Skip to content
This repository has been archived by the owner on Aug 25, 2021. It is now read-only.

refactor resource requests and limits for init containers and lifecycle sidecar #532

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions templates/connect-inject-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,34 @@ spec:
{{- if not (kindIs "invalid" $resources.requests.cpu) }}
-default-sidecar-proxy-cpu-request={{ $resources.requests.cpu }} \
{{- end }}
{{- $resources := .Values.global.initCopyContainerResources.resources }}
{{- /* kindIs is used here to differentiate between null and 0 */}}
kschoche marked this conversation as resolved.
Show resolved Hide resolved
{{- if not (kindIs "invalid" $resources.limits.memory) }}
-init-copy-container-memory-limit={{ $resources.limits.memory }} \
{{- end }}
{{- if not (kindIs "invalid" $resources.requests.memory) }}
-init-copy-container-memory-request={{ $resources.requests.memory }} \
{{- end }}
{{- if not (kindIs "invalid" $resources.limits.cpu) }}
-init-copy-container-cpu-limit={{ $resources.limits.cpu }} \
{{- end }}
{{- if not (kindIs "invalid" $resources.requests.cpu) }}
-init-copy-container-cpu-request={{ $resources.requests.cpu }} \
{{- end }}
{{- $resources := .Values.global.lifecycleSidecarContainerResources.resources }}
{{- /* kindIs is used here to differentiate between null and 0 */}}
{{- if not (kindIs "invalid" $resources.limits.memory) }}
-lifecycle-sidecar-memory-limit={{ $resources.limits.memory }} \
{{- end }}
{{- if not (kindIs "invalid" $resources.requests.memory) }}
-lifecycle-sidecar-memory-request={{ $resources.requests.memory }} \
{{- end }}
{{- if not (kindIs "invalid" $resources.limits.cpu) }}
-lifecycle-sidecar-cpu-limit={{ $resources.limits.cpu }} \
{{- end }}
{{- if not (kindIs "invalid" $resources.requests.cpu) }}
-lifecycle-sidecar-cpu-request={{ $resources.requests.cpu }} \
{{- end }}
livenessProbe:
httpGet:
path: /health/ready
Expand Down
6 changes: 4 additions & 2 deletions templates/ingress-gateways-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,9 @@ spec:
volumeMounts:
- name: consul-bin
mountPath: /consul-bin
{{- if ( default $root.Values.global.initCopyContainerResources .resources) }}
resources: {{ toYaml (default $root.Values.global.initCopyContainerResources.resources .resources) | nindent 12 }}
kschoche marked this conversation as resolved.
Show resolved Hide resolved
{{- end }}
{{- if (and $root.Values.global.tls.enabled $root.Values.global.tls.enableAutoEncrypt) }}
{{- include "consul.getAutoEncryptClientCA" $root | nindent 8 }}
{{- end }}
Expand Down Expand Up @@ -260,8 +263,7 @@ spec:
- name: ingress-gateway
image: {{ $root.Values.global.imageEnvoy | quote }}
{{- if (default $defaults.resources .resources) }}
resources:
{{ toYaml (default $defaults.resources .resources) | nindent 12 }}
resources: {{ toYaml (default $defaults.resources .resources) | nindent 12 }}
kschoche marked this conversation as resolved.
Show resolved Hide resolved
{{- end }}
volumeMounts:
- name: consul-bin
Expand Down
18 changes: 6 additions & 12 deletions templates/mesh-gateway-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -90,13 +90,10 @@ spec:
volumeMounts:
- name: consul-bin
mountPath: /consul-bin
{{- if ( default .Values.global.initCopyContainerResources .resources) }}
resources:
requests:
memory: "25Mi"
cpu: "50m"
limits:
memory: "25Mi"
cpu: "50m"
{{ toYaml (default .Values.global.initCopyContainerResources .resources) | nindent 12 }}
{{- end }}
kschoche marked this conversation as resolved.
Show resolved Hide resolved
{{- if (and .Values.global.tls.enabled .Values.global.tls.enableAutoEncrypt) }}
{{- include "consul.getAutoEncryptClientCA" . | nindent 8 }}
{{- end }}
Expand Down Expand Up @@ -356,13 +353,10 @@ spec:
{{- if .Values.global.acls.manageSystemACLs }}
- -token-file=/consul/service/acl-token
{{- end }}
{{- if ( default .Values.global.lifecycleSidecarContainerResources .resources) }}
kschoche marked this conversation as resolved.
Show resolved Hide resolved
resources:
requests:
memory: "25Mi"
cpu: "10m"
limits:
memory: "25Mi"
cpu: "10m"
{{ toYaml (default .Values.global.lifecycleSidecarContainerResources .resources) | nindent 12 }}
{{- end }}
{{- if .Values.meshGateway.priorityClassName }}
priorityClassName: {{ .Values.meshGateway.priorityClassName | quote }}
{{- end }}
Expand Down
4 changes: 4 additions & 0 deletions templates/terminating-gateways-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,10 @@ spec:
volumeMounts:
- name: consul-bin
mountPath: /consul-bin
{{- if ( default $root.Values.global.initCopyContainerResources .resources) }}
kschoche marked this conversation as resolved.
Show resolved Hide resolved
resources:
{{ toYaml (default $root.Values.global.initCopyContainerResources .resources) | nindent 12 }}
{{- end }}
{{- if (and $root.Values.global.tls.enabled $root.Values.global.tls.enableAutoEncrypt) }}
kschoche marked this conversation as resolved.
Show resolved Hide resolved
{{- include "consul.getAutoEncryptClientCA" $root | nindent 8 }}
{{- end }}
Expand Down
22 changes: 22 additions & 0 deletions values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,28 @@ global:
# Requires consul-k8s 0.15.0+.
createFederationSecret: false

# Resource settings for lifecycle-sidecar containers
kschoche marked this conversation as resolved.
Show resolved Hide resolved
kschoche marked this conversation as resolved.
Show resolved Hide resolved
lifecycleSidecarContainerResources:
kschoche marked this conversation as resolved.
Show resolved Hide resolved
resources:
requests:
memory: "25Mi"
cpu: "20m"
limits:
memory: "25Mi"
cpu: "20m"

# Resource settings for copy-consul-bin init containers.
# these settings are bounded by the size of the consul binary
kschoche marked this conversation as resolved.
Show resolved Hide resolved
# as we issue a cp of it during the init container.
kschoche marked this conversation as resolved.
Show resolved Hide resolved
initCopyContainerResources:
kschoche marked this conversation as resolved.
Show resolved Hide resolved
resources:
requests:
memory: "25Mi"
cpu: "50m"
limits:
memory: "125Mi"
cpu: "50m"

# Server, when enabled, configures a server cluster to run. This should
# be disabled if you plan on connecting to a Consul cluster external to
# the Kube cluster.
Expand Down