From ba590a5a6ac3931a275af81d3b2e6a1ed04d195c Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Thu, 16 May 2024 11:21:56 +0200 Subject: [PATCH 1/3] feat: unify automigrate resources across charts --- helm/charts/hydra/templates/job-migration.yaml | 3 +++ helm/charts/keto/README.md | 2 +- helm/charts/keto/templates/job-migration.yaml | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/helm/charts/hydra/templates/job-migration.yaml b/helm/charts/hydra/templates/job-migration.yaml index 7cf7f02df2..3b7ec3ba22 100644 --- a/helm/charts/hydra/templates/job-migration.yaml +++ b/helm/charts/hydra/templates/job-migration.yaml @@ -79,6 +79,9 @@ spec: securityContext: {{- toYaml . | nindent 10 }} {{- end }} + resources: + {{- toYaml .Values.hydra.automigration.resources | nindent 10 }} + {{- end }} volumeMounts: - name: {{ include "hydra.name" . }}-config-volume mountPath: /etc/config diff --git a/helm/charts/keto/README.md b/helm/charts/keto/README.md index fb94d1970d..72c6495401 100644 --- a/helm/charts/keto/README.md +++ b/helm/charts/keto/README.md @@ -102,7 +102,7 @@ Access Control Policies as a Server | job.shareProcessNamespace | bool | `false` | Set sharing process namespace | | job.spec.backoffLimit | int | `10` | Set job back off limit | | job.tolerations | list | `[]` | Configure node tolerations. | -| keto.automigration | object | `{"customArgs":[],"customCommand":[],"enabled":false,"type":"job"}` | Enables database migration | +| keto.automigration | object | `{"customArgs":[],"customCommand":[],"enabled":false,"resources":{},"type":"job"}` | Enables database migration | | keto.automigration.customArgs | list | `[]` | Ability to override arguments of the entrypoint. Can be used in-depended of customCommand eg: - sleep 5; - keto | | keto.automigration.customCommand | list | `[]` | Ability to override the entrypoint of the automigration container (e.g. to source dynamic secrets or export environment dynamic variables) | | keto.automigration.resources | object | `{}` | resource requests and limits for the automigration initcontainer | diff --git a/helm/charts/keto/templates/job-migration.yaml b/helm/charts/keto/templates/job-migration.yaml index 6446e5e700..d25d5265d1 100644 --- a/helm/charts/keto/templates/job-migration.yaml +++ b/helm/charts/keto/templates/job-migration.yaml @@ -85,6 +85,10 @@ spec: {{- with $migrationExtraEnv }} {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.keto.automigration.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} {{- if .Values.securityContext }} securityContext: {{- toYaml .Values.securityContext | nindent 10 }} From d4a6df06f1272c56d3605558fa625ef89731c2de Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Thu, 16 May 2024 11:26:56 +0200 Subject: [PATCH 2/3] u --- helm/charts/hydra/templates/job-migration.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/charts/hydra/templates/job-migration.yaml b/helm/charts/hydra/templates/job-migration.yaml index 3b7ec3ba22..5e2027108b 100644 --- a/helm/charts/hydra/templates/job-migration.yaml +++ b/helm/charts/hydra/templates/job-migration.yaml @@ -79,6 +79,7 @@ spec: securityContext: {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.hydra.automigration.resources }} resources: {{- toYaml .Values.hydra.automigration.resources | nindent 10 }} {{- end }} From 794a977482e5681704d2866a66845725c00d595c Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Thu, 16 May 2024 11:33:03 +0200 Subject: [PATCH 3/3] u --- hacks/values/hydra.yaml | 14 +++++++------- helm/charts/hydra/README.md | 1 + helm/charts/hydra/templates/job-migration.yaml | 5 +++-- helm/charts/hydra/values.yaml | 3 +++ 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/hacks/values/hydra.yaml b/hacks/values/hydra.yaml index fc217cc8e5..56f75bb054 100644 --- a/hacks/values/hydra.yaml +++ b/hacks/values/hydra.yaml @@ -10,13 +10,6 @@ hydra: # type: initContainer customCommand: - hydra - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi dev: true config: @@ -127,6 +120,13 @@ job: ory.sh/pod_label: hydra_init annotations: ory.sh/pod_annotation: hydra_init + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi watcher: enabled: true diff --git a/helm/charts/hydra/README.md b/helm/charts/hydra/README.md index 01686e26a9..b0a322fc6e 100644 --- a/helm/charts/hydra/README.md +++ b/helm/charts/hydra/README.md @@ -143,6 +143,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes | job.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects | | job.podMetadata.annotations | object | `{}` | Extra pod level annotations | | job.podMetadata.labels | object | `{}` | Extra pod level labels | +| job.resources | object | `{}` | resource requests and limits for the automigration job | | job.serviceAccount | object | `{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0"},"create":true,"name":""}` | Specify the serviceAccountName value. In some situations it is needed to provides specific permissions to Hydra deployments Like for example installing Hydra on a cluster with a PosSecurityPolicy and Istio. Uncoment if it is needed to provide a ServiceAccount for the Hydra deployment. | | job.serviceAccount.annotations | object | `{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0"}` | Annotations to add to the service account | | job.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | diff --git a/helm/charts/hydra/templates/job-migration.yaml b/helm/charts/hydra/templates/job-migration.yaml index 5e2027108b..3190b8d7be 100644 --- a/helm/charts/hydra/templates/job-migration.yaml +++ b/helm/charts/hydra/templates/job-migration.yaml @@ -2,6 +2,7 @@ {{- if and ( .Values.hydra.automigration.enabled ) ( eq .Values.hydra.automigration.type "job" ) }} {{- $nodeSelector := ternary .Values.job.nodeSelector .Values.deployment.nodeSelector (not (empty .Values.job.nodeSelector )) -}} {{- $migrationExtraEnv := ternary .Values.job.extraEnv .Values.deployment.extraEnv (not (empty .Values.job.extraEnv )) -}} +{{- $resources := ternary .Values.job.resources .Values.hydra.automigration.resources (not (empty .Values.job.resources)) -}} --- apiVersion: batch/v1 @@ -79,9 +80,9 @@ spec: securityContext: {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.hydra.automigration.resources }} + {{- with $resources }} resources: - {{- toYaml .Values.hydra.automigration.resources | nindent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - name: {{ include "hydra.name" . }}-config-volume diff --git a/helm/charts/hydra/values.yaml b/helm/charts/hydra/values.yaml index ecbbd125c8..8d916beda7 100644 --- a/helm/charts/hydra/values.yaml +++ b/helm/charts/hydra/values.yaml @@ -416,6 +416,9 @@ job: # lines, adjust them as necessary, and remove the curly braces after 'nodeSelector:'. # foo: bar + # -- resource requests and limits for the automigration job + resources: {} + # -- Configure node tolerations. tolerations: []