From 2fecfa92ab3ab09f0bb61d9c6a4107984094d937 Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Tue, 16 Jul 2024 12:04:45 -0500
Subject: [PATCH 1/6] cert managerkubectl get pods

---
 .../webhook-cert-manager-deployment.yaml      |  9 +++----
 charts/consul/values.yaml                     | 27 +++++++++++++++++++
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/charts/consul/templates/webhook-cert-manager-deployment.yaml b/charts/consul/templates/webhook-cert-manager-deployment.yaml
index 0301331b9b..3717f3e4da 100644
--- a/charts/consul/templates/webhook-cert-manager-deployment.yaml
+++ b/charts/consul/templates/webhook-cert-manager-deployment.yaml
@@ -54,13 +54,10 @@ spec:
         {{ template "consul.imagePullPolicy" . }}
         name: webhook-cert-manager
         {{- include "consul.restrictedSecurityContext" . | nindent 8 }}
+        { { - with .Values.webhookCertManager.resources } }
         resources:
-          limits:
-            cpu: 100m
-            memory: 50Mi
-          requests:
-            cpu: 100m
-            memory: 50Mi
+          { { - toYaml . | nindent 12 } }
+        { { - end } }
         volumeMounts:
         - name: config
           mountPath: /bootstrap/config
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
index 6a8034ea19..6c4c1b43f1 100644
--- a/charts/consul/values.yaml
+++ b/charts/consul/values.yaml
@@ -3480,6 +3480,33 @@ webhookCertManager:
   # @type: string
   nodeSelector: null
 
+  # The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods.
+  # This should be a YAML map corresponding to a Kubernetes
+  # [`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core)
+  # object.
+  #
+  # Example:
+  #
+  # ```yaml
+  # resources:
+  #   requests:
+  #     memory: '200Mi'
+  #     cpu: '100m'
+  #   limits:
+  #     memory: '200Mi'
+  #     cpu: '100m'
+  # ```
+  #
+  # @recurse: false
+  # @type: map
+  resources:
+    requests:
+      memory: "50Mi"
+      cpu: "100m"
+    limits:
+      memory: "50Mi"
+      cpu: "1oom"
+
 # Configures a demo Prometheus installation.
 prometheus:
   # When true, the Helm chart will install a demo Prometheus server instance

From 640a7927606346e86f4836f3dcd9dba1006c1dfa Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Tue, 16 Jul 2024 12:19:54 -0500
Subject: [PATCH 2/6] make resources for webhook cert manager configurable

---
 .../consul/templates/webhook-cert-manager-deployment.yaml   | 6 +++---
 charts/consul/values.yaml                                   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/charts/consul/templates/webhook-cert-manager-deployment.yaml b/charts/consul/templates/webhook-cert-manager-deployment.yaml
index 3717f3e4da..71cddcaf84 100644
--- a/charts/consul/templates/webhook-cert-manager-deployment.yaml
+++ b/charts/consul/templates/webhook-cert-manager-deployment.yaml
@@ -54,10 +54,10 @@ spec:
         {{ template "consul.imagePullPolicy" . }}
         name: webhook-cert-manager
         {{- include "consul.restrictedSecurityContext" . | nindent 8 }}
-        { { - with .Values.webhookCertManager.resources } }
+        {{- with .Values.webhookCertManager.resources }}
         resources:
-          { { - toYaml . | nindent 12 } }
-        { { - end } }
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
         volumeMounts:
         - name: config
           mountPath: /bootstrap/config
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
index 6c4c1b43f1..78b3eb1610 100644
--- a/charts/consul/values.yaml
+++ b/charts/consul/values.yaml
@@ -3505,7 +3505,7 @@ webhookCertManager:
       cpu: "100m"
     limits:
       memory: "50Mi"
-      cpu: "1oom"
+      cpu: "200m"
 
 # Configures a demo Prometheus installation.
 prometheus:

From 8ef3b40d877a7ce529893e56fea6b7e4d805dffb Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Tue, 16 Jul 2024 12:23:58 -0500
Subject: [PATCH 3/6] changelog entry

---
 .changelog/4184.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/4184.txt

diff --git a/.changelog/4184.txt b/.changelog/4184.txt
new file mode 100644
index 0000000000..389f31b515
--- /dev/null
+++ b/.changelog/4184.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+* helm: Adds `webhookCertManager.resources` field which can be configured to override the `resource` settings for the `webhook-cert-manager` deployment.
+```
\ No newline at end of file

From a083db04917ac697357c7582c9cf8b05911d8f86 Mon Sep 17 00:00:00 2001
From: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:28:37 -0500
Subject: [PATCH 4/6] Update charts/consul/values.yaml

---
 charts/consul/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
index 78b3eb1610..35d83a088e 100644
--- a/charts/consul/values.yaml
+++ b/charts/consul/values.yaml
@@ -3505,7 +3505,7 @@ webhookCertManager:
       cpu: "100m"
     limits:
       memory: "50Mi"
-      cpu: "200m"
+      cpu: "100m"
 
 # Configures a demo Prometheus installation.
 prometheus:

From 0050297434ad562b78b0377a55d9b7addb4a46ec Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Wed, 17 Jul 2024 11:46:53 -0500
Subject: [PATCH 5/6] make gateway resources configurable

---
 .changelog/4184.txt                           |  1 +
 .../templates/gateway-resources-job.yaml      |  9 ++----
 charts/consul/values.yaml                     | 29 +++++++++++++++++++
 3 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/.changelog/4184.txt b/.changelog/4184.txt
index 389f31b515..8400524f80 100644
--- a/.changelog/4184.txt
+++ b/.changelog/4184.txt
@@ -1,3 +1,4 @@
 ```release-note:improvement
 * helm: Adds `webhookCertManager.resources` field which can be configured to override the `resource` settings for the `webhook-cert-manager` deployment.
+* helm: Adds `webhookCertManager.resources` field which can be configured to override the `resource` settings for the `webhook-cert-manager` deployment.
 ```
\ No newline at end of file
diff --git a/charts/consul/templates/gateway-resources-job.yaml b/charts/consul/templates/gateway-resources-job.yaml
index b5e7b056cc..5f3110479c 100644
--- a/charts/consul/templates/gateway-resources-job.yaml
+++ b/charts/consul/templates/gateway-resources-job.yaml
@@ -89,13 +89,10 @@ spec:
             {{- if .Values.connectInject.apiGateway.managedGatewayClass.metrics.port }}
             - -metrics-port={{ .Values.connectInject.apiGateway.managedGatewayClass.metrics.port }}
             {{- end }}
+          {{- with .Values.connectInject.apiGateway.managedGatewayClass.resourceJob.resources }}
           resources:
-            requests:
-              memory: "50Mi"
-              cpu: "50m"
-            limits:
-              memory: "50Mi"
-              cpu: "50m"
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - name: config
               mountPath: /consul/config
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
index 78b3eb1610..be9a0a3c01 100644
--- a/charts/consul/values.yaml
+++ b/charts/consul/values.yaml
@@ -2470,6 +2470,35 @@ connectInject:
       # will be the 80 + the number defined below.
       mapPrivilegedContainerPorts: 0
 
+      # This value contains settings related to the gateway_resources_job that runs on helm install
+      resourceJob:
+        # The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods.
+        # This should be a YAML map corresponding to a Kubernetes
+        # [`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core)
+        # object.
+        #
+        # Example:
+        #
+        # ```yaml
+        # resources:
+        #   requests:
+        #     memory: '200Mi'
+        #     cpu: '100m'
+        #   limits:
+        #     memory: '200Mi'
+        #     cpu: '100m'
+        # ```
+        #
+        # @recurse: false
+        # @type: map
+        resources:
+          requests:
+            memory: "50Mi"
+            cpu: "50m"
+          limits:
+            memory: "50Mi"
+            cpu: "50m"
+
     # Configuration for the ServiceAccount created for the api-gateway component
     serviceAccount:
       # This value defines additional annotations for the client service account. This should be formatted as a multi-line

From ee5a4a910f69a6c9220f0e5b68e63b83e6c117a1 Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Wed, 17 Jul 2024 15:15:25 -0500
Subject: [PATCH 6/6] update changelog

---
 .changelog/4184.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.changelog/4184.txt b/.changelog/4184.txt
index 8400524f80..2e56047b49 100644
--- a/.changelog/4184.txt
+++ b/.changelog/4184.txt
@@ -1,4 +1,4 @@
 ```release-note:improvement
 * helm: Adds `webhookCertManager.resources` field which can be configured to override the `resource` settings for the `webhook-cert-manager` deployment.
-* helm: Adds `webhookCertManager.resources` field which can be configured to override the `resource` settings for the `webhook-cert-manager` deployment.
+* helm: Adds `connectInject.apiGateway.managedGatewayClass.resourceJob.resources` field which can be configured to override the `resource` settings for the `gateway-resources-job` job.
 ```
\ No newline at end of file