lifecycle-sidecar and connect inject init container have mandatory resource requirements

[kschoche]

In some environments we are seeing (#283) OOM killer being triggered during the init container for connect inject, as well as high cpu usage inside the lifecycle sidecar (hashicorp/consul-helm#515).
This PR resolves #283 and (hashicorp/consul-helm#529) by making the memory limits configurable by consul-helm, passed in as options in the ingress/mesh/terminating gateways and connect-inject deployments.

Resources for the connect inject init copy container and lifecycle sidecar are passed as flags into the consul-k8s binary now for : Cpu Limit, Cpu Request, Memory Limit, Memory Request. These are mandatory arguments passed in from consul-helm and defined as defaults which are set high enough to resolve the above issues.

This PR also makes the values configurable from the end user instead of compiled in, which will simplify maintenance and usability going forward.

[thisisnotashwin]

LGTM!! Good job bud!!

[lkysow]

Looking at this now I think it definitely does need a refactor as we discussed. The actual code flow is great. I don't think it would complicate things too much to include the refactor here as the tests would stay the same.

[lkysow]

As discussed, in the refactor I think we could have

LifecycleSidecarResources corev1.ResourceRequirements

[ishustava]

Kyle, great work on all these changes; thanks for doing this work!

I've left a couple of comments inline.

An additional thought I had is that this will be a breaking change since we're making new flags required. Now to run this command I need to provide all the newly added resource flags, and I didn't need to before. I know some folks are running sync stand-alone, but I'm not sure if we have any users that are running inject-connect command as stand-alone. Would it make sense to add defaults to these flags to minimize the impact?

[ishustava]

I think we need to add a similar validation for other resource flags too.

[lkysow]

An additional thought I had is that this will be a breaking change since we're making new flags required. Now to run this command I need to provide all the newly added resource flags, and I didn't need to before. I know some folks are running sync stand-alone, but I'm not sure if we have any users that are running inject-connect command as stand-alone. Would it make sense to add defaults to these flags to minimize the impact?

Kyle and I talked about this offline about how it's safe to require the consul-k8s version to match up with consul-helm but we should probably get on the same page about this as a team.

In this case I realize it's a moot point because the Helm chart supports setting null for the resources which will result in the flags not being passed in. So I don't think we can make them required.

In terms of defaults though, we agreed we wanted to put all defaults in the Helm chart so if the flag isn't passed in then I think the default needs to be 0 or not set.