feat: introduce configurable resource limits for flagd sidecar

Signed-off-by: Skye Gill <gill.skye95@gmail.com>
open-feature · Dec 13, 2022 · e4affcf · e4affcf
1 parent 4820493
commit e4affcf
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 10 deletions.
diff --git a/chart/templates/rendered.yaml b/chart/templates/rendered.yaml
@@ -812,6 +812,8 @@ spec:
         - --health-probe-bind-address=:8081
         - --metrics-bind-address=127.0.0.1:8080
         - --leader-elect
+        - --flagd-cpu-limit=0.5
+        - --flagd-ram-limit=250M
         command:
         - /manager
         env:

diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -32,3 +32,5 @@ spec:
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
         - "--leader-elect"
+        - "--flagd-cpu-limit=0.5" # cores
+        - "--flagd-ram-limit=250M"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -31,6 +31,8 @@ spec:
         - /manager
         args:
         - --leader-elect
+        - --flagd-cpu-limit=0.5
+        - --flagd-ram-limit=250M
         imagePullPolicy: IfNotPresent
         image: controller:main
         name: manager

diff --git a/main.go b/main.go
@@ -18,6 +18,8 @@ package main
 
 import (
 	"flag"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
 	"os"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
@@ -40,12 +42,13 @@ import (
 )
 
 var (
-	scheme               = runtime.NewScheme()
-	setupLog             = ctrl.Log.WithName("setup")
-	metricsAddr          string
-	enableLeaderElection bool
-	probeAddr            string
-	verbose              bool
+	scheme                       = runtime.NewScheme()
+	setupLog                     = ctrl.Log.WithName("setup")
+	metricsAddr                  string
+	enableLeaderElection         bool
+	probeAddr                    string
+	verbose                      bool
+	flagDCpuLimit, flagDRamLimit string
 )
 
 func init() {
@@ -60,10 +63,12 @@ func main() {
 
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
-	flag.BoolVar(&verbose, "verbose", true, "Disable verbose logging (default: true)")
+	flag.BoolVar(&verbose, "verbose", true, "Disable verbose logging")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
+	flag.StringVar(&flagDCpuLimit, "flagd-cpu-limit", "0.5", "flagd CPU limit, in cores. (500m = .5 cores)")
+	flag.StringVar(&flagDRamLimit, "flagd-ram-limit", "250M", "flagd memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)")
 
 	level := zapcore.InfoLevel
 	if verbose {
@@ -78,6 +83,18 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	flagDCpuLimitResource, err := resource.ParseQuantity(flagDCpuLimit)
+	if err != nil {
+		setupLog.Error(err, "parse flagd cpu limit", "flagd-cpu-limit", flagDCpuLimit)
+		os.Exit(1)
+	}
+
+	flagDRamLimitResource, err := resource.ParseQuantity(flagDRamLimit)
+	if err != nil {
+		setupLog.Error(err, "parse flagd ram limit", "flagd-ram-limit", flagDRamLimit)
+		os.Exit(1)
+	}
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                 scheme,
 		MetricsBindAddress:     metricsAddr,
@@ -111,6 +128,12 @@ func main() {
 	//+kubebuilder:scaffold:builder
 	hookServer := mgr.GetWebhookServer()
 	hookServer.Register("/mutate-v1-pod", &webhook.Admission{Handler: &webhooks.PodMutator{
+		FlagDResourceRequirements: corev1.ResourceRequirements{
+			Limits: map[corev1.ResourceName]resource.Quantity{
+				corev1.ResourceCPU:    flagDCpuLimitResource,
+				corev1.ResourceMemory: flagDRamLimitResource,
+			},
+		},
 		Client: mgr.GetClient(),
 		Log:    ctrl.Log.WithName("mutating-pod-webhook"),
 	}})

diff --git a/webhooks/pod_webhook.go b/webhooks/pod_webhook.go
@@ -41,9 +41,10 @@ var flagdMetricsPort int32 = 8014
 
 // PodMutator annotates Pods
 type PodMutator struct {
-	Client  client.Client
-	decoder *admission.Decoder
-	Log     logr.Logger
+	Client                    client.Client
+	FlagDResourceRequirements corev1.ResourceRequirements
+	decoder                   *admission.Decoder
+	Log                       logr.Logger
 }
 
 // Handle injects the flagd sidecar (if the prerequisites are all met)
@@ -352,6 +353,7 @@ func (m *PodMutator) injectSidecar(pod *corev1.Pod, featureFlags []*corev1alpha1
 			},
 		},
 		SecurityContext: setSecurityContext(),
+		Resources: m.FlagDResourceRequirements,
 	})
 	return json.Marshal(pod)
 }