Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EV-4687 Make resource request/limits configurable for dex,IDC #3205

Merged
merged 3 commits into from
Mar 11, 2024
Merged

EV-4687 Make resource request/limits configurable for dex,IDC #3205

merged 3 commits into from
Mar 11, 2024

Conversation

vara2504
Copy link
Contributor

@vara2504 vara2504 commented Feb 26, 2024
edited
Loading

Description

Set default for CSR
Add AuthenticationDeployment to configure resources
Add IntrusionDetectionDeployment to configure resources

vara@vara:~/bzprofiles/Clusters/tc_res$ kubectl patch authentication tigera-secure  --type=merge --patch='{"spec": {"dexDeployment":{"spec": {"template": {"spec": {"containers":[{"name":"tigera-dex","resources":{"limits":{"cpu":"150m", "memory":"500Mi"},"requests":{"cpu":"20m", "memory":"50Mi"}}}]}}}}}}'
authentication.operator.tigera.io/tigera-secure patched
vara@vara:~/bzprofiles/Clusters/tc_res$ k get authentication -o yaml
apiVersion: v1
items:
- apiVersion: operator.tigera.io/v1
  kind: Authentication
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"operator.tigera.io/v1","kind":"Authentication","metadata":{"annotations":{},"name":"tigera-secure"},"spec":{"managerDomain":"https://tigera-manager.tigera-manager:9443","oidc":{"issuerURL":"https://oidc.oidc:443","usernameClaim":"email"}}}
    creationTimestamp: "2024-03-05T18:02:18Z"
    generation: 3
    name: tigera-secure
    resourceVersion: "174147"
    uid: 14144119-ab06-4bd8-894e-29db30357b88
  spec:
    dexDeployment:
      spec:
        template:
          spec:
            containers:
            - name: tigera-dex
              resources:
                limits:
                  cpu: 150m
                  memory: 500Mi
                requests:
                  cpu: 20m
                  memory: 50Mi
vara@vara:~/bzprofiles/Clusters/tc_res$ k get deployment.apps/tigera-dex -n tigera-dex -o yaml|grep -A 5 -B 1 resources
          protocol: TCP
        resources:
          limits:
            cpu: 150m
            memory: 500Mi
          requests:
            cpu: 20m


vara@vara:~/bzprofiles/Clusters/tc_res$ k get deployment.apps/intrusion-detection-controller -n tigera-intrusion-detection -o yaml|grep -A 5 -B 1 resources
        name: controller
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
--
        name: webhooks-processor
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
vara@vara:~/bzprofiles/Clusters/tc_res$ 
vara@vara:~/bzprofiles/Clusters/tc_res$  kubectl patch intrusiondetection tigera-secure  --type=merge --patch='{"spec": {"intrusionDetectionControllerDeployment":{"spec": {"template": {"spec": {"containers":[{"name":"webhooks-processor","resources":{"limits":{"cpu":"150m", "memory":"500Mi"},"requests":{"cpu":"20m", "memory":"50Mi"}}}]}}}}}}'
intrusiondetection.operator.tigera.io/tigera-secure patched
vara@vara:~/bzprofiles/Clusters/tc_res$ 
vara@vara:~/bzprofiles/Clusters/tc_res$ 
vara@vara:~/bzprofiles/Clusters/tc_res$ k get deployment.apps/intrusion-detection-controller -n tigera-intrusion-detection -o yaml|grep -A 5 -B 1 resources
        name: controller
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
--
        name: webhooks-processor
        resources:
          limits:
            cpu: 150m
            memory: 500Mi
          requests:
            cpu: 20m

APIServer already have this option - tested

vara@vara:~/bzprofiles/Clusters/tc_monitoring$ k get deployment.apps/tigera-apiserver -n tigera-system -o yaml|grep -A 5 -B 1 resources
          timeoutSeconds: 5
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
--
        name: tigera-queryserver
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@vara2504 vara2504 requested a review from a team as a code owner February 26, 2024 23:29
@marvin-tigera marvin-tigera added this to the v1.34.0 milestone Feb 26, 2024
@vara2504 vara2504 force-pushed the resource_req branch 3 times, most recently from 1eb7104 to 73ad2ed Compare February 27, 2024 01:28
@vara2504 vara2504 force-pushed the resource_req branch 4 times, most recently from 6f04f9f to 982e0e7 Compare February 29, 2024 16:18
rene-dekker
rene-dekker reviewed Mar 5, 2024
View reviewed changes
pkg/render/dex_test.go Outdated Show resolved Hide resolved
rene-dekker
rene-dekker approved these changes Mar 8, 2024
View reviewed changes
Copy link
Member

@rene-dekker rene-dekker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@rene-dekker rene-dekker merged commit b01481d into tigera:master Mar 11, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rene-dekker rene-dekker rene-dekker approved these changes

Assignees
No one assigned
Labels
docs-pr-required release-note-required
Projects
None yet
Milestone
v1.34.0
Development

Successfully merging this pull request may close these issues.
3 participants
@vara2504 @rene-dekker @marvin-tigera