletions.
diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go
@@ -54,6 +54,8 @@ var (
 	sidecarImage            = flag.String("sidecar-image", "", "The gcsfuse sidecar container image.")
 	metadataSidecarImage    = flag.String("metadata-sidecar-image", "", "The metadata prefetch sidecar container image.")
 	injectSAVol             = flag.Bool("should-inject-sa-vol", false, "Inject projected service account volume when true")
+	metadataMemoryRequest   = flag.String("metadata-sidecar-memory-request", "-1", "Flag to use default value for gcsfuse memory prefetch sidecar container request.")
+	metadataMemoryLimit     = flag.String("metadata-sidecar-memory-limit", "-1", "Flag to use default value for gcsfuse memory prefetch sidecar container limit.")
 	// These are set at compile time.
 	webhookVersion = "unknown"
 )
@@ -73,7 +75,7 @@ func main() {
 	klog.Infof("Running Google Cloud Storage FUSE CSI driver admission webhook version %v, sidecar container image %v", webhookVersion, *sidecarImage)
 
 	// Load webhook config
-	c := wh.LoadConfig(*sidecarImage, *metadataSidecarImage, *imagePullPolicy, *cpuRequest, *cpuLimit, *memoryRequest, *memoryLimit, *ephemeralStorageRequest, *ephemeralStorageLimit)
+	c := wh.LoadConfig(*sidecarImage, *metadataSidecarImage, *imagePullPolicy, *cpuRequest, *cpuLimit, *memoryRequest, *memoryLimit, *ephemeralStorageRequest, *ephemeralStorageLimit, *metadataMemoryRequest, *metadataMemoryLimit)
 	c.ShouldInjectSAVolume = *injectSAVol
 	klog.Infof("Webhook should inject SA volume: %t", c.ShouldInjectSAVolume)
 

diff --git a/pkg/webhook/config.go b/pkg/webhook/config.go
@@ -44,27 +44,33 @@ type Config struct {
 	EphemeralStorageRequest resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-request,omitempty"`
 	//nolint:tagliatelle
 	EphemeralStorageLimit resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-limit,omitempty"`
+	//nolint:tagliatelle
+	MetadataPrefetchMemoryRequest resource.Quantity `json:"gke-gcsfuse/metadata-prefetch/memory-request,omitempty"`
+	//nolint:tagliatelle
+	MetadataPrefetchMemoryLimit resource.Quantity `json:"gke-gcsfuse/metadata-prefetch/memory-limit,omitempty"`
 }
 
-func LoadConfig(containerImage, metadataContainerImage, imagePullPolicy, cpuRequest, cpuLimit, memoryRequest, memoryLimit, ephemeralStorageRequest, ephemeralStorageLimit string) *Config {
+func LoadConfig(containerImage, metadataContainerImage, imagePullPolicy, cpuRequest, cpuLimit, memoryRequest, memoryLimit, ephemeralStorageRequest, ephemeralStorageLimit, metaDataPrefetchMemoryRequest, metadataPrefetchMemoryLimit string) *Config {
 	return &Config{
-		ContainerImage:          containerImage,
-		MetadataContainerImage:  metadataContainerImage,
-		ImagePullPolicy:         imagePullPolicy,
-		CPURequest:              resource.MustParse(cpuRequest),
-		CPULimit:                resource.MustParse(cpuLimit),
-		MemoryRequest:           resource.MustParse(memoryRequest),
-		MemoryLimit:             resource.MustParse(memoryLimit),
-		EphemeralStorageRequest: resource.MustParse(ephemeralStorageRequest),
-		EphemeralStorageLimit:   resource.MustParse(ephemeralStorageLimit),
+		ContainerImage:                containerImage,
+		MetadataContainerImage:        metadataContainerImage,
+		ImagePullPolicy:               imagePullPolicy,
+		CPURequest:                    resource.MustParse(cpuRequest),
+		CPULimit:                      resource.MustParse(cpuLimit),
+		MemoryRequest:                 resource.MustParse(memoryRequest),
+		MemoryLimit:                   resource.MustParse(memoryLimit),
+		EphemeralStorageRequest:       resource.MustParse(ephemeralStorageRequest),
+		EphemeralStorageLimit:         resource.MustParse(ephemeralStorageLimit),
+		MetadataPrefetchMemoryRequest: resource.MustParse(metaDataPrefetchMemoryRequest),
+		MetadataPrefetchMemoryLimit:   resource.MustParse(metadataPrefetchMemoryLimit),
 	}
 }
 
 func FakeConfig() *Config {
 	fakeImage1 := "fake-repo/fake-sidecar-image:v999.999.999-gke.0@sha256:c9cd4cde857ab8052f416609184e2900c0004838231ebf1c3817baa37f21d847"
 	fakeImage2 := "fake-repo/fake-sidecar-image:v888.888.888-gke.0@sha256:c9cd4cde857ab8052f416609184e2900c0004838231ebf1c3817baa37f21d847"
 
-	return LoadConfig(fakeImage1, fakeImage2, "Always", "250m", "250m", "256Mi", "256Mi", "5Gi", "5Gi")
+	return LoadConfig(fakeImage1, fakeImage2, "Always", "250m", "250m", "256Mi", "256Mi", "5Gi", "5Gi", "-1", "-1")
 }
 
 func prepareResourceList(c *Config) (corev1.ResourceList, corev1.ResourceList) {
@@ -142,7 +148,7 @@ func (si *SidecarInjector) prepareConfig(annotations map[string]string) (*Config
 }
 
 func LogPodMutation(pod *corev1.Pod, sidecarConfig *Config) {
-	klog.Infof("mutating Pod. Name: %q, GenerateName: %q, Namespace: %q, Sidecar Image: %s, CPU Request: %q, CPU limit: %q, Memory request: %q, Memory limit: %q, Ephemeral storage request: %q, Ephemeral storage limit: %q, Pull policy: %s",
+	klog.Infof("mutating Pod. Name: %q, GenerateName: %q, Namespace: %q, Sidecar Image: %s, CPU Request: %q, CPU limit: %q, Memory request: %q, Memory limit: %q, Ephemeral storage request: %q, Ephemeral storage limit: %q, Metadata Prefetch Memory request: %q, Metadata Prefetch Memory limit: %q, Pull policy: %s",
 		pod.Name,
 		pod.GenerateName,
 		pod.Namespace,
@@ -153,6 +159,8 @@ func LogPodMutation(pod *corev1.Pod, sidecarConfig *Config) {
 		sidecarConfig.MemoryLimit.String(),
 		sidecarConfig.EphemeralStorageRequest.String(),
 		sidecarConfig.EphemeralStorageLimit.String(),
+		sidecarConfig.MetadataPrefetchMemoryRequest.String(),
+		sidecarConfig.MetadataPrefetchMemoryLimit.String(),
 		sidecarConfig.ImagePullPolicy,
 	)
 }
diff --git a/pkg/webhook/injection.go b/pkg/webhook/injection.go
@@ -118,10 +118,10 @@ func (si *SidecarInjector) injectMetadataPrefetchSidecarContainer(pod *corev1.Po
 	}
 
 	if injectAsNativeSidecar {
-		containerSpec = si.GetNativeMetadataPrefetchSidecarContainerSpec(pod, config.MetadataContainerImage)
+		containerSpec = si.GetNativeMetadataPrefetchSidecarContainerSpec(pod, config)
 		index = getInjectIndexAfterContainer(pod.Spec.InitContainers, GcsFuseSidecarName)
 	} else {
-		containerSpec = si.GetMetadataPrefetchSidecarContainerSpec(pod, config.MetadataContainerImage)
+		containerSpec = si.GetMetadataPrefetchSidecarContainerSpec(pod, config)
 		index = getInjectIndexAfterContainer(pod.Spec.Containers, GcsFuseSidecarName)
 	}
 

diff --git a/pkg/webhook/injection_test.go b/pkg/webhook/injection_test.go
@@ -514,7 +514,8 @@ func TestGetInjectIndex(t *testing.T) {
 func TestInjectMetadataPrefetchSidecar(t *testing.T) {
 	t.Parallel()
 
-	limits, requests := prepareResourceList(getMetadataPrefetchConfig("fake-image"))
+	limits, requests := prepareResourceList(getDefaultMetadataPrefetchConfig("fake-image"))
+	customLimits, customRequests := prepareResourceList(getMetadataPrefetchConfig(LoadConfig("fake-image", "fake-image", "Always", "250m", "250m", "256Mi", "256Mi", "5Gi", "5Gi", "20Mi", "20Mi")))
 
 	testCases := []struct {
 		testName      string
@@ -1025,6 +1026,194 @@ func TestInjectMetadataPrefetchSidecar(t *testing.T) {
 				},
 			},
 		},
+		{
+			testName: "fuse sidecar present, injection successful, with custom memory limits and requests",
+			config:   *LoadConfig("fake-image", "fake-image", "Always", "250m", "250m", "256Mi", "256Mi", "5Gi", "5Gi", "20Mi", "20Mi"),
+			pod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					InitContainers: []corev1.Container{
+						{
+							Name: GcsFuseSidecarName,
+						},
+						{
+							Name: "two",
+						},
+						{
+							Name: "three",
+						},
+					},
+					Containers: []corev1.Container{
+						{
+							Name: "workload-one",
+						},
+						{
+							Name: "workload-two",
+						},
+						{
+							Name: "workload-three",
+						},
+					},
+					Volumes: []corev1.Volume{
+						{
+							Name: "my-volume",
+							VolumeSource: corev1.VolumeSource{
+								CSI: &corev1.CSIVolumeSource{
+									Driver: gcsFuseCsiDriverName,
+									VolumeAttributes: map[string]string{
+										gcsFuseMetadataPrefetchOnMountVolumeAttribute: "true",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedPod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					InitContainers: []corev1.Container{
+						{
+							Name: GcsFuseSidecarName,
+						},
+						{
+							Name:            MetadataPrefetchSidecarName,
+							Image:           "fake-image",
+							Env:             []corev1.EnvVar{{Name: "NATIVE_SIDECAR", Value: "TRUE"}},
+							RestartPolicy:   ptr.To(corev1.ContainerRestartPolicyAlways),
+							SecurityContext: GetSecurityContext(),
+							Resources: corev1.ResourceRequirements{
+								Requests: customRequests,
+								Limits:   customLimits,
+							},
+							VolumeMounts: []corev1.VolumeMount{{Name: "my-volume", ReadOnly: true, MountPath: "/volumes/my-volume"}},
+						},
+						{
+							Name: "two",
+						},
+						{
+							Name: "three",
+						},
+					},
+					Containers: []corev1.Container{
+						{
+							Name: "workload-one",
+						},
+						{
+							Name: "workload-two",
+						},
+						{
+							Name: "workload-three",
+						},
+					},
+					Volumes: []corev1.Volume{
+						{
+							Name: "my-volume",
+							VolumeSource: corev1.VolumeSource{
+								CSI: &corev1.CSIVolumeSource{
+									Driver: gcsFuseCsiDriverName,
+									VolumeAttributes: map[string]string{
+										gcsFuseMetadataPrefetchOnMountVolumeAttribute: "true",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			testName: "fuse sidecar present, injection successful, with custom memory requests no limit provided",
+			config:   *LoadConfig("fake-image", "fake-image", "Always", "250m", "250m", "256Mi", "256Mi", "5Gi", "5Gi", "20Mi", "-1"),
+			pod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					InitContainers: []corev1.Container{
+						{
+							Name: GcsFuseSidecarName,
+						},
+						{
+							Name: "two",
+						},
+						{
+							Name: "three",
+						},
+					},
+					Containers: []corev1.Container{
+						{
+							Name: "workload-one",
+						},
+						{
+							Name: "workload-two",
+						},
+						{
+							Name: "workload-three",
+						},
+					},
+					Volumes: []corev1.Volume{
+						{
+							Name: "my-volume",
+							VolumeSource: corev1.VolumeSource{
+								CSI: &corev1.CSIVolumeSource{
+									Driver: gcsFuseCsiDriverName,
+									VolumeAttributes: map[string]string{
+										gcsFuseMetadataPrefetchOnMountVolumeAttribute: "true",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedPod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					InitContainers: []corev1.Container{
+						{
+							Name: GcsFuseSidecarName,
+						},
+						{
+							Name:            MetadataPrefetchSidecarName,
+							Image:           "fake-image",
+							Env:             []corev1.EnvVar{{Name: "NATIVE_SIDECAR", Value: "TRUE"}},
+							RestartPolicy:   ptr.To(corev1.ContainerRestartPolicyAlways),
+							SecurityContext: GetSecurityContext(),
+							Resources: corev1.ResourceRequirements{
+								Requests: customRequests,
+								Limits:   limits,
+							},
+							VolumeMounts: []corev1.VolumeMount{{Name: "my-volume", ReadOnly: true, MountPath: "/volumes/my-volume"}},
+						},
+						{
+							Name: "two",
+						},
+						{
+							Name: "three",
+						},
+					},
+					Containers: []corev1.Container{
+						{
+							Name: "workload-one",
+						},
+						{
+							Name: "workload-two",
+						},
+						{
+							Name: "workload-three",
+						},
+					},
+					Volumes: []corev1.Volume{
+						{
+							Name: "my-volume",
+							VolumeSource: corev1.VolumeSource{
+								CSI: &corev1.CSIVolumeSource{
+									Driver: gcsFuseCsiDriverName,
+									VolumeAttributes: map[string]string{
+										gcsFuseMetadataPrefetchOnMountVolumeAttribute: "true",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			testName: "fuse sidecar present with many volumes and config, injection successful",
 			config:   *FakeConfig(),

diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
@@ -34,14 +34,16 @@ import (
 )
 
 const (
-	GcsFuseVolumeEnableAnnotation        = "gke-gcsfuse/volumes"
-	GcsFuseNativeSidecarEnableAnnotation = "gke-gcsfuse/enable-native-sidecar"
-	cpuLimitAnnotation                   = "gke-gcsfuse/cpu-limit"
-	cpuRequestAnnotation                 = "gke-gcsfuse/cpu-request"
-	memoryLimitAnnotation                = "gke-gcsfuse/memory-limit"
-	memoryRequestAnnotation              = "gke-gcsfuse/memory-request"
-	ephemeralStorageLimitAnnotation      = "gke-gcsfuse/ephemeral-storage-limit"
-	ephemeralStorageRequestAnnotation    = "gke-gcsfuse/ephemeral-storage-request"
+	GcsFuseVolumeEnableAnnotation           = "gke-gcsfuse/volumes"
+	GcsFuseNativeSidecarEnableAnnotation    = "gke-gcsfuse/enable-native-sidecar"
+	cpuLimitAnnotation                      = "gke-gcsfuse/cpu-limit"
+	cpuRequestAnnotation                    = "gke-gcsfuse/cpu-request"
+	memoryLimitAnnotation                   = "gke-gcsfuse/memory-limit"
+	memoryRequestAnnotation                 = "gke-gcsfuse/memory-request"
+	ephemeralStorageLimitAnnotation         = "gke-gcsfuse/ephemeral-storage-limit"
+	ephemeralStorageRequestAnnotation       = "gke-gcsfuse/ephemeral-storage-request"
+	metadataPrefetchMemoryLimitAnnotation   = "gke-gcsfuse/metadata-prefetch/memory-limit"
+	metadataPrefetchMemoryRequestAnnotation = "gke-gcsfuse/metadata-prefetch/memory-request"
 )
 
 type SidecarInjector struct {