Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requests and limits on sidecar containers #36

Open
shokohsc opened this issue May 9, 2022 · 2 comments
Open

Requests and limits on sidecar containers #36

shokohsc opened this issue May 9, 2022 · 2 comments
Assignees
@angelnu

Comments

@shokohsc
Copy link

shokohsc commented May 9, 2022

Hello, thanks for this project, this is very useful.

I'd like to define resources for the injected gateway-sidecar container,
I can see here that this is not yet possible.

Could it be done ? Not much of a go programmer myself.
I imagine that the settings.sh file could be used to look for variables containing cpu/memory requests and limits to be defined.

Or maybe using some project like gatekeeper to apply another mutation ?

Cheers
@angelnu
Copy link
Owner

angelnu commented May 25, 2022

@shokohsc - it can be done. The difficulty will depend on how complex it needs to be as we would need to pass it though env variables OR parse from a configmap.

Did you try with gatekeeper? Any trade-offs using it?

@angelnu angelnu self-assigned this May 25, 2022
@shokohsc
Copy link
Author

shokohsc commented Aug 16, 2022
edited

@angelnu Hello, sorry for delay, it appears it cannot be done via gatekeeper (v0.3.9) as it'll pick up the pod after the gateway admission controller (this is actually fine and what is, I guess, the intended behavior) and gateway manager errors like so:

Operation cannot be fulfilled on mutatorpodstatuses.status.gatekeeper.sh \"gatekeeper--audit--5fb5589dcd--6jsmc-assign-gateway--sidecar\": the object has been modified; please apply your changes to the latest version and try again

I applied this Assign CRD:

apiVersion: mutations.gatekeeper.sh/v1beta1
kind: Assign
metadata:
  name: gateway-sidecar
spec:
  applyTo:
  - groups: [""]
    kinds: ["Pod"]
    versions: ["v1"]
  match:
    scope: Cluster
    kinds:
    - apiGroups: ["*"]
      kinds: ["Pod"]
    namespaceSelector:
      matchLabels:
        routed-gateway: "true"
  location: "spec.containers[name:gateway-sidecar].resources"
  parameters:
    assign:
      value:
        requests:
          cpu: 10m
          memory: 64M
        limits:
          cpu: 100m
          memory: 64M

In the end, I don't think using another webhook (as in installing a whole project) to edit what this admission controller could do should be the way to go.
As for how resources could be defined from, your guess is as good as mine. I don't know golang so I won't be of any help on the matter unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@angelnu angelnu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shokohsc @angelnu