[Bugfix] [Platform] Increase memory limit for Inventory

CHANGELOG.md

@@ -1,6 +1,7 @@
 # Change Log
 
 ## [master](https://github.com/arangodb/kube-arangodb/tree/master) (N/A)
+- (Bugfix) (Platform) Increase memory limit for Inventory
 
 ## [1.3.1](https://github.com/arangodb/kube-arangodb/tree/1.3.1) (2025-10-07)
 - (Documentation) Add ArangoPlatformStorage Docs & Examples

README.md

@@ -201,7 +201,7 @@ Flags:
       --internal.scaling-integration                           Enable Scaling Integration
       --kubernetes.burst int                                   Burst for the k8s API (default 256)
       --kubernetes.max-batch-size int                          Size of batch during objects read (default 256)
-      --kubernetes.qps float32                                 Number of queries per second for k8s API (default 32)
+      --kubernetes.qps float32                                 Number of queries per second for k8s API. If set to 0 or less, API calls won't be throttled (default 32)
       --leader.label.skip                                      Skips Leader Label for the Pod
       --log.format string                                      Set log format. Allowed values: 'pretty', 'JSON'. If empty, default format is used (default "pretty")
       --log.level stringArray                                  Set log levels in format <level> or <logger>=<level>. Possible loggers: action, agency, api-server, assertion, backup-operator, chaos-monkey, crd, deployment, deployment-ci, deployment-reconcile, deployment-replication, deployment-resilience, deployment-resources, deployment-storage, deployment-storage-pc, deployment-storage-service, generic-parent-operator, helm, http, inspector, integration-authn-v1, integration-config-v1, integration-envoy-auth-v3, integration-envoy-auth-v3-impl-auth-bearer, integration-envoy-auth-v3-impl-auth-cookie, integration-envoy-auth-v3-impl-custom-openid, integration-envoy-auth-v3-impl-pass-mode, integration-meta-v1, integration-scheduler-v2, integration-shutdown-v1, integration-storage-v1-s3, integration-storage-v2, integrations, k8s-client, kubernetes, kubernetes-access, kubernetes-client, kubernetes-informer, monitor, networking-route-operator, operator, operator-arangojob-handler, operator-v2, operator-v2-event, operator-v2-worker, panics, platform-chart-operator, platform-pod-shutdown, platform-service-operator, platform-storage-operator, pod_compare, root, root-event-recorder, scheduler-batchjob-operator, scheduler-cronjob-operator, scheduler-deployment-operator, scheduler-pod-operator, scheduler-profile-operator, server, server-authentication, webhook (default [info])
@@ -231,6 +231,7 @@ Flags:
       --server.tls-secret-name string                          Name of secret containing tls.crt & tls.key for HTTPS server (if empty, self-signed certificate is used)
       --shutdown.delay duration                                The delay before running shutdown handlers (default 2s)
       --shutdown.timeout duration                              Timeout for shutdown handlers (default 30s)
+      --threads int                                            Number of the worker threads (default 16)
       --timeout.agency duration                                The Agency read timeout (default 10s)
       --timeout.arangod duration                               The request timeout to the ArangoDB (default 5s)
       --timeout.arangod-check duration                         The version check request timeout to the ArangoDB (default 2s)

chart/kube-arangodb-arm64/templates/deployment.yaml

@@ -92,6 +92,7 @@ spec:
           imagePullPolicy: {{ .Values.operator.imagePullPolicy }}
           image: {{ .Values.operator.image }}
           args:
+            - --threads={{ .Values.operator.threads }}
 {{- if .Values.certificate.enabled }}
             - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert
             - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert

chart/kube-arangodb-arm64/values.yaml

@@ -25,6 +25,8 @@ operator:
   allowChaos: false
   nodeSelector: {}
   enableCRDManagement: true
+  enableCRDCreation: true
+  threads: 8
   features:
     deployment: true
     deploymentReplications: true

chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml

@@ -92,6 +92,7 @@ spec:
           imagePullPolicy: {{ .Values.operator.imagePullPolicy }}
           image: {{ .Values.operator.image }}
           args:
+            - --threads={{ .Values.operator.threads }}
 {{- if .Values.certificate.enabled }}
             - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert
             - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert

chart/kube-arangodb-enterprise-arm64/values.yaml

@@ -25,6 +25,8 @@ operator:
   allowChaos: false
   nodeSelector: {}
   enableCRDManagement: true
+  enableCRDCreation: true
+  threads: 8
   features:
     deployment: true
     deploymentReplications: true

chart/kube-arangodb-enterprise/templates/deployment.yaml

@@ -92,6 +92,7 @@ spec:
           imagePullPolicy: {{ .Values.operator.imagePullPolicy }}
           image: {{ .Values.operator.image }}
           args:
+            - --threads={{ .Values.operator.threads }}
 {{- if .Values.certificate.enabled }}
             - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert
             - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert

chart/kube-arangodb-enterprise/values.yaml

@@ -25,6 +25,8 @@ operator:
   allowChaos: false
   nodeSelector: {}
   enableCRDManagement: true
+  enableCRDCreation: true
+  threads: 8
   features:
     deployment: true
     deploymentReplications: true

chart/kube-arangodb/templates/deployment.yaml

@@ -92,6 +92,7 @@ spec:
           imagePullPolicy: {{ .Values.operator.imagePullPolicy }}
           image: {{ .Values.operator.image }}
           args:
+            - --threads={{ .Values.operator.threads }}
 {{- if .Values.certificate.enabled }}
             - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert
             - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert

chart/kube-arangodb/values.yaml

@@ -27,6 +27,7 @@ operator:
   nodeSelector: {}
   enableCRDManagement: true
   enableCRDCreation: true
+  threads: 8
   features:
     deployment: true
     deploymentReplications: true

cmd/cmd.go

@@ -187,6 +187,7 @@ var (
 	platformProbe              probe.ReadyProbe
 	schedulerProbe             probe.ReadyProbe
 	k2KClusterSyncProbe        probe.ReadyProbe
+	threads                    int
 )
 
 func init() {
@@ -248,7 +249,7 @@ func init() {
 	f.BoolVar(&operatorOptions.scalingIntegrationEnabled, "internal.scaling-integration", false, "Enable Scaling Integration")
 	f.DurationVar(&operatorOptions.reconciliationDelay, "reconciliation.delay", 0, "Delay between reconciliation loops (<= 0 -> Disabled)")
 	f.Int64Var(&operatorKubernetesOptions.maxBatchSize, "kubernetes.max-batch-size", globals.DefaultKubernetesRequestBatchSize, "Size of batch during objects read")
-	f.Float32Var(&operatorKubernetesOptions.qps, "kubernetes.qps", kclient.DefaultQPS, "Number of queries per second for k8s API")
+	f.Float32Var(&operatorKubernetesOptions.qps, "kubernetes.qps", kclient.DefaultQPS, "Number of queries per second for k8s API. If set to 0 or less, API calls won't be throttled")
 	f.IntVar(&operatorKubernetesOptions.burst, "kubernetes.burst", kclient.DefaultBurst, "Burst for the k8s API")
 	f.BoolVar(&crdOptions.install, "crd.install", true, "Install missing CRD if access is possible")
 	f.StringArrayVar(&crdOptions.preserveUnknownFields, "crd.preserve-unknown-fields", nil, "Controls which CRD should have enabled preserve unknown fields in validation schema <crd-name>=<true/false>. To apply for all, use crd-name 'all'.")
@@ -258,6 +259,7 @@ func init() {
 	f.StringArrayVar(&metricsOptions.excludedMetricPrefixes, "metrics.excluded-prefixes", nil, "List of the excluded metrics prefixes")
 	f.BoolVar(&operatorImageDiscovery.defaultStatusDiscovery, "image.discovery.status", true, "Discover Operator Image from Pod Status by default. When disabled Pod Spec is used.")
 	f.DurationVar(&operatorImageDiscovery.timeout, "image.discovery.timeout", time.Minute, "Timeout for image discovery process")
+	f.IntVar(&threads, "threads", 16, "Number of the worker threads")
 	if err := logging.Init(&cmdMain); err != nil {
 		panic(err.Error())
 	}
@@ -607,6 +609,7 @@ func newOperatorConfigAndDeps(id, namespace, name string) (operator.Config, oper
 		ReconciliationDelay:         operatorOptions.reconciliationDelay,
 		ShutdownDelay:               shutdownOptions.delay,
 		ShutdownTimeout:             shutdownOptions.timeout,
+		Threads:                     threads,
 	}
 	deps := operator.Dependencies{
 		Client:                     client,

docs/cli/arangodb_operator.md

@@ -83,7 +83,7 @@ Flags:
       --internal.scaling-integration                           Enable Scaling Integration
       --kubernetes.burst int                                   Burst for the k8s API (default 256)
       --kubernetes.max-batch-size int                          Size of batch during objects read (default 256)
-      --kubernetes.qps float32                                 Number of queries per second for k8s API (default 32)
+      --kubernetes.qps float32                                 Number of queries per second for k8s API. If set to 0 or less, API calls won't be throttled (default 32)
       --leader.label.skip                                      Skips Leader Label for the Pod
       --log.format string                                      Set log format. Allowed values: 'pretty', 'JSON'. If empty, default format is used (default "pretty")
       --log.level stringArray                                  Set log levels in format <level> or <logger>=<level>. Possible loggers: action, agency, api-server, assertion, backup-operator, chaos-monkey, crd, deployment, deployment-ci, deployment-reconcile, deployment-replication, deployment-resilience, deployment-resources, deployment-storage, deployment-storage-pc, deployment-storage-service, generic-parent-operator, helm, http, inspector, integration-authn-v1, integration-config-v1, integration-envoy-auth-v3, integration-envoy-auth-v3-impl-auth-bearer, integration-envoy-auth-v3-impl-auth-cookie, integration-envoy-auth-v3-impl-custom-openid, integration-envoy-auth-v3-impl-pass-mode, integration-meta-v1, integration-scheduler-v2, integration-shutdown-v1, integration-storage-v1-s3, integration-storage-v2, integrations, k8s-client, kubernetes, kubernetes-access, kubernetes-client, kubernetes-informer, monitor, networking-route-operator, operator, operator-arangojob-handler, operator-v2, operator-v2-event, operator-v2-worker, panics, platform-chart-operator, platform-pod-shutdown, platform-service-operator, platform-storage-operator, pod_compare, root, root-event-recorder, scheduler-batchjob-operator, scheduler-cronjob-operator, scheduler-deployment-operator, scheduler-pod-operator, scheduler-profile-operator, server, server-authentication, webhook (default [info])
@@ -113,6 +113,7 @@ Flags:
       --server.tls-secret-name string                          Name of secret containing tls.crt & tls.key for HTTPS server (if empty, self-signed certificate is used)
       --shutdown.delay duration                                The delay before running shutdown handlers (default 2s)
       --shutdown.timeout duration                              Timeout for shutdown handlers (default 30s)
+      --threads int                                            Number of the worker threads (default 16)
       --timeout.agency duration                                The Agency read timeout (default 10s)
       --timeout.arangod duration                               The request timeout to the ArangoDB (default 5s)
       --timeout.arangod-check duration                         The version check request timeout to the ArangoDB (default 2s)

pkg/deployment/resources/config_map_gateway.go

@@ -26,7 +26,6 @@ import (
 	"path"
 	"path/filepath"
 
-	"google.golang.org/protobuf/encoding/protojson"
 	core "k8s.io/api/core/v1"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -108,37 +107,22 @@ func (r *Resources) ensureGatewayConfig(ctx context.Context, cachedStatus inspec
 		},
 	}
 
-	_, baseGatewayCfgYamlChecksum, _, err := cfg.RenderYAML()
-	if err != nil {
-		return errors.WithStack(errors.Wrapf(err, "Failed to render gateway config"))
-	}
-
-	inventory.Arangodb = pbInventoryV1.NewArangoDBConfiguration(r.context.GetSpec(), r.context.GetStatus())
-	inventory.Configuration = &pbInventoryV1.InventoryConfiguration{
-		Hash: baseGatewayCfgYamlChecksum,
-	}
-
 	cfg.Destinations[utilConstants.EnvoyInventoryConfigDestination] = gateway.ConfigDestination{
-		Type:  util.NewType(gateway.ConfigDestinationTypeStatic),
+		Type:  util.NewType(gateway.ConfigDestinationTypeFile),
 		Match: util.NewType(gateway.ConfigMatchPath),
 		AuthExtension: &gateway.ConfigAuthZExtension{
 			AuthZExtension: map[string]string{
 				pbImplEnvoyAuthV3Shared.AuthConfigAuthRequiredKey: pbImplEnvoyAuthV3Shared.AuthConfigKeywordTrue,
 				pbImplEnvoyAuthV3Shared.AuthConfigAuthPassModeKey: string(networkingApi.ArangoRouteSpecAuthenticationPassModeRemove),
 			},
 		},
-		Static: &gateway.ConfigDestinationStatic[*pbInventoryV1.Inventory]{
-			Code:       util.NewType[uint32](200),
-			Response:   inventory,
-			Marshaller: ugrpc.Marshal[*pbInventoryV1.Inventory],
-			Options: []util.Mod[protojson.MarshalOptions]{
-				ugrpc.WithUseProtoNames(true),
-				ugrpc.WithEmitDefaultValues(true),
-			},
+		File: gateway.ConfigDestinationFile{
+			File: path.Join(utilConstants.GatewayVolumeMountDir, utilConstants.InventoryFileName),
+			Code: 200,
 		},
 	}
 
-	gatewayCfgYaml, _, _, err := cfg.RenderYAML()
+	gatewayCfgYaml, gatewayCfgYamlChecksum, _, err := cfg.RenderYAML()
 	if err != nil {
 		return errors.WithStack(errors.Wrapf(err, "Failed to render gateway config"))
 	}
@@ -153,23 +137,37 @@ func (r *Resources) ensureGatewayConfig(ctx context.Context, cachedStatus inspec
 		return errors.WithStack(errors.Wrapf(err, "Failed to render gateway lds config"))
 	}
 
+	inventory.Arangodb = pbInventoryV1.NewArangoDBConfiguration(r.context.GetSpec(), r.context.GetStatus())
+	inventory.Configuration = &pbInventoryV1.InventoryConfiguration{
+		Hash: gatewayCfgYamlChecksum,
+	}
+
+	inventoryData, err := ugrpc.Marshal(inventory, ugrpc.WithUseProtoNames(true), ugrpc.WithEmitDefaultValues(true))
+	if err != nil {
+		return errors.WithStack(errors.Wrapf(err, "Failed to render gateway inventory"))
+	}
+
+	gatewayChecksum := util.SHA256FromStringArray(gatewayCfgYamlChecksum, util.SHA256(inventoryData))
+
 	if err := r.ensureGatewayConfigMap(ctx, cachedStatus, configMaps, GetGatewayConfigMapName(r.context.GetAPIObject().GetName()), map[string]string{
 		utilConstants.GatewayConfigFileName: string(gatewayCfgYaml),
-		utilConstants.GatewayConfigChecksum: baseGatewayCfgYamlChecksum,
+		utilConstants.GatewayConfigChecksum: gatewayCfgYamlChecksum,
+		utilConstants.InventoryFileName:     string(inventoryData),
+		utilConstants.InventoryChecksum:     gatewayChecksum,
 	}); err != nil {
 		return err
 	}
 
 	if err := r.ensureGatewayConfigMap(ctx, cachedStatus, configMaps, GetGatewayConfigMapName(r.context.GetAPIObject().GetName(), "cds"), map[string]string{
 		utilConstants.GatewayConfigFileName: string(gatewayCfgCDSYaml),
-		utilConstants.GatewayConfigChecksum: baseGatewayCfgYamlChecksum,
+		utilConstants.GatewayConfigChecksum: gatewayCfgYamlChecksum,
 	}); err != nil {
 		return err
 	}
 
 	if err := r.ensureGatewayConfigMap(ctx, cachedStatus, configMaps, GetGatewayConfigMapName(r.context.GetAPIObject().GetName(), "lds"), map[string]string{
 		utilConstants.GatewayConfigFileName: string(gatewayCfgLDSYaml),
-		utilConstants.GatewayConfigChecksum: baseGatewayCfgYamlChecksum,
+		utilConstants.GatewayConfigChecksum: gatewayCfgYamlChecksum,
 	}); err != nil {
 		return err
 	}

pkg/deployment/resources/gateway/gateway_config.go

@@ -334,9 +334,11 @@ func (c Config) RenderFilters() ([]*pbEnvoyListenerV3.Filter, error) {
 		CodecType:                  httpConnectionManagerAPI.HttpConnectionManager_AUTO,
 		ServerHeaderTransformation: httpConnectionManagerAPI.HttpConnectionManager_PASS_THROUGH,
 		MergeSlashes:               c.Options.GetMergeSlashes(),
+
 		RouteSpecifier: &httpConnectionManagerAPI.HttpConnectionManager_RouteConfig{
 			RouteConfig: &pbEnvoyRouteV3.RouteConfiguration{
-				Name: "default",
+				Name:                           "default",
+				MaxDirectResponseBodySizeBytes: wrapperspb.UInt32(utilConstants.MaxInventorySize),
 				VirtualHosts: []*pbEnvoyRouteV3.VirtualHost{
 					{
 						Name:    "default",
@@ -431,7 +433,8 @@ func (c Config) HttpToHttpsChain() (*pbEnvoyListenerV3.FilterChain, error) {
 		CodecType:  httpConnectionManagerAPI.HttpConnectionManager_AUTO,
 		RouteSpecifier: &httpConnectionManagerAPI.HttpConnectionManager_RouteConfig{
 			RouteConfig: &pbEnvoyRouteV3.RouteConfiguration{
-				Name: "local_http",
+				Name:                           "local_http",
+				MaxDirectResponseBodySizeBytes: wrapperspb.UInt32(utilConstants.MaxInventorySize),
 				VirtualHosts: []*pbEnvoyRouteV3.VirtualHost{
 					{
 						Name:    "local_http",

pkg/deployment/resources/gateway/gateway_config_destination.go

@@ -83,6 +83,8 @@ type ConfigDestination struct {
 	ResponseHeaders map[string]string `json:"responseHeaders,omitempty"`
 
 	Static ConfigDestinationStaticInterface `json:"static,omitempty"`
+
+	File ConfigDestinationFileInterface `json:"file,omitempty"`
 }
 
 func (c *ConfigDestination) Validate() error {
@@ -91,6 +93,13 @@ func (c *ConfigDestination) Validate() error {
 	}
 
 	switch c.Type.Get() {
+	case ConfigDestinationTypeFile:
+		return shared.WithErrors(
+			shared.PrefixResourceError("type", c.Type.Validate()),
+			shared.PrefixResourceError("path", shared.ValidateAPIPath(c.GetPath())),
+			shared.PrefixResourceError("pathType", shared.ValidateOptionalInterface(c.Match)),
+			shared.PrefixResourceError("authExtension", c.AuthExtension.Validate()),
+		)
 	case ConfigDestinationTypeStatic:
 		return shared.WithErrors(
 			shared.PrefixResourceError("type", c.Type.Validate()),
@@ -202,6 +211,25 @@ func (c *ConfigDestination) appendRouteAction(route *pbEnvoyRouteV3.Route, name
 		}
 		return nil
 	}
+	if c.Type.Get() == ConfigDestinationTypeFile {
+		if c.File == nil {
+			return errors.Errorf("File response is not defined!")
+		}
+		path, code := c.File.StaticResponse()
+
+		// Return static response
+		route.Action = &pbEnvoyRouteV3.Route_DirectResponse{
+			DirectResponse: &pbEnvoyRouteV3.DirectResponseAction{
+				Status: code,
+				Body: &pbEnvoyCoreV3.DataSource{
+					Specifier: &pbEnvoyCoreV3.DataSource_Filename{
+						Filename: path,
+					},
+				},
+			},
+		}
+		return nil
+	}
 
 	route.Action = &pbEnvoyRouteV3.Route_Route{
 		Route: &pbEnvoyRouteV3.RouteAction{

pkg/deployment/resources/gateway/gateway_config_destination_static.go

@@ -29,6 +29,19 @@ import (
 	"github.com/arangodb/kube-arangodb/pkg/util"
 )
 
+type ConfigDestinationFileInterface interface {
+	StaticResponse() (string, uint32)
+}
+
+type ConfigDestinationFile struct {
+	File string
+	Code uint32
+}
+
+func (c ConfigDestinationFile) StaticResponse() (string, uint32) {
+	return c.File, c.Code
+}
+
 type ConfigDestinationStaticInterface interface {
 	Validate() error
 	StaticResponse() ([]byte, uint32, error)

pkg/deployment/resources/gateway/gateway_config_destination_type.go

@@ -35,6 +35,7 @@ const (
 	ConfigDestinationTypeHTTP ConfigDestinationType = iota
 	ConfigDestinationTypeHTTPS
 	ConfigDestinationTypeStatic
+	ConfigDestinationTypeFile
 )
 
 func (c *ConfigDestinationType) Get() ConfigDestinationType {
@@ -43,7 +44,7 @@ func (c *ConfigDestinationType) Get() ConfigDestinationType {
 	}
 
 	switch v := *c; v {
-	case ConfigDestinationTypeHTTP, ConfigDestinationTypeHTTPS, ConfigDestinationTypeStatic:
+	case ConfigDestinationTypeHTTP, ConfigDestinationTypeHTTPS, ConfigDestinationTypeStatic, ConfigDestinationTypeFile:
 		return v
 	default:
 		return ConfigDestinationTypeHTTP
@@ -79,7 +80,7 @@ func (c *ConfigDestinationType) RenderUpstreamTransportSocket(protocol *ConfigDe
 
 func (c *ConfigDestinationType) Validate() error {
 	switch c.Get() {
-	case ConfigDestinationTypeHTTP, ConfigDestinationTypeHTTPS, ConfigDestinationTypeStatic:
+	case ConfigDestinationTypeHTTP, ConfigDestinationTypeHTTPS, ConfigDestinationTypeStatic, ConfigDestinationTypeFile:
 		return nil
 	default:
 		return errors.Errorf("Invalid destination type")