From 39698a41ee8be335c38079e6385d450f456d133e Mon Sep 17 00:00:00 2001 From: Rebecca Zanzig <16315901+adilyse@users.noreply.github.com> Date: Mon, 27 Jul 2020 17:24:13 -0700 Subject: [PATCH] Update resource setting config values Init container resource settings are now split into each individual section. Lifecycle sidecar settings remain a global setting. --- templates/connect-inject-deployment.yaml | 42 ++-- templates/ingress-gateways-deployment.yaml | 18 +- templates/mesh-gateway-deployment.yaml | 14 +- .../terminating-gateways-deployment.yaml | 11 +- test/unit/connect-inject-deployment.bats | 216 ++++++++++++++++-- test/unit/ingress-gateways-deployment.bats | 123 +++++++++- test/unit/mesh-gateway-deployment.bats | 66 +++++- .../unit/terminating-gateways-deployment.bats | 123 +++++++++- values.yaml | 55 +++-- 9 files changed, 589 insertions(+), 79 deletions(-) diff --git a/templates/connect-inject-deployment.yaml b/templates/connect-inject-deployment.yaml index 20acac82a..69960b217 100644 --- a/templates/connect-inject-deployment.yaml +++ b/templates/connect-inject-deployment.yaml @@ -138,31 +138,37 @@ spec: {{- if not (kindIs "invalid" $resources.requests.cpu) }} -default-sidecar-proxy-cpu-request={{ $resources.requests.cpu }} \ {{- end }} - {{- $resources := .Values.global.initContainer.resources }} - {{- if not (kindIs "invalid" $resources.limits.memory) }} - -init-container-memory-limit={{ $resources.limits.memory }} \ + + {{- if .Values.connectInject.initContainer }} + {{- $initResources := .Values.connectInject.initContainer.resources }} + {{- if not (kindIs "invalid" $initResources.limits.memory) }} + -init-container-memory-limit={{ $initResources.limits.memory }} \ {{- end }} - {{- if not (kindIs "invalid" $resources.requests.memory) }} - -init-container-memory-request={{ $resources.requests.memory }} \ + {{- if not (kindIs "invalid" $initResources.requests.memory) }} + -init-container-memory-request={{ $initResources.requests.memory }} \ {{- end }} - {{- if not (kindIs "invalid" $resources.limits.cpu) }} - -init-container-cpu-limit={{ $resources.limits.cpu }} \ + {{- if not (kindIs "invalid" $initResources.limits.cpu) }} + -init-container-cpu-limit={{ $initResources.limits.cpu }} \ {{- end }} - {{- if not (kindIs "invalid" $resources.requests.cpu) }} - -init-container-cpu-request={{ $resources.requests.cpu }} \ + {{- if not (kindIs "invalid" $initResources.requests.cpu) }} + -init-container-cpu-request={{ $initResources.requests.cpu }} \ {{- end }} - {{- $resources := .Values.global.lifecycleSidecarContainer.resources }} - {{- if not (kindIs "invalid" $resources.limits.memory) }} - -lifecycle-sidecar-memory-limit={{ $resources.limits.memory }} \ {{- end }} - {{- if not (kindIs "invalid" $resources.requests.memory) }} - -lifecycle-sidecar-memory-request={{ $resources.requests.memory }} \ + + {{- if .Values.global.lifecycleSidecarContainer }} + {{- $lifecycleResources := .Values.global.lifecycleSidecarContainer.resources }} + {{- if not (kindIs "invalid" $lifecycleResources.limits.memory) }} + -lifecycle-sidecar-memory-limit={{ $lifecycleResources.limits.memory }} \ {{- end }} - {{- if not (kindIs "invalid" $resources.limits.cpu) }} - -lifecycle-sidecar-cpu-limit={{ $resources.limits.cpu }} \ + {{- if not (kindIs "invalid" $lifecycleResources.requests.memory) }} + -lifecycle-sidecar-memory-request={{ $lifecycleResources.requests.memory }} \ + {{- end }} + {{- if not (kindIs "invalid" $lifecycleResources.limits.cpu) }} + -lifecycle-sidecar-cpu-limit={{ $lifecycleResources.limits.cpu }} \ + {{- end }} + {{- if not (kindIs "invalid" $lifecycleResources.requests.cpu) }} + -lifecycle-sidecar-cpu-request={{ $lifecycleResources.requests.cpu }} \ {{- end }} - {{- if not (kindIs "invalid" $resources.requests.cpu) }} - -lifecycle-sidecar-cpu-request={{ $resources.requests.cpu }} \ {{- end }} livenessProbe: httpGet: diff --git a/templates/ingress-gateways-deployment.yaml b/templates/ingress-gateways-deployment.yaml index b039508b1..7f74782a7 100644 --- a/templates/ingress-gateways-deployment.yaml +++ b/templates/ingress-gateways-deployment.yaml @@ -110,7 +110,12 @@ spec: volumeMounts: - name: consul-bin mountPath: /consul-bin - resources: {{ toYaml $root.Values.global.initContainer.resources | nindent 12 }} + {{- $initContainer := .initCopyConsulContainer }} + {{- if (or $initContainer $defaults.initCopyConsulContainer) }} + {{- if (default $defaults.initCopyConsulContainer.resources $initContainer.resources) }} + resources: {{ toYaml (default $defaults.initCopyConsulContainer.resources $initContainer.resources) | nindent 12 }} + {{- end }} + {{- end }} {{- if (and $root.Values.global.tls.enabled $root.Values.global.tls.enableAutoEncrypt) }} {{- include "consul.getAutoEncryptClientCA" $root | nindent 8 }} {{- end }} @@ -257,6 +262,13 @@ spec: mountPath: /consul/tls/ca readOnly: true {{- end }} + resources: + requests: + memory: "25Mi" + cpu: "50m" + limits: + memory: "25Mi" + cpu: "50m" containers: - name: ingress-gateway image: {{ $root.Values.global.imageEnvoy | quote }} @@ -373,7 +385,11 @@ spec: mountPath: /consul/tls/ca readOnly: true {{- end }} + {{- if $root.Values.global.lifecycleSidecarContainer }} + {{- if $root.Values.global.lifecycleSidecarContainer.resources }} resources: {{ toYaml $root.Values.global.lifecycleSidecarContainer.resources | nindent 12 }} + {{- end }} + {{- end }} env: - name: HOST_IP valueFrom: diff --git a/templates/mesh-gateway-deployment.yaml b/templates/mesh-gateway-deployment.yaml index 6c26d055e..71c933852 100644 --- a/templates/mesh-gateway-deployment.yaml +++ b/templates/mesh-gateway-deployment.yaml @@ -90,7 +90,11 @@ spec: volumeMounts: - name: consul-bin mountPath: /consul-bin - resources: {{ toYaml .Values.global.initContainer.resources | nindent 12 }} + {{- if .Values.meshGateway.initCopyConsulContainer }} + {{- if .Values.meshGateway.initCopyConsulContainer.resources }} + resources: {{ toYaml .Values.meshGateway.initCopyConsulContainer.resources | nindent 12 }} + {{- end }} + {{- end }} {{- if (and .Values.global.tls.enabled .Values.global.tls.enableAutoEncrypt) }} {{- include "consul.getAutoEncryptClientCA" . | nindent 8 }} {{- end }} @@ -324,7 +328,11 @@ spec: mountPath: /consul/tls/ca readOnly: true {{- end }} + {{- if .Values.global.lifecycleSidecarContainer }} + {{- if .Values.global.lifecycleSidecarContainer.resources }} resources: {{ toYaml .Values.global.lifecycleSidecarContainer.resources | nindent 12 }} + {{- end }} + {{- end }} env: - name: HOST_IP valueFrom: @@ -351,10 +359,6 @@ spec: {{- if .Values.global.acls.manageSystemACLs }} - -token-file=/consul/service/acl-token {{- end }} - {{- if ( default .Values.global.lifecycleSidecarContainerResources .resources) }} - resources: - {{ toYaml (default .Values.global.lifecycleSidecarContainerResources .resources) | nindent 12 }} - {{- end }} {{- if .Values.meshGateway.priorityClassName }} priorityClassName: {{ .Values.meshGateway.priorityClassName | quote }} {{- end }} diff --git a/templates/terminating-gateways-deployment.yaml b/templates/terminating-gateways-deployment.yaml index 263acb599..52ebd6cba 100644 --- a/templates/terminating-gateways-deployment.yaml +++ b/templates/terminating-gateways-deployment.yaml @@ -124,7 +124,12 @@ spec: volumeMounts: - name: consul-bin mountPath: /consul-bin - resources: {{ toYaml $root.Values.global.initContainer.resources | nindent 12 }} + {{- $initContainer := .initCopyConsulContainer }} + {{- if (or $initContainer $defaults.initCopyConsulContainer) }} + {{- if (default $defaults.initCopyConsulContainer.resources $initContainer.resources) }} + resources: {{ toYaml (default $defaults.initCopyConsulContainer.resources $initContainer.resources) | nindent 12 }} + {{- end }} + {{- end }} {{- if (and $root.Values.global.tls.enabled $root.Values.global.tls.enableAutoEncrypt) }} {{- include "consul.getAutoEncryptClientCA" $root | nindent 8 }} {{- end }} @@ -327,7 +332,11 @@ spec: mountPath: /consul/tls/ca readOnly: true {{- end }} + {{- if $root.Values.global.lifecycleSidecarContainer }} + {{- if $root.Values.global.lifecycleSidecarContainer.resources }} resources: {{ toYaml $root.Values.global.lifecycleSidecarContainer.resources | nindent 12 }} + {{- end }} + {{- end }} env: - name: HOST_IP valueFrom: diff --git a/test/unit/connect-inject-deployment.bats b/test/unit/connect-inject-deployment.bats index 57847fdf5..e5f616a19 100755 --- a/test/unit/connect-inject-deployment.bats +++ b/test/unit/connect-inject-deployment.bats @@ -920,7 +920,10 @@ load _helpers [ "${actual}" = '{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}' ] } -@test "connectInject/Deployment: default init and sidecar container resources" { +#-------------------------------------------------------------------- +# init container resources + +@test "connectInject/Deployment: default init container resources" { cd `chart_dir` local cmd=$(helm template \ -s templates/connect-inject-deployment.yaml \ @@ -937,59 +940,156 @@ load _helpers [ "${actual}" = "true" ] local actual=$(echo "$cmd" | - yq 'any(contains("-init-container-memory-limit=125Mi"))' | tee /dev/stderr) + yq 'any(contains("-init-container-memory-limit=150Mi"))' | tee /dev/stderr) [ "${actual}" = "true" ] local actual=$(echo "$cmd" | yq 'any(contains("-init-container-cpu-limit=50m"))' | tee /dev/stderr) [ "${actual}" = "true" ] +} + +@test "connectInject/Deployment: can set init container resources" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'connectInject.initContainer.resources.requests.memory=100Mi' \ + --set 'connectInject.initContainer.resources.requests.cpu=100m' \ + --set 'connectInject.initContainer.resources.limits.memory=200Mi' \ + --set 'connectInject.initContainer.resources.limits.cpu=200m' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) local actual=$(echo "$cmd" | - yq 'any(contains("-lifecycle-sidecar-memory-request=25Mi"))' | tee /dev/stderr) + yq 'any(contains("-init-container-memory-request=100Mi"))' | tee /dev/stderr) [ "${actual}" = "true" ] local actual=$(echo "$cmd" | - yq 'any(contains("-lifecycle-sidecar-cpu-request=20m"))' | tee /dev/stderr) + yq 'any(contains("-init-container-cpu-request=100m"))' | tee /dev/stderr) [ "${actual}" = "true" ] local actual=$(echo "$cmd" | - yq 'any(contains("-lifecycle-sidecar-memory-limit=25Mi"))' | tee /dev/stderr) + yq 'any(contains("-init-container-memory-limit=200Mi"))' | tee /dev/stderr) [ "${actual}" = "true" ] local actual=$(echo "$cmd" | - yq 'any(contains("-lifecycle-sidecar-cpu-limit=20m"))' | tee /dev/stderr) + yq 'any(contains("-init-container-cpu-limit=200m"))' | tee /dev/stderr) [ "${actual}" = "true" ] } -@test "connectInject/Deployment: can set init container resources" { + +@test "connectInject/Deployment: init container resources can be set explicitly to 0" { cd `chart_dir` local cmd=$(helm template \ -s templates/connect-inject-deployment.yaml \ --set 'connectInject.enabled=true' \ - --set 'global.initContainer.resources.requests.memory=100Mi' \ - --set 'global.initContainer.resources.requests.cpu=100m' \ - --set 'global.initContainer.resources.limits.memory=200Mi' \ - --set 'global.initContainer.resources.limits.cpu=200m' \ + --set 'connectInject.initContainer.resources.requests.memory=0' \ + --set 'connectInject.initContainer.resources.requests.cpu=0' \ + --set 'connectInject.initContainer.resources.limits.memory=0' \ + --set 'connectInject.initContainer.resources.limits.cpu=0' \ . | tee /dev/stderr | yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) local actual=$(echo "$cmd" | - yq 'any(contains("-init-container-memory-request=100Mi"))' | tee /dev/stderr) + yq 'any(contains("-init-container-memory-request=0"))' | tee /dev/stderr) [ "${actual}" = "true" ] local actual=$(echo "$cmd" | - yq 'any(contains("-init-container-cpu-request=100m"))' | tee /dev/stderr) + yq 'any(contains("-init-container-cpu-request=0"))' | tee /dev/stderr) [ "${actual}" = "true" ] local actual=$(echo "$cmd" | - yq 'any(contains("-init-container-memory-limit=200Mi"))' | tee /dev/stderr) + yq 'any(contains("-init-container-memory-limit=0"))' | tee /dev/stderr) [ "${actual}" = "true" ] local actual=$(echo "$cmd" | - yq 'any(contains("-init-container-cpu-limit=200m"))' | tee /dev/stderr) + yq 'any(contains("-init-container-cpu-limit=0"))' | tee /dev/stderr) [ "${actual}" = "true" ] } -@test "connectInject/Deployment: lifecycle sidecar container resources" { +@test "connectInject/Deployment: init container resources can be individually set to null" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'connectInject.initContainer.resources.requests.memory=null' \ + --set 'connectInject.initContainer.resources.requests.cpu=null' \ + --set 'connectInject.initContainer.resources.limits.memory=null' \ + --set 'connectInject.initContainer.resources.limits.cpu=null' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-memory-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-cpu-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-memory-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-cpu-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "connectInject/Deployment: init container resources can be set to null" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'connectInject.initContainer.resources=null' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-memory-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-cpu-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-memory-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-init-container-cpu-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +#-------------------------------------------------------------------- +# lifecycle sidecar resources + +@test "connectInject/Deployment: default lifecycle sidecar container resources" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-request=25Mi"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-request=20m"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-limit=50Mi"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-limit=20m"))' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "connectInject/Deployment: lifecycle sidecar container resources can be set" { cd `chart_dir` local cmd=$(helm template \ -s templates/connect-inject-deployment.yaml \ @@ -1018,6 +1118,90 @@ load _helpers [ "${actual}" = "true" ] } +@test "connectInject/Deployment: lifecycle sidecar container resources can be set explicitly to 0" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'global.lifecycleSidecarContainer.resources.requests.memory=0' \ + --set 'global.lifecycleSidecarContainer.resources.requests.cpu=0' \ + --set 'global.lifecycleSidecarContainer.resources.limits.memory=0' \ + --set 'global.lifecycleSidecarContainer.resources.limits.cpu=0' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-request=0"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-request=0"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-limit=0"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-limit=0"))' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "connectInject/Deployment: lifecycle sidecar container resources can be individually set to null" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'global.lifecycleSidecarContainer.resources.requests.memory=null' \ + --set 'global.lifecycleSidecarContainer.resources.requests.cpu=null' \ + --set 'global.lifecycleSidecarContainer.resources.limits.memory=null' \ + --set 'global.lifecycleSidecarContainer.resources.limits.cpu=null' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "connectInject/Deployment: lifecycle sidecar container resources can be set to null" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'global.lifecycleSidecarContainer.resources=null' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-request"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-memory-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(echo "$cmd" | + yq 'any(contains("-lifecycle-sidecar-cpu-limit"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + #-------------------------------------------------------------------- # sidecarProxy.resources diff --git a/test/unit/ingress-gateways-deployment.bats b/test/unit/ingress-gateways-deployment.bats index eeba653ba..35619135a 100644 --- a/test/unit/ingress-gateways-deployment.bats +++ b/test/unit/ingress-gateways-deployment.bats @@ -446,34 +446,137 @@ load _helpers [ "${actual}" = "gwcpu2" ] } +#-------------------------------------------------------------------- +# init container resources + @test "ingressGateways/Deployment: init container has default resources" { cd `chart_dir` - local actual=$(helm template \ + local object=$(helm template \ -s templates/ingress-gateways-deployment.yaml \ --set 'ingressGateways.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -s -r '.[0].spec.template.spec.initContainers[0].resources' | tee /dev/stderr) - [ $(echo "${actual}" | yq -r '.requests.memory') = "25Mi" ] - [ $(echo "${actual}" | yq -r '.requests.cpu') = "50m" ] - [ $(echo "${actual}" | yq -r '.limits.memory') = "125Mi" ] - [ $(echo "${actual}" | yq -r '.limits.cpu') = "50m" ] + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "25Mi" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "50m" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "150Mi" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "50m" ] } +@test "ingressGateways/Deployment: init container resources can be set through defaults" { + cd `chart_dir` + local object=$(helm template \ + -s templates/ingress-gateways-deployment.yaml \ + --set 'ingressGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.requests.memory=memory' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.requests.cpu=cpu' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.limits.memory=memory2' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.limits.cpu=cpu2' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.initContainers[0].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "memory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "memory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu2" ] +} + +@test "ingressGateways/Deployment: init container resources can be set through specific gateway, overriding defaults" { + cd `chart_dir` + local object=$(helm template \ + -s templates/ingress-gateways-deployment.yaml \ + --set 'ingressGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.requests.memory=memory' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.requests.cpu=cpu' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.limits.memory=memory2' \ + --set 'ingressGateways.defaults.initCopyConsulContainer.resources.limits.cpu=cpu2' \ + --set 'ingressGateways.gateways[0].name=gateway1' \ + --set 'ingressGateways.gateways[0].initCopyConsulContainer.resources.requests.memory=gwmemory' \ + --set 'ingressGateways.gateways[0].initCopyConsulContainer.resources.requests.cpu=gwcpu' \ + --set 'ingressGateways.gateways[0].initCopyConsulContainer.resources.limits.memory=gwmemory2' \ + --set 'ingressGateways.gateways[0].initCopyConsulContainer.resources.limits.cpu=gwcpu2' \ + . | tee /dev/stderr | + yq -s '.[0].spec.template.spec.initContainers[0].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "gwmemory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "gwcpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "gwmemory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "gwcpu2" ] +} + +#-------------------------------------------------------------------- +# lifecycle sidecar resources + @test "ingressGateways/Deployment: lifecycle sidecar has default resources" { cd `chart_dir` - local actual=$(helm template \ + local object=$(helm template \ -s templates/ingress-gateways-deployment.yaml \ --set 'ingressGateways.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -s -r '.[0].spec.template.spec.containers[1].resources' | tee /dev/stderr) - [ $(echo "${actual}" | yq -r '.requests.memory') = "25Mi" ] - [ $(echo "${actual}" | yq -r '.requests.cpu') = "20m" ] - [ $(echo "${actual}" | yq -r '.limits.memory') = "25Mi" ] - [ $(echo "${actual}" | yq -r '.limits.cpu') = "20m" ] + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "25Mi" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "20m" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "50Mi" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "20m" ] +} + +@test "ingressGateways/Deployment: lifecycle sidecar resources can be set" { + cd `chart_dir` + local object=$(helm template \ + -s templates/ingress-gateways-deployment.yaml \ + --set 'ingressGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'global.lifecycleSidecarContainer.resources.requests.memory=memory' \ + --set 'global.lifecycleSidecarContainer.resources.requests.cpu=cpu' \ + --set 'global.lifecycleSidecarContainer.resources.limits.memory=memory2' \ + --set 'global.lifecycleSidecarContainer.resources.limits.cpu=cpu2' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.containers[1].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "memory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "memory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu2" ] } #-------------------------------------------------------------------- diff --git a/test/unit/mesh-gateway-deployment.bats b/test/unit/mesh-gateway-deployment.bats index d1f1052fe..3a984e905 100755 --- a/test/unit/mesh-gateway-deployment.bats +++ b/test/unit/mesh-gateway-deployment.bats @@ -295,6 +295,9 @@ key2: value2' \ [ "${actual}" = "bar" ] } +#-------------------------------------------------------------------- +# init container resources + @test "meshGateway/Deployment: init container has default resources" { cd `chart_dir` local actual=$(helm template \ @@ -302,14 +305,43 @@ key2: value2' \ --set 'meshGateway.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | - yq -s -r '.[0].spec.template.spec.initContainers[0].resources' | tee /dev/stderr) + yq -r '.spec.template.spec.initContainers[0].resources' | tee /dev/stderr) [ $(echo "${actual}" | yq -r '.requests.memory') = "25Mi" ] [ $(echo "${actual}" | yq -r '.requests.cpu') = "50m" ] - [ $(echo "${actual}" | yq -r '.limits.memory') = "125Mi" ] + [ $(echo "${actual}" | yq -r '.limits.memory') = "150Mi" ] [ $(echo "${actual}" | yq -r '.limits.cpu') = "50m" ] } +@test "meshGateway/Deployment: init container resources can be set" { + cd `chart_dir` + local object=$(helm template \ + -s templates/mesh-gateway-deployment.yaml \ + --set 'meshGateway.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'meshGateway.initCopyConsulContainer.resources.requests.memory=memory' \ + --set 'meshGateway.initCopyConsulContainer.resources.requests.cpu=cpu' \ + --set 'meshGateway.initCopyConsulContainer.resources.limits.memory=memory2' \ + --set 'meshGateway.initCopyConsulContainer.resources.limits.cpu=cpu2' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.initContainers[0].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "memory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "memory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu2" ] +} + +#-------------------------------------------------------------------- +# lifecycle sidecar resources + @test "meshGateway/Deployment: lifecycle sidecar has default resources" { cd `chart_dir` local actual=$(helm template \ @@ -317,14 +349,40 @@ key2: value2' \ --set 'meshGateway.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | - yq -s -r '.[0].spec.template.spec.containers[1].resources' | tee /dev/stderr) + yq -r '.spec.template.spec.containers[1].resources' | tee /dev/stderr) [ $(echo "${actual}" | yq -r '.requests.memory') = "25Mi" ] [ $(echo "${actual}" | yq -r '.requests.cpu') = "20m" ] - [ $(echo "${actual}" | yq -r '.limits.memory') = "25Mi" ] + [ $(echo "${actual}" | yq -r '.limits.memory') = "50Mi" ] [ $(echo "${actual}" | yq -r '.limits.cpu') = "20m" ] } +@test "meshGateway/Deployment: lifecycle sidecar resources can be set" { + cd `chart_dir` + local object=$(helm template \ + -s templates/mesh-gateway-deployment.yaml \ + --set 'meshGateway.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'global.lifecycleSidecarContainer.resources.requests.memory=memory' \ + --set 'global.lifecycleSidecarContainer.resources.requests.cpu=cpu' \ + --set 'global.lifecycleSidecarContainer.resources.limits.memory=memory2' \ + --set 'global.lifecycleSidecarContainer.resources.limits.cpu=cpu2' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.containers[1].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "memory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "memory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu2" ] +} + #-------------------------------------------------------------------- # containerPort diff --git a/test/unit/terminating-gateways-deployment.bats b/test/unit/terminating-gateways-deployment.bats index 257338820..72638af80 100644 --- a/test/unit/terminating-gateways-deployment.bats +++ b/test/unit/terminating-gateways-deployment.bats @@ -506,34 +506,137 @@ load _helpers [ "${actual}" = "gwcpu2" ] } +#-------------------------------------------------------------------- +# init container resources + @test "terminatingGateways/Deployment: init container has default resources" { cd `chart_dir` - local actual=$(helm template \ + local object=$(helm template \ -s templates/terminating-gateways-deployment.yaml \ --set 'terminatingGateways.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -s -r '.[0].spec.template.spec.initContainers[0].resources' | tee /dev/stderr) - [ $(echo "${actual}" | yq -r '.requests.memory') = "25Mi" ] - [ $(echo "${actual}" | yq -r '.requests.cpu') = "50m" ] - [ $(echo "${actual}" | yq -r '.limits.memory') = "125Mi" ] - [ $(echo "${actual}" | yq -r '.limits.cpu') = "50m" ] + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "25Mi" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "50m" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "150Mi" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "50m" ] } +@test "terminatingGateways/Deployment: init container resources can be set through defaults" { + cd `chart_dir` + local object=$(helm template \ + -s templates/terminating-gateways-deployment.yaml \ + --set 'terminatingGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.requests.memory=memory' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.requests.cpu=cpu' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.limits.memory=memory2' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.limits.cpu=cpu2' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.initContainers[0].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "memory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "memory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu2" ] +} + +@test "terminatingGateways/Deployment: init container resources can be set through specific gateway, overriding defaults" { + cd `chart_dir` + local object=$(helm template \ + -s templates/terminating-gateways-deployment.yaml \ + --set 'terminatingGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.requests.memory=memory' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.requests.cpu=cpu' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.limits.memory=memory2' \ + --set 'terminatingGateways.defaults.initCopyConsulContainer.resources.limits.cpu=cpu2' \ + --set 'terminatingGateways.gateways[0].name=gateway1' \ + --set 'terminatingGateways.gateways[0].initCopyConsulContainer.resources.requests.memory=gwmemory' \ + --set 'terminatingGateways.gateways[0].initCopyConsulContainer.resources.requests.cpu=gwcpu' \ + --set 'terminatingGateways.gateways[0].initCopyConsulContainer.resources.limits.memory=gwmemory2' \ + --set 'terminatingGateways.gateways[0].initCopyConsulContainer.resources.limits.cpu=gwcpu2' \ + . | tee /dev/stderr | + yq -s '.[0].spec.template.spec.initContainers[0].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "gwmemory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "gwcpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "gwmemory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "gwcpu2" ] +} + +#-------------------------------------------------------------------- +# lifecycle sidecar resources + @test "terminatingGateways/Deployment: lifecycle sidecar has default resources" { cd `chart_dir` - local actual=$(helm template \ + local object=$(helm template \ -s templates/terminating-gateways-deployment.yaml \ --set 'terminatingGateways.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -s -r '.[0].spec.template.spec.containers[1].resources' | tee /dev/stderr) - [ $(echo "${actual}" | yq -r '.requests.memory') = "25Mi" ] - [ $(echo "${actual}" | yq -r '.requests.cpu') = "20m" ] - [ $(echo "${actual}" | yq -r '.limits.memory') = "25Mi" ] - [ $(echo "${actual}" | yq -r '.limits.cpu') = "20m" ] + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "25Mi" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "20m" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "50Mi" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "20m" ] +} + +@test "terminatingGateways/Deployment: lifecycle sidecar resources can be set" { + cd `chart_dir` + local object=$(helm template \ + -s templates/terminating-gateways-deployment.yaml \ + --set 'terminatingGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'global.lifecycleSidecarContainer.resources.requests.memory=memory' \ + --set 'global.lifecycleSidecarContainer.resources.requests.cpu=cpu' \ + --set 'global.lifecycleSidecarContainer.resources.limits.memory=memory2' \ + --set 'global.lifecycleSidecarContainer.resources.limits.cpu=cpu2' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.containers[1].resources' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.requests.memory' | tee /dev/stderr) + [ "${actual}" = "memory" ] + + local actual=$(echo $object | yq -r '.requests.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu" ] + + local actual=$(echo $object | yq -r '.limits.memory' | tee /dev/stderr) + [ "${actual}" = "memory2" ] + + local actual=$(echo $object | yq -r '.limits.cpu' | tee /dev/stderr) + [ "${actual}" = "cpu2" ] } #-------------------------------------------------------------------- diff --git a/values.yaml b/values.yaml index be7e4108b..76b40d86d 100644 --- a/values.yaml +++ b/values.yaml @@ -229,22 +229,9 @@ global: memory: "25Mi" cpu: "20m" limits: - memory: "25Mi" + memory: "50Mi" cpu: "20m" - # Resource settings for copy-consul-bin init containers which are used by the - # ingress/terminating/mesh gateways. - # These settings are bounded by the size of the consul binary - # as we use `cp` to copy it into a shared volume in the init container. - initContainer: - resources: - requests: - memory: "25Mi" - cpu: "50m" - limits: - memory: "125Mi" - cpu: "50m" - # Server, when enabled, configures a server cluster to run. This should # be disabled if you plan on connecting to a Consul cluster external to # the Kube cluster. @@ -985,6 +972,16 @@ connectInject: # Recommended default: 100m cpu: null + # Resource settings for the Connect injected init container. + initContainer: + resources: + requests: + memory: "25Mi" + cpu: "50m" + limits: + memory: "150Mi" + cpu: "50m" + # Mesh Gateways enable Consul Connect to work across Consul datacenters. meshGateway: # If mesh gateways are enabled, a Deployment will be created that runs @@ -1103,6 +1100,16 @@ meshGateway: memory: "100Mi" cpu: "100m" + # Resource settings for the `copy-consul-bin` init container. + initCopyConsulContainer: + resources: + requests: + memory: "25Mi" + cpu: "50m" + limits: + memory: "150Mi" + cpu: "50m" + # By default, we set an anti-affinity so that two gateway pods won't be # on the same node. NOTE: Gateways require that Consul client agents are # also running on the nodes alongside each gateway pod. @@ -1191,6 +1198,16 @@ ingressGateways: memory: "100Mi" cpu: "100m" + # Resource settings for the `copy-consul-bin` init container. + initCopyConsulContainer: + resources: + requests: + memory: "25Mi" + cpu: "50m" + limits: + memory: "150Mi" + cpu: "50m" + # By default, we set an anti-affinity so that two of the same gateway pods # won't be on the same node. NOTE: Gateways require that Consul client agents are # also running on the nodes alongside each gateway pod. @@ -1276,6 +1293,16 @@ terminatingGateways: memory: "100Mi" cpu: "100m" + # Resource settings for the `copy-consul-bin` init container. + initCopyConsulContainer: + resources: + requests: + memory: "25Mi" + cpu: "50m" + limits: + memory: "150Mi" + cpu: "50m" + # By default, we set an anti-affinity so that two of the same gateway pods # won't be on the same node. NOTE: Gateways require that Consul client agents are # also running on the nodes alongside each gateway pod.