From fc7a443e133b5615e94669d5b12d72ed239220ab Mon Sep 17 00:00:00 2001 From: Jaye Doepke Date: Tue, 1 Oct 2024 14:26:29 -0500 Subject: [PATCH] Remove default CPU limits for containers We working on removing CPU limits from containers. JIRA: INFRA-37596 --- charts/standard-application-stack/CHANGELOG.md | 4 ++++ charts/standard-application-stack/Chart.yaml | 2 +- charts/standard-application-stack/README.md | 16 +++++----------- .../templates/_oauth-proxy.tpl | 1 - .../templates/mariadb-py-dba.yaml | 1 - .../templates/postgresql-py-dba.yaml | 1 - .../tests/__snapshot__/jobs_test.yaml.snap | 3 --- .../__snapshot__/mariadb_py_dba_test.yaml.snap | 2 -- .../__snapshot__/oauth2proxy_test.yaml.snap | 5 ----- .../opensearch_aws_es_proxy_test.yaml.snap | 1 - .../postgresql_py_dba_test.yaml.snap | 2 -- .../tests/jobs_test.yaml | 4 ---- charts/standard-application-stack/values.yaml | 13 ------------- 13 files changed, 10 insertions(+), 45 deletions(-) diff --git a/charts/standard-application-stack/CHANGELOG.md b/charts/standard-application-stack/CHANGELOG.md index 7247f020..72312bd6 100644 --- a/charts/standard-application-stack/CHANGELOG.md +++ b/charts/standard-application-stack/CHANGELOG.md @@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [v7.5.1] - 2024-10-01 +### Removed +- Remove default CPU limits for containers + ## [v7.5.0] - 2024-09-09 ### Added - Add `app.mintel.com/application` to `podTargetLabels` (ensures label is added to ingested metric) diff --git a/charts/standard-application-stack/Chart.yaml b/charts/standard-application-stack/Chart.yaml index 592b1234..7d97435e 100644 --- a/charts/standard-application-stack/Chart.yaml +++ b/charts/standard-application-stack/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 7.5.0 +version: 7.5.1 dependencies: - name: redis diff --git a/charts/standard-application-stack/README.md b/charts/standard-application-stack/README.md index da0f82d6..d0161322 100644 --- a/charts/standard-application-stack/README.md +++ b/charts/standard-application-stack/README.md @@ -1,6 +1,6 @@ # standard-application-stack -![Version: 7.5.0](https://img.shields.io/badge/Version-7.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 7.5.1](https://img.shields.io/badge/Version-7.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A generic chart to support most common application requirements @@ -92,15 +92,13 @@ A generic chart to support most common application requirements | extraSecrets | list | `[]` | | | filebeatSidecar.enabled | bool | `false` | | | filebeatSidecar.metrics.enabled | bool | `true` | | -| filebeatSidecar.metrics.resources.limits.cpu | string | `"200m"` | | | filebeatSidecar.metrics.resources.limits.memory | string | `"200Mi"` | | | filebeatSidecar.metrics.resources.requests.cpu | string | `"100m"` | | | filebeatSidecar.metrics.resources.requests.memory | string | `"100Mi"` | | -| filebeatSidecar.resources.limits.cpu | string | `"200m"` | | | filebeatSidecar.resources.limits.memory | string | `"200Mi"` | | | filebeatSidecar.resources.requests.cpu | string | `"100m"` | | | filebeatSidecar.resources.requests.memory | string | `"100Mi"` | | -| gitSyncSidecar | object | `{"branch":"main","enabled":false,"resources":{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"50m","memory":"50Mi"}},"root":"/data/git-sync"}` | Helper to sync a local directory with Git ref: https://github.com/kubernetes/git-sync | +| gitSyncSidecar | object | `{"branch":"main","enabled":false,"resources":{"limits":{"memory":"200Mi"},"requests":{"cpu":"50m","memory":"50Mi"}},"root":"/data/git-sync"}` | Helper to sync a local directory with Git ref: https://github.com/kubernetes/git-sync | | gitSyncSidecar.branch | string | `"main"` | The git branch to check out | | global | object | `{"additionalLabels":{},"application":"","cloudProvider":{"accountId":"","region":""},"clusterDomain":"127.0.0.1.nip.io","clusterEnv":"local","clusterName":"","component":"","ingressTLSSecrets":{},"name":"example-app","owner":"","partOf":"","runtimeEnvironment":"kubernetes","terraform":{"externalSecrets":false,"irsa":false}}` | Global variables for us in all charts and sub charts | | global.additionalLabels | object | `{}` | Additional labels to apply to all resources | @@ -198,14 +196,12 @@ A generic chart to support most common application requirements | mailhog.enabled | bool | `false` | | | main | object | `{"env":[]}` | Optional environment variables injected into the 'main' container of the app-deployment | | mariadb.client.enabled | bool | `true` | | -| mariadb.client.resources.limits.cpu | string | `"300m"` | | | mariadb.client.resources.limits.memory | string | `"128Mi"` | | | mariadb.client.resources.requests.cpu | string | `"100m"` | | | mariadb.client.resources.requests.memory | string | `"64Mi"` | | | mariadb.enabled | bool | `false` | | | mariadb.extraUsers | object | `{"enabled":false,"job":{"logLevel":"INFO"},"users":[]}` | set up extra users for a database and table that already exist | | mariadb.metrics.enabled | bool | `false` | | -| mariadb.metrics.resources.limits.cpu | string | `"300m"` | | | mariadb.metrics.resources.limits.memory | string | `"128Mi"` | | | mariadb.metrics.resources.requests.cpu | string | `"100m"` | | | mariadb.metrics.resources.requests.memory | string | `"64Mi"` | | @@ -243,8 +239,8 @@ A generic chart to support most common application requirements | oauthProxy.skipAuthRegexes | list | `[]` | Optional: list of URL endpoints to bypass oauth-proxy for Health check and readiness urls are skipped automatically | | oauthProxy.type | string | `"portal"` | Identifies oauth-proxy as auth'ing with a mintel portal instance | | oauthProxy.userIdClaim | string | `""` | Optional: Claim contains the user ID | -| opensearch | object | `{"awsEsProxy":{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}},"enabled":false,"outputSecret":true,"secretRefreshIntervalOverride":"","secretStoreRefOverride":""}` | Configures AWS Opensearch deployment/connections | -| opensearch.awsEsProxy | object | `{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}}` | Configures aws-es-proxy to enable external access to opensearch | +| opensearch | object | `{"awsEsProxy":{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}},"enabled":false,"outputSecret":true,"secretRefreshIntervalOverride":"","secretStoreRefOverride":""}` | Configures AWS Opensearch deployment/connections | +| opensearch.awsEsProxy | object | `{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}}` | Configures aws-es-proxy to enable external access to opensearch | | opensearch.awsEsProxy.enabled | bool | `false` | Set to true to add an aws-es-proxy deployment in front of opensearch | | opensearch.awsEsProxy.ingress.alb.backendProtocol | string | `"HTTP"` | Application Version (HTTP / HTTPS) | | opensearch.awsEsProxy.ingress.alb.backendProtocolVersion | string | `"HTTP1"` | Application Protocol Version (HTTP1 / HTTP2 / GRPC) | @@ -267,7 +263,7 @@ A generic chart to support most common application requirements | opensearch.awsEsProxy.ingress.alb.targetGroupAttributes | object | `{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}` | Target group attributes (see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes) | | opensearch.awsEsProxy.ingress.path | string | `"/_dashboards"` | Path for the Ingress | | opensearch.awsEsProxy.port | int | `9200` | Port for aws-es-proxy to listen on | -| opensearch.awsEsProxy.resources | object | `{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resource requests and limits for aws-es-proxy sidecar ref: http://kubernetes.io/docs/user-guide/compute-resources | +| opensearch.awsEsProxy.resources | object | `{"limits":{"memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resource requests and limits for aws-es-proxy sidecar ref: http://kubernetes.io/docs/user-guide/compute-resources | | opensearch.awsEsProxy.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | Ingress for aws-es-proxy | | opensearch.enabled | bool | `false` | Set to true if deployment makes use of AWS opensearch | | opensearch.outputSecret | bool | `true` | set outputSecret to true to allow TF Cloud chart create ExternalSecrets | @@ -290,7 +286,6 @@ A generic chart to support most common application requirements | podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":1000}` | Pod Security context for the container ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | port | int | `8000` | Set port to null to skip adding container Ports | | postgresql.client.enabled | bool | `true` | | -| postgresql.client.resources.limits.cpu | string | `"300m"` | | | postgresql.client.resources.limits.memory | string | `"128Mi"` | | | postgresql.client.resources.requests.cpu | string | `"100m"` | | | postgresql.client.resources.requests.memory | string | `"64Mi"` | | @@ -300,7 +295,6 @@ A generic chart to support most common application requirements | postgresql.extraUsers.users | list | `[]` | | | postgresql.image.tag | string | `"13.5.0-debian-10-r52"` | | | postgresql.metrics.enabled | bool | `false` | | -| postgresql.metrics.resources.limits.cpu | string | `"300m"` | | | postgresql.metrics.resources.limits.memory | string | `"128Mi"` | | | postgresql.metrics.resources.requests.cpu | string | `"100m"` | | | postgresql.metrics.resources.requests.memory | string | `"64M"` | | diff --git a/charts/standard-application-stack/templates/_oauth-proxy.tpl b/charts/standard-application-stack/templates/_oauth-proxy.tpl index fce51e74..bbacfeca 100644 --- a/charts/standard-application-stack/templates/_oauth-proxy.tpl +++ b/charts/standard-application-stack/templates/_oauth-proxy.tpl @@ -73,7 +73,6 @@ {{- toYaml .proxiedService.oauthProxy.resources | nindent 4 }} {{- else }} limits: - cpu: 200m memory: 128Mi requests: cpu: 100m diff --git a/charts/standard-application-stack/templates/mariadb-py-dba.yaml b/charts/standard-application-stack/templates/mariadb-py-dba.yaml index c153b679..066459fa 100644 --- a/charts/standard-application-stack/templates/mariadb-py-dba.yaml +++ b/charts/standard-application-stack/templates/mariadb-py-dba.yaml @@ -44,7 +44,6 @@ spec: {{- end }} resources: limits: - cpu: 200m memory: 64Mi requests: cpu: 100m diff --git a/charts/standard-application-stack/templates/postgresql-py-dba.yaml b/charts/standard-application-stack/templates/postgresql-py-dba.yaml index f07c1465..1bc6a434 100644 --- a/charts/standard-application-stack/templates/postgresql-py-dba.yaml +++ b/charts/standard-application-stack/templates/postgresql-py-dba.yaml @@ -44,7 +44,6 @@ spec: {{- end }} resources: limits: - cpu: 200m memory: 64Mi requests: cpu: 100m diff --git a/charts/standard-application-stack/tests/__snapshot__/jobs_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/jobs_test.yaml.snap index 773e8df1..50fc3dff 100644 --- a/charts/standard-application-stack/tests/__snapshot__/jobs_test.yaml.snap +++ b/charts/standard-application-stack/tests/__snapshot__/jobs_test.yaml.snap @@ -46,7 +46,6 @@ Check all .job.* values can be set correctly, without overriding from main deplo name: main resources: limits: - cpu: 1000m memory: 2Gi requests: cpu: 1000m @@ -119,7 +118,6 @@ Check all overrides/additions from main deployment work if enabled: name: main resources: limits: - cpu: 1000m memory: 2Gi requests: cpu: 1000m @@ -208,7 +206,6 @@ Check default values are correct with minimal configuration: name: main resources: limits: - cpu: 1000m memory: 2Gi requests: cpu: 1000m diff --git a/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap index e9a75124..42f6054a 100644 --- a/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap +++ b/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap @@ -38,7 +38,6 @@ adds correct config to configmap: name: main resources: limits: - cpu: 200m memory: 64Mi requests: cpu: 100m @@ -132,7 +131,6 @@ extraUsers adds job and configmap: name: main resources: limits: - cpu: 200m memory: 64Mi requests: cpu: 100m diff --git a/charts/standard-application-stack/tests/__snapshot__/oauth2proxy_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/oauth2proxy_test.yaml.snap index 98028e4b..cdd880e9 100644 --- a/charts/standard-application-stack/tests/__snapshot__/oauth2proxy_test.yaml.snap +++ b/charts/standard-application-stack/tests/__snapshot__/oauth2proxy_test.yaml.snap @@ -138,7 +138,6 @@ Check default container args: scheme: HTTP resources: limits: - cpu: 200m memory: 128Mi requests: cpu: 100m @@ -307,7 +306,6 @@ Check setting skip-auth-regex from extra passed in values: scheme: HTTP resources: limits: - cpu: 200m memory: 128Mi requests: cpu: 100m @@ -476,7 +474,6 @@ Check setting skip-auth-regex from extra passed in values when they already cont scheme: HTTP resources: limits: - cpu: 200m memory: 128Mi requests: cpu: 100m @@ -644,7 +641,6 @@ Check setting skip-auth-regex from overridden health-check values: scheme: HTTP resources: limits: - cpu: 200m memory: 128Mi requests: cpu: 100m @@ -812,7 +808,6 @@ Check sidecar present if enabled: scheme: HTTP resources: limits: - cpu: 200m memory: 128Mi requests: cpu: 100m diff --git a/charts/standard-application-stack/tests/__snapshot__/opensearch_aws_es_proxy_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/opensearch_aws_es_proxy_test.yaml.snap index 085b6377..10820592 100644 --- a/charts/standard-application-stack/tests/__snapshot__/opensearch_aws_es_proxy_test.yaml.snap +++ b/charts/standard-application-stack/tests/__snapshot__/opensearch_aws_es_proxy_test.yaml.snap @@ -205,7 +205,6 @@ Check awsEsProxy deployment is created if enabled: timeoutSeconds: 1 resources: limits: - cpu: 200m memory: 128Mi requests: cpu: 100m diff --git a/charts/standard-application-stack/tests/__snapshot__/postgresql_py_dba_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/postgresql_py_dba_test.yaml.snap index 8280d050..639a61aa 100644 --- a/charts/standard-application-stack/tests/__snapshot__/postgresql_py_dba_test.yaml.snap +++ b/charts/standard-application-stack/tests/__snapshot__/postgresql_py_dba_test.yaml.snap @@ -38,7 +38,6 @@ adds correct config to configmap: name: main resources: limits: - cpu: 200m memory: 64Mi requests: cpu: 100m @@ -132,7 +131,6 @@ extraUsers adds job and configmap: name: main resources: limits: - cpu: 200m memory: 64Mi requests: cpu: 100m diff --git a/charts/standard-application-stack/tests/jobs_test.yaml b/charts/standard-application-stack/tests/jobs_test.yaml index 1a53f68e..9ad0b65c 100644 --- a/charts/standard-application-stack/tests/jobs_test.yaml +++ b/charts/standard-application-stack/tests/jobs_test.yaml @@ -14,7 +14,6 @@ tests: - name: testJobName resources: limits: - cpu: 1000m memory: 2Gi requests: cpu: 1000m @@ -75,7 +74,6 @@ tests: image: someimage resources: limits: - cpu: 1000m memory: 2Gi requests: cpu: 1000m @@ -139,7 +137,6 @@ tests: path: spec.template.spec.containers[0].resources value: limits: - cpu: 1000m memory: 2Gi requests: cpu: 1000m @@ -178,7 +175,6 @@ tests: name: another-secret-ref resources: limits: - cpu: 1000m memory: 2Gi requests: cpu: 1000m diff --git a/charts/standard-application-stack/values.yaml b/charts/standard-application-stack/values.yaml index f29edc0f..2709dff7 100644 --- a/charts/standard-application-stack/values.yaml +++ b/charts/standard-application-stack/values.yaml @@ -355,7 +355,6 @@ readiness: resources: # -- The resource limits for the container limits: {} - # cpu: 1000m # memory: 2Gi # -- The requested resources for the container requests: {} @@ -716,7 +715,6 @@ oauthProxy: # resources: # -- The resource limits for the container # limits: {} - # cpu: 200m # memory: 128Mi # -- The requested resources for the container # requests: {} @@ -769,7 +767,6 @@ celery: resources: # -- The resource limits for the container limits: {} - # cpu: 1000m # memory: 2Gi # -- The requested resources for the container requests: {} @@ -843,7 +840,6 @@ celeryBeat: resources: # -- The resource limits for the container limits: {} - # cpu: 1000m # memory: 2Gi # -- The requested resources for the container requests: {} @@ -917,7 +913,6 @@ cronjobs: # extraInitContainers: {} # resources: # limits: - # cpu: 1000m # memory: 2Gi # requests: # cpu: 1000m @@ -1027,7 +1022,6 @@ mariadb: # image: {} resources: limits: - cpu: 300m memory: 128Mi requests: cpu: 100m @@ -1037,7 +1031,6 @@ mariadb: # image: {} resources: limits: - cpu: 300m memory: 128Mi requests: cpu: 100m @@ -1096,7 +1089,6 @@ postgresql: # image: {} resources: limits: - cpu: 300m memory: 128Mi requests: cpu: 100m @@ -1106,7 +1098,6 @@ postgresql: # image: {} resources: limits: - cpu: 300m memory: 128Mi requests: cpu: 100m @@ -1185,7 +1176,6 @@ gitSyncSidecar: resources: limits: - cpu: 200m memory: 200Mi requests: cpu: 50m @@ -1195,7 +1185,6 @@ filebeatSidecar: enabled: false resources: limits: - cpu: 200m memory: 200Mi requests: cpu: 100m @@ -1213,7 +1202,6 @@ filebeatSidecar: enabled: true resources: limits: - cpu: 200m memory: 200Mi requests: cpu: 100m @@ -1247,7 +1235,6 @@ opensearch: # ref: http://kubernetes.io/docs/user-guide/compute-resources resources: limits: - cpu: 200m memory: 128Mi requests: cpu: 100m