From 11c15856c098aaff2d2e3bb7b848c2d5b0a32a9a Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Sat, 5 Oct 2024 11:28:01 +0200 Subject: [PATCH 01/16] fix: team res --- helmfile.d/helmfile-60.teams.yaml | 3 + helmfile.d/snippets/defaults.yaml | 79 ++++++---------- tests/fixtures/env/teams.yaml | 44 +++++++++ values-schema.yaml | 89 +++++++++++++++++-- values/argocd/argocd.gotmpl | 14 ++- .../prometheus-operator-team.gotmpl | 5 -- values/tempo/tempo.gotmpl | 4 + 7 files changed, 175 insertions(+), 63 deletions(-) diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index 9d94abd67c..7aa8571be8 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -57,6 +57,7 @@ releases: namespaceOverride: null alertmanagerSpec: externalUrl: "https://alertmanager-{{ $teamId }}.{{ $domain }}" + resources: {{- $team.resources.alertmanager | toYaml | nindent 14 }} podMetadata: annotations: sidecar.istio.io/inject: "true" @@ -77,12 +78,14 @@ releases: namespaceOverride: null # team-{{ $teamId }} nameOverride: {{ $teamId }}-po-grafana fullnameOverride: {{ $teamId }}-po-grafana + resources: {{- $team.resources.grafana | toYaml | nindent 12 }} grafana.ini: "auth.generic_oauth": role_attribute_path: contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'team-admin') && 'Admin' || contains(groups[*], 'team-{{ $teamId }}') && 'Editor'{{ if not ($team | get "managedMonitoring.private" false) }} || 'Viewer'{{- end }} server: root_url: https://grafana-{{ $teamId }}.{{ $domain }} sidecar: + resources: {{- $team.resources.grafanaSidecar | toYaml | nindent 14 }} datasources: defaultDatasourceEnabled: false dashboards: diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index 086575d219..cf5722f256 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -8,13 +8,6 @@ environments: alertmanager: enabled: false resources: - alertmanagerTeams: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 200m - memory: 256Mi alertmanager: requests: cpu: 10m @@ -25,13 +18,13 @@ environments: _rawValues: {} argocd: applicationSet: - replicas: 1 + replicas: 2 controller: - replicas: 1 + replicas: 2 autoscaling: repoServer: enabled: true - minReplicas: 1 + minReplicas: 2 maxReplicas: 5 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 @@ -44,7 +37,7 @@ environments: resources: controller: requests: - cpu: 500m + cpu: 200m memory: 1Gi limits: cpu: "2" @@ -59,7 +52,7 @@ environments: repo: requests: cpu: 100m - memory: 512M + memory: 640M limits: cpu: "1" memory: 1Gi @@ -80,13 +73,13 @@ environments: notifications: requests: cpu: 50m - memory: 64M + memory: 160M limits: cpu: "1" memory: 1Gi imageUpdater: requests: - memory: 50Mi + memory: 160Mi cpu: 50m limits: memory: 1Gi @@ -308,21 +301,21 @@ environments: memory: 1Gi requests: cpu: 100m - memory: 128Mi + memory: 256Mi memcached: limits: cpu: 250m memory: 256Mi requests: - cpu: 100m + cpu: 10m memory: 128Mi memcachedMetrics: limits: cpu: 200m memory: 128M requests: - cpu: 50m - memory: 64M + cpu: 10m + memory: 16M init: limits: cpu: 400m @@ -340,13 +333,6 @@ environments: limits: cpu: "1" memory: 1Gi - grafanaTeams: - requests: - cpu: 10m - memory: 128Mi - limits: - cpu: "1" - memory: 1Gi sidecar: limits: cpu: 500m @@ -354,13 +340,6 @@ environments: requests: cpu: 10m memory: 128Mi - sidecarTeams: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 128Mi _rawValues: {} harbor: enabled: false @@ -372,49 +351,49 @@ environments: resources: chartmuseum: requests: - cpu: 10m + cpu: 20m memory: 56Mi limits: cpu: 500m memory: 512Mi core: requests: - cpu: 10m + cpu: 20m memory: 128Mi limits: cpu: 500m memory: 512Mi jobservice: requests: - cpu: 10m - memory: 32Mi + cpu: 20m + memory: 128Mi limits: cpu: 500m memory: 512Mi portal: requests: - cpu: 10m - memory: 32Mi + cpu: 20m + memory: 128Mi limits: cpu: 500m memory: 512Mi redis: requests: - cpu: 100m + cpu: 20m memory: 128Mi limits: cpu: 500m memory: 512Mi registry: requests: - cpu: 10m + cpu: 20m memory: 32Mi limits: cpu: 500m memory: 256Mi registryController: requests: - cpu: 10m + cpu: 20m memory: 32Mi limits: cpu: 500m @@ -429,7 +408,7 @@ environments: nginx: requests: memory: 32Mi - cpu: 10m + cpu: 20m limits: memory: 512Mi cpu: 200m @@ -493,7 +472,7 @@ environments: resources: proxy: requests: - cpu: 20m + cpu: 5m memory: 80Mi limits: cpu: "1" @@ -565,18 +544,18 @@ environments: resources: keycloak: requests: - cpu: 200m - memory: 512Mi + cpu: 100m + memory: 640Mi limits: cpu: "2" memory: 2Gi operator: requests: cpu: 100m - memory: 128Mi + memory: 336Mi limits: cpu: "1" - memory: 512Mi + memory: 1Gi idp: alias: otomi-idp clientID: otomi @@ -920,11 +899,11 @@ environments: enabled: false resources: requests: - cpu: 200m - memory: 256Mi + cpu: 50m + memory: 160Mi limits: cpu: "1" - memory: 512Mi + memory: 1Gi _rawValues: {} prometheus-blackbox-exporter: _rawValues: {} diff --git a/tests/fixtures/env/teams.yaml b/tests/fixtures/env/teams.yaml index 57a0146ee0..01a83f7bf6 100644 --- a/tests/fixtures/env/teams.yaml +++ b/tests/fixtures/env/teams.yaml @@ -41,6 +41,28 @@ teamConfig: - alerts policies: - edit policies + resources: + alertmanager: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 256Mi + grafana: + requests: + cpu: 10m + memory: 128Mi + limits: + cpu: '1' + memory: 1Gi + grafanaSidecar: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi dev: id: dev managedMonitoring: @@ -52,3 +74,25 @@ teamConfig: - downloadCertificateAuthority policies: - edit policies + resources: + alertmanager: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 200m + memory: 256Mi + grafana: + requests: + cpu: 10m + memory: 128Mi + limits: + cpu: '1' + memory: 1Gi + grafanaSidecar: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi diff --git a/values-schema.yaml b/values-schema.yaml index 94758b20fb..a1c67dcda3 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -1128,6 +1128,89 @@ definitions: private: type: boolean default: false + resources: + properties: + alertmanager: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 10m + memory: + $ref: '#/definitions/memoryQuantity' + default: 64Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 200m + memory: + $ref: '#/definitions/memoryQuantity' + default: 256Mi + required: + - cpu + - memory + grafana: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 10m + memory: + $ref: '#/definitions/memoryQuantity' + default: 128Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: '1' + memory: + $ref: '#/definitions/memoryQuantity' + default: 1Gi + required: + - cpu + - memory + grafanaSidecar: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 10m + memory: + $ref: '#/definitions/memoryQuantity' + default: 128Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 200m + memory: + $ref: '#/definitions/memoryQuantity' + default: 256Mi + required: + - cpu + - memory networkPolicy: ingressPrivate: title: Enable filtering of ingress traffic inside the cluster @@ -1469,8 +1552,6 @@ properties: $ref: '#/definitions/imageSimple' resources: properties: - alertmanagerTeams: - $ref: '#/definitions/resources' alertmanger: $ref: '#/definitions/resources' argocd: @@ -1786,10 +1867,6 @@ properties: $ref: '#/definitions/resources' sidecar: $ref: '#/definitions/resources' - grafanaTeams: - $ref: '#/definitions/resources' - sidecarTeams: - $ref: '#/definitions/resources' harbor: additionalProperties: false properties: diff --git a/values/argocd/argocd.gotmpl b/values/argocd/argocd.gotmpl index def02851e6..6b2b6c49c8 100644 --- a/values/argocd/argocd.gotmpl +++ b/values/argocd/argocd.gotmpl @@ -11,7 +11,12 @@ global: {{- end }} # ApplicationSet Controller applicationSet: - replicas: {{ $a.applicationSet.replicas }} + replicas: {{ $a.applicationSet.replicas }} + pdb: + enabled: true + labels: + app.kubernetes.io/component: applicationset-controller + minAvailable: 1 resources: {{- $a.resources.applicationSet | toYaml | nindent 4 }} metrics: enabled: true @@ -22,7 +27,12 @@ applicationSet: # Application Controller controller: - replicas: {{ $a.controller.replicas }} + replicas: {{ $a.controller.replicas }} + pdb: + enabled: true + labels: + app.kubernetes.io/component: application-controller + minAvailable: 1 resources: {{- $a.resources.controller | toYaml | nindent 4 }} metrics: enabled: true diff --git a/values/prometheus-operator/prometheus-operator-team.gotmpl b/values/prometheus-operator/prometheus-operator-team.gotmpl index 2e296cfc73..518c1ec025 100644 --- a/values/prometheus-operator/prometheus-operator-team.gotmpl +++ b/values/prometheus-operator/prometheus-operator-team.gotmpl @@ -59,12 +59,7 @@ grafana: enabled: false defaultDashboardsEnabled: false plugins: [] - resources: {{- $g.resources.grafanaTeams | toYaml | nindent 4 }} - sidecar: - resources: {{- $g.resources.sidecarTeams | toYaml | nindent 6 }} alertmanager: serviceMonitor: selfMonitor: false - alertmanagerSpec: - resources: {{- $a.resources.alertmanagerTeams | toYaml | nindent 6 }} diff --git a/values/tempo/tempo.gotmpl b/values/tempo/tempo.gotmpl index 943ac0f66a..ea8e8ca120 100644 --- a/values/tempo/tempo.gotmpl +++ b/values/tempo/tempo.gotmpl @@ -6,6 +6,7 @@ fullnameOverride: tempo ingester: + replicas: {{ $t.autoscaling.ingester.minReplicas }} resources: {{- $t.resources.ingester | toYaml | nindent 4 }} autoscaling: enabled: {{ $t.autoscaling.ingester.enabled }} @@ -21,6 +22,7 @@ ingester: {{- end }} distributor: + replicas: {{ $t.autoscaling.distributor.minReplicas }} resources: {{- $t.resources.distributor | toYaml | nindent 4 }} autoscaling: enabled: {{ $t.autoscaling.distributor.enabled }} @@ -38,6 +40,7 @@ compactor: resources: {{- $t.resources.compactor | toYaml | nindent 4 }} querier: + replicas: {{ $t.autoscaling.querier.minReplicas }} resources: {{- $t.resources.querier | toYaml | nindent 4 }} autoscaling: enabled: {{ $t.autoscaling.querier.enabled }} @@ -47,6 +50,7 @@ querier: targetMemoryUtilizationPercentage: {{ $t.autoscaling.querier.targetMemoryUtilizationPercentage }} queryFrontend: + replicas: {{ $t.autoscaling.queryFrontend.minReplicas }} resources: {{- $t.resources.queryFrontend | toYaml | nindent 4 }} autoscaling: enabled: {{ $t.autoscaling.queryFrontend.enabled }} From 07f4a707777db14daa13f393dd5b0a85e221b491 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Sat, 5 Oct 2024 13:58:09 +0200 Subject: [PATCH 02/16] fix: tekton rs --- .../templates/tekton-tasks/buildpacks.yaml | 13 +- .../templates/tekton-tasks/git-clone.yaml | 13 +- .../team-ns/templates/tekton-tasks/grype.yaml | 11 +- .../templates/tekton-tasks/kaniko.yaml | 11 +- .../deployment-tekton-events-controller.yaml | 8 +- ...eployment-tekton-pipelines-controller.yaml | 8 +- ...ent-tekton-pipelines-remote-resolvers.yaml | 8 +- .../deployment-tekton-pipelines-webhook.yaml | 8 +- charts/tekton-pipelines/values.yaml | 20 +-- core.yaml | 2 + helmfile.d/helmfile-60.teams.yaml | 1 + helmfile.d/snippets/defaults.yaml | 65 +++++--- tests/fixtures/env/teams.yaml | 71 +++++++++ values-schema.yaml | 147 +++++++++++++++++- values/istio-operator/istio-operator.gotmpl | 3 + values/jaeger-operator/jaeger-operator.gotmpl | 18 --- .../prometheus-blackbox-exporter.gotmpl | 16 +- .../prometheus-operator-team.gotmpl | 6 + .../tekton-dashboard-teams.gotmpl | 2 - .../tekton-pipelines/tekton-pipelines.gotmpl | 8 +- 20 files changed, 300 insertions(+), 139 deletions(-) diff --git a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml index b9a80b4f34..9e89a5b432 100644 --- a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml +++ b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values }} +{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -85,13 +87,7 @@ spec: env: - name: CNB_PLATFORM_API value: "0.9" - computeResources: - limits: - cpu: "2" - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi + computeResources: {{- $v.resources.buildpacksTask | toYaml | nindent 6 }} steps: - name: prepare computeResources: {} @@ -201,4 +197,5 @@ spec: - name: empty-dir emptyDir: {} - name: layers-dir - emptyDir: {} \ No newline at end of file + emptyDir: {} +{{- end }} \ No newline at end of file diff --git a/charts/team-ns/templates/tekton-tasks/git-clone.yaml b/charts/team-ns/templates/tekton-tasks/git-clone.yaml index 9e8f1c5a8f..dbef667321 100644 --- a/charts/team-ns/templates/tekton-tasks/git-clone.yaml +++ b/charts/team-ns/templates/tekton-tasks/git-clone.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values }} +{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -12,13 +14,7 @@ metadata: tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" spec: stepTemplate: - computeResources: - limits: - cpu: "2" - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi + computeResources: {{- $v.resources.gitcloneTask | toYaml | nindent 6 }} description: >- These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. @@ -259,4 +255,5 @@ spec: RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" - printf "%s" "${PARAM_URL}" > "$(results.url.path)" \ No newline at end of file + printf "%s" "${PARAM_URL}" > "$(results.url.path)" +{{- end }} \ No newline at end of file diff --git a/charts/team-ns/templates/tekton-tasks/grype.yaml b/charts/team-ns/templates/tekton-tasks/grype.yaml index 2284b5985f..7af77b7219 100644 --- a/charts/team-ns/templates/tekton-tasks/grype.yaml +++ b/charts/team-ns/templates/tekton-tasks/grype.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values }} +{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -12,13 +14,7 @@ metadata: tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/390x" spec: stepTemplate: - computeResources: - limits: - cpu: "2" - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi + computeResources: {{- $v.resources.grypeTask | toYaml | nindent 6 }} description: >- A vulnerability scanner for container images and filesystems. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems. @@ -47,3 +43,4 @@ spec: - "ALL" seccompProfile: type: RuntimeDefault +{{- end }} diff --git a/charts/team-ns/templates/tekton-tasks/kaniko.yaml b/charts/team-ns/templates/tekton-tasks/kaniko.yaml index 038c14a9c3..325b9e040d 100644 --- a/charts/team-ns/templates/tekton-tasks/kaniko.yaml +++ b/charts/team-ns/templates/tekton-tasks/kaniko.yaml @@ -1,3 +1,5 @@ +{{- $v := .Values }} +{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -12,13 +14,7 @@ metadata: tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le" spec: stepTemplate: - computeResources: - limits: - cpu: "2" - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi + computeResources: {{- $v.resources.kanikoTask | toYaml | nindent 6 }} description: >- This Task builds a simple Dockerfile with kaniko and pushes to a registry. This Task stores the image name and digest as results, allowing Tekton Chains to pick up @@ -80,3 +76,4 @@ spec: set -e image="$(params.IMAGE)" echo -n "${image}" | tee "$(results.IMAGE_URL.path)" +{{- end }} \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/deployment-tekton-events-controller.yaml b/charts/tekton-pipelines/templates/deployment-tekton-events-controller.yaml index c0ba6d9112..26dead707d 100644 --- a/charts/tekton-pipelines/templates/deployment-tekton-events-controller.yaml +++ b/charts/tekton-pipelines/templates/deployment-tekton-events-controller.yaml @@ -63,13 +63,7 @@ spec: - name: tekton-events-controller image: {{ .Values.events.deployment.image }} args: [] - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi + resources: {{- toYaml .Values.events.resources | nindent 12 }} volumeMounts: - name: config-logging mountPath: /etc/config-logging diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-controller.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-controller.yaml index efb629cf72..6af4390c21 100644 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-controller.yaml +++ b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-controller.yaml @@ -122,13 +122,7 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi + resources: {{- toYaml .Values.controller.resources | nindent 12 }} ports: - name: metrics containerPort: 9090 diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml index fb542d5fe5..9ba478663d 100644 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml +++ b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml @@ -64,13 +64,7 @@ spec: containers: - name: controller image: {{ .Values.remoteresolver.deployment.image }} - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 2Gi + resources: {{- toYaml .Values.controller.resources | nindent 12 }} ports: - name: metrics containerPort: 9090 diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml index ede6b365b7..73ff465386 100644 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml +++ b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml @@ -78,13 +78,7 @@ spec: # and substituted here. image: {{ .Values.webhook.deployment.image }} # Resource request required for autoscaler to take any action for a metric - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi + resources: {{- toYaml .Values.events.resources | nindent 12 }} env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/charts/tekton-pipelines/values.yaml b/charts/tekton-pipelines/values.yaml index 66928a987e..dd018d4097 100644 --- a/charts/tekton-pipelines/values.yaml +++ b/charts/tekton-pipelines/values.yaml @@ -20,13 +20,7 @@ controller: - windows tolerations: [] nodeSelector: {} - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi + resources: {} # Values for tekton-pipelines-webhook webhook: deployment: @@ -48,6 +42,7 @@ webhook: - windows tolerations: [] nodeSelector: {} + resources: {} # Values to amend tekton-pipelines-remote-resolvers remoteresolver: deployment: @@ -55,14 +50,9 @@ remoteresolver: affinity: {} tolerations: [] nodeSelector: {} - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi + resources: {} events: deployment: - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.0@sha256:340e1edd0783bdb86e396ef53499f068a42da1986a1d806ab652b448869637bd \ No newline at end of file + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.0@sha256:340e1edd0783bdb86e396ef53499f068a42da1986a1d806ab652b448869637bd + resources: {} \ No newline at end of file diff --git a/core.yaml b/core.yaml index 1b5e675408..4c387fc995 100644 --- a/core.yaml +++ b/core.yaml @@ -3,6 +3,7 @@ k8s: namespaces: - name: argocd app: argocd + disableIstioInjection: true - name: cert-manager disableIstioInjection: true - name: cnpg-system @@ -109,6 +110,7 @@ k8s: - name: velero app: velero disablePolicyChecks: true + disableIstioInjection: true - name: otomi-pipelines app: tekton disableIstioInjection: true diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index 7aa8571be8..de98e180df 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -39,6 +39,7 @@ releases: pipeline: otomi-task-teams values: - ../values/tekton-dashboard/tekton-dashboard-teams.gotmpl + - resources: {{- $team.resources.tektonDashboard | toYaml | nindent 10 }} - name: prometheus-{{ $teamId }} installed: {{ or ($team | get "managedMonitoring.grafana" false) ($team | get "managedMonitoring.alertmanager" false) }} namespace: team-{{ $teamId }} diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index cf5722f256..d931722396 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -470,6 +470,13 @@ environments: egressGateway: enabled: false resources: + operator: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 20m + memory: 128Mi proxy: requests: cpu: 5m @@ -505,31 +512,10 @@ environments: operator: limits: cpu: 500m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - agent: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 10m - memory: 32Mi - collector: - limits: - cpu: 100m - memory: 128Mi + memory: 1Gi requests: - cpu: 10m - memory: 32Mi - ingester: - limits: cpu: 100m memory: 128Mi - requests: - cpu: 10m - memory: 32Mi jaeger: limits: cpu: "1" @@ -650,6 +636,20 @@ environments: limits: cpu: "1" memory: 1Gi + pipelinesEvents: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: "1" + memory: 1Gi + pipelinesWebhook: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: "1" + memory: 1Gi triggersInterceptors: limits: cpu: 500m @@ -907,6 +907,21 @@ environments: _rawValues: {} prometheus-blackbox-exporter: _rawValues: {} + resources: + blackboxExporter: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: 250m + memory: 300Mi + sentinel: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 200m + memory: 128Mi prometheus: enabled: false disabledRules: @@ -951,15 +966,15 @@ environments: memory: 256Mi thanosSidecar: requests: - cpu: 50m + cpu: 10m memory: 64Mi limits: cpu: "1" - memory: 256Mi + memory: 512Mi prometheusConfigReloader: requests: cpu: 10m - memory: 32Mi + memory: 24Mi limits: cpu: 100m memory: 128Mi diff --git a/tests/fixtures/env/teams.yaml b/tests/fixtures/env/teams.yaml index 01a83f7bf6..3c9c45dbc9 100644 --- a/tests/fixtures/env/teams.yaml +++ b/tests/fixtures/env/teams.yaml @@ -63,6 +63,42 @@ teamConfig: requests: cpu: 10m memory: 128Mi + buildpacksTask: + limits: + cpu: '10' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + gitcloneTask: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + grypeTask: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + kanikoTask: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + tektonDashboard: + limits: + cpu: 101m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + dev: id: dev managedMonitoring: @@ -96,3 +132,38 @@ teamConfig: requests: cpu: 10m memory: 128Mi + buildpacksTask: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + gitcloneTask: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + grypeTask: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + kanikoTask: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi + tektonDashboard: + limits: + cpu: 1000m + memory: 188Mi + requests: + cpu: 10m + memory: 64Mi diff --git a/values-schema.yaml b/values-schema.yaml index a1c67dcda3..03e79a7035 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -1184,6 +1184,141 @@ definitions: required: - cpu - memory + buildpacksTask: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 200m + memory: + $ref: '#/definitions/memoryQuantity' + default: 128Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: '2' + memory: + $ref: '#/definitions/memoryQuantity' + default: 2Gi + required: + - cpu + - memory + gitcloneTask: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 200m + memory: + $ref: '#/definitions/memoryQuantity' + default: 128Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: '2' + memory: + $ref: '#/definitions/memoryQuantity' + default: 2Gi + required: + - cpu + - memory + grypeTask: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 200m + memory: + $ref: '#/definitions/memoryQuantity' + default: 128Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: '2' + memory: + $ref: '#/definitions/memoryQuantity' + default: 2Gi + required: + - cpu + - memory + kanikoTask: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 200m + memory: + $ref: '#/definitions/memoryQuantity' + default: 128Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: '2' + memory: + $ref: '#/definitions/memoryQuantity' + default: 2Gi + required: + - cpu + - memory + tektonDashboard: + additionalProperties: false + properties: + requests: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: 10m + memory: + $ref: '#/definitions/memoryQuantity' + default: 64Mi + required: + - cpu + - memory + limits: + additionalProperties: false + properties: + cpu: + $ref: '#/definitions/cpuQuantity' + default: '100m' + memory: + $ref: '#/definitions/memoryQuantity' + default: 128Mi + required: + - cpu + - memory grafanaSidecar: additionalProperties: false properties: @@ -2007,6 +2142,8 @@ properties: $ref: '#/definitions/resources' proxy: $ref: '#/definitions/resources' + operator: + $ref: '#/definitions/resources' jaeger: additionalProperties: false properties: @@ -2016,12 +2153,6 @@ properties: resources: operator: $ref: '#/definitions/resources' - agent: - $ref: '#/definitions/resources' - collector: - $ref: '#/definitions/resources' - ingester: - $ref: '#/definitions/resources' jaeger: $ref: '#/definitions/resources' _rawValues: @@ -2201,6 +2332,10 @@ properties: $ref: '#/definitions/resources' pipelinesRemoteresolver: $ref: '#/definitions/resources' + pipelinesEvents: + $ref: '#/definitions/resources' + pipelinesWebhook: + $ref: '#/definitions/resources' triggersInterceptors: $ref: '#/definitions/resources' triggersController: diff --git a/values/istio-operator/istio-operator.gotmpl b/values/istio-operator/istio-operator.gotmpl index 9abfec6278..9394893298 100644 --- a/values/istio-operator/istio-operator.gotmpl +++ b/values/istio-operator/istio-operator.gotmpl @@ -5,6 +5,9 @@ hub: istio operatorNamespace: istio-operator +operator: + resources: {{- $i.resources.operator | toYaml | nindent 6 }} + {{- with .Values.otomi | get "globalPullSecret" nil }} imagePullSecrets: - otomi-pullsecret-global diff --git a/values/jaeger-operator/jaeger-operator.gotmpl b/values/jaeger-operator/jaeger-operator.gotmpl index a4612777a9..7348a3f80d 100644 --- a/values/jaeger-operator/jaeger-operator.gotmpl +++ b/values/jaeger-operator/jaeger-operator.gotmpl @@ -10,26 +10,8 @@ jaeger: options: query: base-path: /jaeger - agent: - resources: {{- $j.resources.agent | toYaml | nindent 8 }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - sidecarSecurityContext: - runAsNonRoot: true - runAsUser: 1000 annotations: sidecar.istio.io/inject: "true" - collector: - resources: {{- $j.resources.collector | toYaml | nindent 8 }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - ingester: - resources: {{- $j.resources.ingester | toYaml | nindent 8 }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 ingress: enabled: false resources: {{- $j.resources.jaeger | toYaml | nindent 6 }} diff --git a/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl b/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl index c5ef5ed8ee..f42b52cb48 100644 --- a/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl +++ b/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl @@ -7,22 +7,10 @@ persistence: size: 1Gi usePassword: false -resources: - requests: - cpu: 50m - memory: 50Mi - limits: - cpu: 250m - memory: 300Mi +resources: {{- $pbe.resources.blackboxExporter| toYaml | nindent 4 }} sentinel: - resources: - requests: - cpu: 100m - memory: 32Mi - limits: - cpu: 200m - memory: 128Mi + resources: {{- $pbe.resources.sentinel | toYaml | nindent 6 }} config: modules: diff --git a/values/prometheus-operator/prometheus-operator-team.gotmpl b/values/prometheus-operator/prometheus-operator-team.gotmpl index 518c1ec025..0a64a6ad92 100644 --- a/values/prometheus-operator/prometheus-operator-team.gotmpl +++ b/values/prometheus-operator/prometheus-operator-team.gotmpl @@ -63,3 +63,9 @@ grafana: alertmanager: serviceMonitor: selfMonitor: false + +prometheus: + thanosService: + enabled: false + thanosServiceMonitor: + enabled: false \ No newline at end of file diff --git a/values/tekton-dashboard/tekton-dashboard-teams.gotmpl b/values/tekton-dashboard/tekton-dashboard-teams.gotmpl index 5b58683648..6573c6f674 100644 --- a/values/tekton-dashboard/tekton-dashboard-teams.gotmpl +++ b/values/tekton-dashboard/tekton-dashboard-teams.gotmpl @@ -2,8 +2,6 @@ {{- $v := .Values }} {{- $t := $v.apps.tekton }} -resources: {{- $t.resources.dashboard | toYaml | nindent 2 }} - teamId: {{ $teamId }} args: diff --git a/values/tekton-pipelines/tekton-pipelines.gotmpl b/values/tekton-pipelines/tekton-pipelines.gotmpl index 911e033d4b..e1dd749abc 100644 --- a/values/tekton-pipelines/tekton-pipelines.gotmpl +++ b/values/tekton-pipelines/tekton-pipelines.gotmpl @@ -5,4 +5,10 @@ controller: resources: {{- $t.resources.pipelinesController | toYaml | nindent 4 }} remoteresolver: - resources: {{- $t.resources.pipelinesRemoteresolver | toYaml | nindent 4 }} \ No newline at end of file + resources: {{- $t.resources.pipelinesRemoteresolver | toYaml | nindent 4 }} + +events: + resources: {{- $t.resources.pipelinesEvents | toYaml | nindent 4 }} + +webhook: + resources: {{- $t.resources.pipelinesWebhook | toYaml | nindent 4 }} \ No newline at end of file From 87b6b7a5e228f3cfc5db1ed7794d170c58866620 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Sat, 5 Oct 2024 14:26:50 +0200 Subject: [PATCH 03/16] fix: nginx hpa --- helmfile.d/snippets/defaults.yaml | 4 +++- values/ingress-nginx/ingress-nginx.gotmpl | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index d931722396..1555248bd7 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -421,6 +421,8 @@ environments: enabled: true minReplicas: 2 maxReplicas: 10 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 modsecurity: enabled: false block: false @@ -434,7 +436,7 @@ environments: controller: requests: cpu: 100m - memory: 256Mi + memory: 384Mi limits: cpu: "2" memory: 2Gi diff --git a/values/ingress-nginx/ingress-nginx.gotmpl b/values/ingress-nginx/ingress-nginx.gotmpl index 07be08ea5a..7d5f2f69c6 100644 --- a/values/ingress-nginx/ingress-nginx.gotmpl +++ b/values/ingress-nginx/ingress-nginx.gotmpl @@ -43,8 +43,8 @@ controller: enabled: {{ $n.autoscaling.enabled }} minReplicas: {{ $n.autoscaling.minReplicas }} maxReplicas: {{ $n.autoscaling.maxReplicas }} - targetCPUUtilizationPercentage: 60 - targetMemoryUtilizationPercentage: 75 + targetCPUUtilizationPercentage: {{ $n.autoscaling.targetCPUUtilizationPercentage }} + targetMemoryUtilizationPercentage: {{ $n.autoscaling.targetMemoryUtilizationPercentage }} priorityClassName: otomi-critical extraArgs: v: 3 From a37bfae33d89d60a5f182ccea42932582b01ca06 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Sun, 6 Oct 2024 13:45:02 +0200 Subject: [PATCH 04/16] fix: otel scaling --- helmfile.d/snippets/defaults.yaml | 21 +++++++----- .../env/apps/ingress-nginx-platform.yaml | 6 ++++ tests/fixtures/env/apps/otel.yaml | 19 +++++++---- values-schema.yaml | 32 ++++++++++++++++++- values/otel-operator/otel-operator-raw.gotmpl | 5 +++ 5 files changed, 67 insertions(+), 16 deletions(-) diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index 1555248bd7..1259f6695d 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -985,6 +985,11 @@ environments: enabled: false collector: mode: deployment + autoscaler: + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 attributes: - k8s.pod.name - k8s.pod.uid @@ -997,24 +1002,24 @@ environments: resources: collector: requests: - cpu: 100m - memory: 128Mi + cpu: 50m + memory: 256Mi limits: cpu: "1" memory: 1Gi manager: requests: cpu: 50m - memory: 32Mi + memory: 64Mi limits: - cpu: 200m + cpu: 500m memory: 512Mi kubeRBACProxy: requests: cpu: 50m - memory: 64Mi + memory: 32Mi limits: - cpu: 500m + cpu: 200m memory: 128Mi _rawValues: {} sealed-secrets: @@ -1206,7 +1211,7 @@ environments: memory: 1Gi requests: cpu: 50m - memory: 128Mi + memory: 512Mi harbor: size: 5Gi replicas: 2 @@ -1229,7 +1234,7 @@ environments: memory: 1Gi requests: cpu: 50m - memory: 128Mi + memory: 256Mi obj: provider: type: disabled diff --git a/tests/fixtures/env/apps/ingress-nginx-platform.yaml b/tests/fixtures/env/apps/ingress-nginx-platform.yaml index 18c71d4119..77c8fe44b3 100644 --- a/tests/fixtures/env/apps/ingress-nginx-platform.yaml +++ b/tests/fixtures/env/apps/ingress-nginx-platform.yaml @@ -19,3 +19,9 @@ apps: requests: cpu: 100m memory: 192Mi + autoscaling: + enabled: true + maxReplicas: 10 + minReplicas: 1 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 diff --git a/tests/fixtures/env/apps/otel.yaml b/tests/fixtures/env/apps/otel.yaml index 2b96e10e87..7182eb1c7e 100644 --- a/tests/fixtures/env/apps/otel.yaml +++ b/tests/fixtures/env/apps/otel.yaml @@ -3,13 +3,18 @@ apps: enabled: true collector: mode: deployment - attributes: - - k8s.pod.name - - k8s.pod.uid - - k8s.deployment.name - - k8s.namespace.name - - k8s.node.name - - k8s.pod.start_time + autoscaler: + minReplicas: 2 + maxReplicas: 6 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + attributes: + - k8s.pod.name + - k8s.pod.uid + - k8s.deployment.name + - k8s.namespace.name + - k8s.node.name + - k8s.pod.start_time operator: replicaCount: 1 resources: diff --git a/values-schema.yaml b/values-schema.yaml index 03e79a7035..47b12a5c83 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -427,7 +427,23 @@ definitions: type: string default: '0.01' autoscaling: - $ref: '#/definitions/autoscalingEnabled' + additionalProperties: false + properties: + enabled: + default: true + type: boolean + maxReplicas: + type: integer + default: 10 + minReplicas: + type: integer + default: 1 + targetCPUUtilizationPercentage: + type: integer + default: 80 + targetMemoryUtilizationPercentage: + type: integer + default: 80 maxBodySize: type: string default: 1024m @@ -2789,6 +2805,20 @@ properties: - deployment - daemonset - statefulset + autoscaler: + properties: + maxReplicas: + type: integer + default: 5 + minReplicas: + type: integer + default: 2 + targetCPUUtilizationPercentage: + type: integer + default: 80 + targetMemoryUtilizationPercentage: + type: integer + default: 80 attributes: type: array title: Kubernetes Attributes diff --git a/values/otel-operator/otel-operator-raw.gotmpl b/values/otel-operator/otel-operator-raw.gotmpl index da7201e1e5..fcadfdae5a 100644 --- a/values/otel-operator/otel-operator-raw.gotmpl +++ b/values/otel-operator/otel-operator-raw.gotmpl @@ -74,6 +74,11 @@ resources: - jaeger {{- end }} mode: {{ $o.collector.mode }} + autoscaler: + minReplicas: {{ $o.collector.autoscaler.minReplicas }} + maxReplicas: {{ $o.collector.autoscaler.maxReplicas }} + targetCPUUtilization: {{ $o.collector.autoscaler.targetCPUUtilizationPercentage }} + targetMemoryUtilization: {{ $o.collector.autoscaler.targetMemoryUtilizationPercentage }} resources: {{- $o.resources.collector | toYaml | nindent 8 }} - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From bec9e01febf0e8c0c002d82e5c2887714f3714c5 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Mon, 7 Oct 2024 13:54:02 +0200 Subject: [PATCH 05/16] fix: values changes --- values-changes.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/values-changes.yaml b/values-changes.yaml index 11d4ddbf82..658e072eac 100644 --- a/values-changes.yaml +++ b/values-changes.yaml @@ -299,6 +299,42 @@ changes: - 'apps.cert-manager.resources': 'apps.cert-manager.resources.certManager' - 'apps.alertmanager.resources': 'apps.alertmanager.resources.alertmanager' - 'apps.istio.global.proxy.resources': 'apps.istio.resources.proxy' + - 'apps.grafana.resources.grafanaTeams': 'teamConfig.{team}.resources.grafana' + - 'apps.grafana.resources.sidecarTeams': 'teamConfig.{team}.resources.grafanaSidecar' + - 'apps.alertmanager.resources.alertmanagerTeams': 'teamConfig.{team}.resources.alertmanager' deletions: - 'teamConfig.{team}.managedMonitoring.prometheus' - 'apps.grafana.resources.downloadDashboards' + additions: + - 'teamConfig.{team}.resources.alertmanager.requests.cpu': 10m + - 'teamConfig.{team}.resources.alertmanager.requests.memory': 64Mi + - 'teamConfig.{team}.resources.alertmanager.limits.cpu': 200m + - 'teamConfig.{team}.resources.alertmanager.limits.memory': 256Mi + - 'teamConfig.{team}.resources.grafana.requests.cpu': 10m + - 'teamConfig.{team}.resources.grafana.requests.memory': 128Mi + - 'teamConfig.{team}.resources.grafana.limits.cpu': '1' + - 'teamConfig.{team}.resources.grafana.limits.memory': 1Gi + - 'teamConfig.{team}.resources.buildpacksTask.requests.cpu': 200m + - 'teamConfig.{team}.resources.buildpacksTask.requests.memory': 128Mi + - 'teamConfig.{team}.resources.buildpacksTask.limits.cpu': '2' + - 'teamConfig.{team}.resources.buildpacksTask.limits.memory': 2Gi + - 'teamConfig.{team}.resources.gitcloneTask.requests.cpu': 200m + - 'teamConfig.{team}.resources.gitcloneTask.requests.memory': 128Mi + - 'teamConfig.{team}.resources.gitcloneTask.limits.cpu': '2' + - 'teamConfig.{team}.resources.gitcloneTask.limits.memory': 2Gi + - 'teamConfig.{team}.resources.grypeTask.requests.cpu': 200m + - 'teamConfig.{team}.resources.grypeTask.requests.memory': 128Mi + - 'teamConfig.{team}.resources.grypeTask.limits.cpu': '2' + - 'teamConfig.{team}.resources.grypeTask.limits.memory': 2Gi + - 'teamConfig.{team}.resources.kanikoTask.requests.cpu': 200m + - 'teamConfig.{team}.resources.kanikoTask.requests.memory': 128Mi + - 'teamConfig.{team}.resources.kanikoTask.limits.cpu': '2' + - 'teamConfig.{team}.resources.kanikoTask.limits.memory': 2Gi + - 'teamConfig.{team}.resources.tektonDashboard.requests.cpu': 10m + - 'teamConfig.{team}.resources.tektonDashboard.requests.memory': 64Mi + - 'teamConfig.{team}.resources.tektonDashboard.limits.cpu': 100m + - 'teamConfig.{team}.resources.tektonDashboard.limits.memory': 128Mi + - 'teamConfig.{team}.resources.grafanaSidecar.requests.cpu': 10m + - 'teamConfig.{team}.resources.grafanaSidecar.requests.memory': 128Mi + - 'teamConfig.{team}.resources.grafanaSidecar.limits.cpu': 200m + - 'teamConfig.{team}.resources.grafanaSidecar.limits.memory': 256Mi From f552b5a47b2120390010062ef072cf640b2f16f1 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Mon, 7 Oct 2024 14:15:58 +0200 Subject: [PATCH 06/16] fix: values changes 2 --- .../env/apps/prometheus-blackbox-exporter.yaml | 18 ++++++++++++++++++ values-changes.yaml | 8 ++++++++ .../prometheus-blackbox-exporter.gotmpl | 2 +- 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 tests/fixtures/env/apps/prometheus-blackbox-exporter.yaml diff --git a/tests/fixtures/env/apps/prometheus-blackbox-exporter.yaml b/tests/fixtures/env/apps/prometheus-blackbox-exporter.yaml new file mode 100644 index 0000000000..ba381353d7 --- /dev/null +++ b/tests/fixtures/env/apps/prometheus-blackbox-exporter.yaml @@ -0,0 +1,18 @@ +apps: + prometheus-blackbox-exporter: + _rawValues: {} + resources: + blackboxExporter: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: 250m + memory: 300Mi + sentinel: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 200m + memory: 128Mi diff --git a/values-changes.yaml b/values-changes.yaml index 658e072eac..9696b6e6c3 100644 --- a/values-changes.yaml +++ b/values-changes.yaml @@ -338,3 +338,11 @@ changes: - 'teamConfig.{team}.resources.grafanaSidecar.requests.memory': 128Mi - 'teamConfig.{team}.resources.grafanaSidecar.limits.cpu': 200m - 'teamConfig.{team}.resources.grafanaSidecar.limits.memory': 256Mi + - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.requests.cpu': 50m + - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.requests.memory': 56Mi + - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.limits.cpu': 250m + - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.limits.memory': 256Mi + - 'apps.prometheus-blackbox-exporter.resources.sentinel.requests.cpu': 50m + - 'apps.prometheus-blackbox-exporter.resources.sentinel.requests.memory': 32Mi + - 'apps.prometheus-blackbox-exporter.resources.sentinel.limits.cpu': 200m + - 'apps.prometheus-blackbox-exporter.resources.sentinel.limits.memory': 128Mi diff --git a/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl b/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl index f42b52cb48..7e4d500d6a 100644 --- a/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl +++ b/values/prometheus-blackbox-exporter/prometheus-blackbox-exporter.gotmpl @@ -7,7 +7,7 @@ persistence: size: 1Gi usePassword: false -resources: {{- $pbe.resources.blackboxExporter| toYaml | nindent 4 }} +resources: {{- $pbe.resources.blackboxExporter | toYaml | nindent 4 }} sentinel: resources: {{- $pbe.resources.sentinel | toYaml | nindent 6 }} From 9481ff3ba50ebc3dbe500124be10150febd93094 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Mon, 7 Oct 2024 16:27:47 +0200 Subject: [PATCH 07/16] fix: values changes 3 --- helmfile.d/snippets/defaults.yaml | 36 +++++++++++++++---------------- values-changes.yaml | 12 ++--------- 2 files changed, 20 insertions(+), 28 deletions(-) diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index 1259f6695d..a39869ea0a 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -875,7 +875,7 @@ environments: memory: 128Mi limits: cpu: "1" - memory: 512Mi + memory: 1Gi _rawValues: {} apl-gitea-operator: resources: @@ -885,7 +885,7 @@ environments: memory: 128Mi limits: cpu: "1" - memory: 512Mi + memory: 1Gi _rawValues: {} apl-keycloak-operator: resources: @@ -895,7 +895,7 @@ environments: memory: 128Mi limits: cpu: "1" - memory: 512Mi + memory: 1Gi _rawValues: {} promtail: enabled: false @@ -909,21 +909,21 @@ environments: _rawValues: {} prometheus-blackbox-exporter: _rawValues: {} - resources: - blackboxExporter: - requests: - cpu: 50m - memory: 50Mi - limits: - cpu: 250m - memory: 300Mi - sentinel: - requests: - cpu: 100m - memory: 32Mi - limits: - cpu: 200m - memory: 128Mi + resources: + blackboxExporter: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: 250m + memory: 300Mi + sentinel: + requests: + cpu: 100m + memory: 32Mi + limits: + cpu: 200m + memory: 128Mi prometheus: enabled: false disabledRules: diff --git a/values-changes.yaml b/values-changes.yaml index 9696b6e6c3..787406d684 100644 --- a/values-changes.yaml +++ b/values-changes.yaml @@ -299,12 +299,12 @@ changes: - 'apps.cert-manager.resources': 'apps.cert-manager.resources.certManager' - 'apps.alertmanager.resources': 'apps.alertmanager.resources.alertmanager' - 'apps.istio.global.proxy.resources': 'apps.istio.resources.proxy' - - 'apps.grafana.resources.grafanaTeams': 'teamConfig.{team}.resources.grafana' - - 'apps.grafana.resources.sidecarTeams': 'teamConfig.{team}.resources.grafanaSidecar' - 'apps.alertmanager.resources.alertmanagerTeams': 'teamConfig.{team}.resources.alertmanager' deletions: - 'teamConfig.{team}.managedMonitoring.prometheus' - 'apps.grafana.resources.downloadDashboards' + - 'apps.grafana.resources.grafanaTeams' + - 'apps.grafana.resources.sidecarTeams' additions: - 'teamConfig.{team}.resources.alertmanager.requests.cpu': 10m - 'teamConfig.{team}.resources.alertmanager.requests.memory': 64Mi @@ -338,11 +338,3 @@ changes: - 'teamConfig.{team}.resources.grafanaSidecar.requests.memory': 128Mi - 'teamConfig.{team}.resources.grafanaSidecar.limits.cpu': 200m - 'teamConfig.{team}.resources.grafanaSidecar.limits.memory': 256Mi - - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.requests.cpu': 50m - - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.requests.memory': 56Mi - - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.limits.cpu': 250m - - 'apps.prometheus-blackbox-exporter.resources.blackboxExporter.limits.memory': 256Mi - - 'apps.prometheus-blackbox-exporter.resources.sentinel.requests.cpu': 50m - - 'apps.prometheus-blackbox-exporter.resources.sentinel.requests.memory': 32Mi - - 'apps.prometheus-blackbox-exporter.resources.sentinel.limits.cpu': 200m - - 'apps.prometheus-blackbox-exporter.resources.sentinel.limits.memory': 128Mi From ad7b8513cc4f9de485e097622e1e2d5ed5b752c8 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Tue, 8 Oct 2024 11:01:24 +0200 Subject: [PATCH 08/16] fix: tempo in 2 rep --- helmfile.d/snippets/defaults.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index a39869ea0a..0813f66c00 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -115,7 +115,7 @@ environments: memory: 64Mi limits: cpu: 100m - memory: 256Mi + memory: 256Mi _rawValues: {} cnpg: resources: @@ -141,7 +141,7 @@ environments: memory: 128Mi requests: memory: 64Mi - cpu: 10m + cpu: 10m falco: enabled: false driver: ebpf @@ -725,7 +725,7 @@ environments: memory: 32Mi requests: cpu: 50m - memory: 16Mi + memory: 16Mi persistence: ingester: size: 20Gi @@ -1090,7 +1090,7 @@ environments: autoscaling: ingester: enabled: false - minReplicas: 1 + minReplicas: 2 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 From 3b145caf805c36435dec54fc772039022aaa4f96 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Tue, 8 Oct 2024 16:24:54 +0200 Subject: [PATCH 09/16] fix: res def --- helmfile.d/snippets/defaults.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index 0813f66c00..d2eab31f72 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -503,7 +503,7 @@ environments: pilot: requests: cpu: 100m - memory: 128Mi + memory: 192Mi limits: cpu: "2" memory: 2Gi @@ -634,21 +634,21 @@ environments: pipelinesRemoteresolver: requests: cpu: 100m - memory: 100Mi + memory: 128Mi limits: cpu: "1" memory: 1Gi pipelinesEvents: requests: cpu: 100m - memory: 100Mi + memory: 128Mi limits: cpu: "1" memory: 1Gi pipelinesWebhook: requests: cpu: 100m - memory: 100Mi + memory: 144Mi limits: cpu: "1" memory: 1Gi @@ -701,7 +701,7 @@ environments: querier: requests: cpu: 50m - memory: 64Mi + memory: 144Mi limits: cpu: 200m memory: 256Mi @@ -947,8 +947,8 @@ environments: memory: 128Mi prometheus: requests: - cpu: 50m - memory: 1Gi + cpu: 100m + memory: 2Gi limits: cpu: '3' memory: 3Gi @@ -1175,7 +1175,7 @@ environments: operator: requests: cpu: 10m - memory: 256Mi + memory: 512Mi limits: cpu: "1" memory: 1Gi From 80cc7fbca2b3d12cfcd98b9750cab822775af1ac Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Thu, 10 Oct 2024 10:01:11 +0200 Subject: [PATCH 10/16] fix: restore hardcoded team resources --- .../templates/tekton-tasks/buildpacks.yaml | 12 +- .../templates/tekton-tasks/git-clone.yaml | 12 +- .../team-ns/templates/tekton-tasks/grype.yaml | 10 +- .../templates/tekton-tasks/kaniko.yaml | 12 +- helmfile.d/helmfile-60.teams.yaml | 3 - helmfile.d/snippets/defaults.yaml | 8 +- tests/fixtures/env/teams.yaml | 58 ----- values-schema.yaml | 218 ------------------ .../prometheus-operator-team.gotmpl | 23 ++ .../tekton-dashboard-teams.gotmpl | 2 + 10 files changed, 60 insertions(+), 298 deletions(-) diff --git a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml index 9e89a5b432..96a8a7c4e8 100644 --- a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml +++ b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml @@ -1,5 +1,4 @@ {{- $v := .Values }} -{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -87,7 +86,13 @@ spec: env: - name: CNB_PLATFORM_API value: "0.9" - computeResources: {{- $v.resources.buildpacksTask | toYaml | nindent 6 }} + computeResources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi steps: - name: prepare computeResources: {} @@ -197,5 +202,4 @@ spec: - name: empty-dir emptyDir: {} - name: layers-dir - emptyDir: {} -{{- end }} \ No newline at end of file + emptyDir: {} \ No newline at end of file diff --git a/charts/team-ns/templates/tekton-tasks/git-clone.yaml b/charts/team-ns/templates/tekton-tasks/git-clone.yaml index dbef667321..2d209c505f 100644 --- a/charts/team-ns/templates/tekton-tasks/git-clone.yaml +++ b/charts/team-ns/templates/tekton-tasks/git-clone.yaml @@ -1,5 +1,4 @@ {{- $v := .Values }} -{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -14,7 +13,13 @@ metadata: tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" spec: stepTemplate: - computeResources: {{- $v.resources.gitcloneTask | toYaml | nindent 6 }} + computeResources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi description: >- These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. @@ -255,5 +260,4 @@ spec: RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)" printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)" printf "%s" "${RESULT_SHA}" > "$(results.commit.path)" - printf "%s" "${PARAM_URL}" > "$(results.url.path)" -{{- end }} \ No newline at end of file + printf "%s" "${PARAM_URL}" > "$(results.url.path)" \ No newline at end of file diff --git a/charts/team-ns/templates/tekton-tasks/grype.yaml b/charts/team-ns/templates/tekton-tasks/grype.yaml index 7af77b7219..4e10f5d163 100644 --- a/charts/team-ns/templates/tekton-tasks/grype.yaml +++ b/charts/team-ns/templates/tekton-tasks/grype.yaml @@ -1,5 +1,4 @@ {{- $v := .Values }} -{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -14,7 +13,13 @@ metadata: tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/390x" spec: stepTemplate: - computeResources: {{- $v.resources.grypeTask | toYaml | nindent 6 }} + computeResources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi description: >- A vulnerability scanner for container images and filesystems. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems. @@ -43,4 +48,3 @@ spec: - "ALL" seccompProfile: type: RuntimeDefault -{{- end }} diff --git a/charts/team-ns/templates/tekton-tasks/kaniko.yaml b/charts/team-ns/templates/tekton-tasks/kaniko.yaml index 325b9e040d..fa4903f462 100644 --- a/charts/team-ns/templates/tekton-tasks/kaniko.yaml +++ b/charts/team-ns/templates/tekton-tasks/kaniko.yaml @@ -1,5 +1,4 @@ {{- $v := .Values }} -{{- range $v.resources }} apiVersion: tekton.dev/v1 kind: Task metadata: @@ -14,7 +13,13 @@ metadata: tekton.dev/platforms: "linux/amd64,linux/arm64,linux/ppc64le" spec: stepTemplate: - computeResources: {{- $v.resources.kanikoTask | toYaml | nindent 6 }} + computeResources: + limits: + cpu: "2" + memory: 2Gi + requests: + cpu: 500m + memory: 512Mi description: >- This Task builds a simple Dockerfile with kaniko and pushes to a registry. This Task stores the image name and digest as results, allowing Tekton Chains to pick up @@ -75,5 +80,4 @@ spec: script: | set -e image="$(params.IMAGE)" - echo -n "${image}" | tee "$(results.IMAGE_URL.path)" -{{- end }} \ No newline at end of file + echo -n "${image}" | tee "$(results.IMAGE_URL.path)" \ No newline at end of file diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index de98e180df..9ce35599d4 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -39,7 +39,6 @@ releases: pipeline: otomi-task-teams values: - ../values/tekton-dashboard/tekton-dashboard-teams.gotmpl - - resources: {{- $team.resources.tektonDashboard | toYaml | nindent 10 }} - name: prometheus-{{ $teamId }} installed: {{ or ($team | get "managedMonitoring.grafana" false) ($team | get "managedMonitoring.alertmanager" false) }} namespace: team-{{ $teamId }} @@ -58,7 +57,6 @@ releases: namespaceOverride: null alertmanagerSpec: externalUrl: "https://alertmanager-{{ $teamId }}.{{ $domain }}" - resources: {{- $team.resources.alertmanager | toYaml | nindent 14 }} podMetadata: annotations: sidecar.istio.io/inject: "true" @@ -79,7 +77,6 @@ releases: namespaceOverride: null # team-{{ $teamId }} nameOverride: {{ $teamId }}-po-grafana fullnameOverride: {{ $teamId }}-po-grafana - resources: {{- $team.resources.grafana | toYaml | nindent 12 }} grafana.ini: "auth.generic_oauth": role_attribute_path: contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'team-admin') && 'Admin' || contains(groups[*], 'team-{{ $teamId }}') && 'Editor'{{ if not ($team | get "managedMonitoring.private" false) }} || 'Viewer'{{- end }} diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index d2eab31f72..e02e272f66 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -18,9 +18,9 @@ environments: _rawValues: {} argocd: applicationSet: - replicas: 2 + replicas: 1 controller: - replicas: 2 + replicas: 1 autoscaling: repoServer: enabled: true @@ -1222,7 +1222,7 @@ environments: memory: 1Gi requests: cpu: 50m - memory: 128Mi + memory: 256Mi gitea: useOtomiDB: true imported: false @@ -1234,7 +1234,7 @@ environments: memory: 1Gi requests: cpu: 50m - memory: 256Mi + memory: 512Mi obj: provider: type: disabled diff --git a/tests/fixtures/env/teams.yaml b/tests/fixtures/env/teams.yaml index 3c9c45dbc9..cdab7c46f9 100644 --- a/tests/fixtures/env/teams.yaml +++ b/tests/fixtures/env/teams.yaml @@ -41,64 +41,6 @@ teamConfig: - alerts policies: - edit policies - resources: - alertmanager: - requests: - cpu: 100m - memory: 64Mi - limits: - cpu: 200m - memory: 256Mi - grafana: - requests: - cpu: 10m - memory: 128Mi - limits: - cpu: '1' - memory: 1Gi - grafanaSidecar: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 128Mi - buildpacksTask: - limits: - cpu: '10' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - gitcloneTask: - limits: - cpu: '2' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - grypeTask: - limits: - cpu: '2' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - kanikoTask: - limits: - cpu: '2' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - tektonDashboard: - limits: - cpu: 101m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - dev: id: dev managedMonitoring: diff --git a/values-schema.yaml b/values-schema.yaml index 47b12a5c83..fee3b20678 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -1144,224 +1144,6 @@ definitions: private: type: boolean default: false - resources: - properties: - alertmanager: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 10m - memory: - $ref: '#/definitions/memoryQuantity' - default: 64Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 200m - memory: - $ref: '#/definitions/memoryQuantity' - default: 256Mi - required: - - cpu - - memory - grafana: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 10m - memory: - $ref: '#/definitions/memoryQuantity' - default: 128Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: '1' - memory: - $ref: '#/definitions/memoryQuantity' - default: 1Gi - required: - - cpu - - memory - buildpacksTask: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 200m - memory: - $ref: '#/definitions/memoryQuantity' - default: 128Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: '2' - memory: - $ref: '#/definitions/memoryQuantity' - default: 2Gi - required: - - cpu - - memory - gitcloneTask: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 200m - memory: - $ref: '#/definitions/memoryQuantity' - default: 128Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: '2' - memory: - $ref: '#/definitions/memoryQuantity' - default: 2Gi - required: - - cpu - - memory - grypeTask: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 200m - memory: - $ref: '#/definitions/memoryQuantity' - default: 128Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: '2' - memory: - $ref: '#/definitions/memoryQuantity' - default: 2Gi - required: - - cpu - - memory - kanikoTask: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 200m - memory: - $ref: '#/definitions/memoryQuantity' - default: 128Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: '2' - memory: - $ref: '#/definitions/memoryQuantity' - default: 2Gi - required: - - cpu - - memory - tektonDashboard: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 10m - memory: - $ref: '#/definitions/memoryQuantity' - default: 64Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: '100m' - memory: - $ref: '#/definitions/memoryQuantity' - default: 128Mi - required: - - cpu - - memory - grafanaSidecar: - additionalProperties: false - properties: - requests: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 10m - memory: - $ref: '#/definitions/memoryQuantity' - default: 128Mi - required: - - cpu - - memory - limits: - additionalProperties: false - properties: - cpu: - $ref: '#/definitions/cpuQuantity' - default: 200m - memory: - $ref: '#/definitions/memoryQuantity' - default: 256Mi - required: - - cpu - - memory networkPolicy: ingressPrivate: title: Enable filtering of ingress traffic inside the cluster diff --git a/values/prometheus-operator/prometheus-operator-team.gotmpl b/values/prometheus-operator/prometheus-operator-team.gotmpl index 0a64a6ad92..a45ee96967 100644 --- a/values/prometheus-operator/prometheus-operator-team.gotmpl +++ b/values/prometheus-operator/prometheus-operator-team.gotmpl @@ -59,10 +59,33 @@ grafana: enabled: false defaultDashboardsEnabled: false plugins: [] + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + cpu: "1" + memory: 1Gi + sidecar: + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi alertmanager: serviceMonitor: selfMonitor: false + alertmanagerSpec: + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 200m + memory: 256Mi prometheus: thanosService: diff --git a/values/tekton-dashboard/tekton-dashboard-teams.gotmpl b/values/tekton-dashboard/tekton-dashboard-teams.gotmpl index 6573c6f674..5b58683648 100644 --- a/values/tekton-dashboard/tekton-dashboard-teams.gotmpl +++ b/values/tekton-dashboard/tekton-dashboard-teams.gotmpl @@ -2,6 +2,8 @@ {{- $v := .Values }} {{- $t := $v.apps.tekton }} +resources: {{- $t.resources.dashboard | toYaml | nindent 2 }} + teamId: {{ $teamId }} args: From a548958a6d12563d68a75deed4d7dddf9e4c0bd7 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Thu, 10 Oct 2024 10:02:39 +0200 Subject: [PATCH 11/16] fix: restore hardcoded team resources --- helmfile.d/helmfile-60.teams.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index 9ce35599d4..f312698002 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -82,8 +82,6 @@ releases: role_attribute_path: contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'team-admin') && 'Admin' || contains(groups[*], 'team-{{ $teamId }}') && 'Editor'{{ if not ($team | get "managedMonitoring.private" false) }} || 'Viewer'{{- end }} server: root_url: https://grafana-{{ $teamId }}.{{ $domain }} - sidecar: - resources: {{- $team.resources.grafanaSidecar | toYaml | nindent 14 }} datasources: defaultDatasourceEnabled: false dashboards: From 70b8b45c75b25655c17747671d1239827eebd6ef Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Thu, 10 Oct 2024 10:08:52 +0200 Subject: [PATCH 12/16] fix: remove values changes --- helmfile.d/snippets/defaults.yaml | 12 +++++------ values-changes.yaml | 34 ------------------------------- 2 files changed, 6 insertions(+), 40 deletions(-) diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index e02e272f66..9f0e64028d 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -20,7 +20,7 @@ environments: applicationSet: replicas: 1 controller: - replicas: 1 + replicas: 2 autoscaling: repoServer: enabled: true @@ -38,21 +38,21 @@ environments: controller: requests: cpu: 200m - memory: 1Gi + memory: 512Mi limits: cpu: "2" memory: 2Gi server: requests: cpu: 100m - memory: 512M + memory: 512Mi limits: cpu: "1" memory: 1Gi repo: requests: cpu: 100m - memory: 640M + memory: 640Mi limits: cpu: "1" memory: 1Gi @@ -66,14 +66,14 @@ environments: applicationSet: requests: cpu: 100m - memory: 256M + memory: 256Mi limits: cpu: "1" memory: 1Gi notifications: requests: cpu: 50m - memory: 160M + memory: 160Mi limits: cpu: "1" memory: 1Gi diff --git a/values-changes.yaml b/values-changes.yaml index 787406d684..3a0c3b3681 100644 --- a/values-changes.yaml +++ b/values-changes.yaml @@ -299,42 +299,8 @@ changes: - 'apps.cert-manager.resources': 'apps.cert-manager.resources.certManager' - 'apps.alertmanager.resources': 'apps.alertmanager.resources.alertmanager' - 'apps.istio.global.proxy.resources': 'apps.istio.resources.proxy' - - 'apps.alertmanager.resources.alertmanagerTeams': 'teamConfig.{team}.resources.alertmanager' deletions: - 'teamConfig.{team}.managedMonitoring.prometheus' - 'apps.grafana.resources.downloadDashboards' - 'apps.grafana.resources.grafanaTeams' - 'apps.grafana.resources.sidecarTeams' - additions: - - 'teamConfig.{team}.resources.alertmanager.requests.cpu': 10m - - 'teamConfig.{team}.resources.alertmanager.requests.memory': 64Mi - - 'teamConfig.{team}.resources.alertmanager.limits.cpu': 200m - - 'teamConfig.{team}.resources.alertmanager.limits.memory': 256Mi - - 'teamConfig.{team}.resources.grafana.requests.cpu': 10m - - 'teamConfig.{team}.resources.grafana.requests.memory': 128Mi - - 'teamConfig.{team}.resources.grafana.limits.cpu': '1' - - 'teamConfig.{team}.resources.grafana.limits.memory': 1Gi - - 'teamConfig.{team}.resources.buildpacksTask.requests.cpu': 200m - - 'teamConfig.{team}.resources.buildpacksTask.requests.memory': 128Mi - - 'teamConfig.{team}.resources.buildpacksTask.limits.cpu': '2' - - 'teamConfig.{team}.resources.buildpacksTask.limits.memory': 2Gi - - 'teamConfig.{team}.resources.gitcloneTask.requests.cpu': 200m - - 'teamConfig.{team}.resources.gitcloneTask.requests.memory': 128Mi - - 'teamConfig.{team}.resources.gitcloneTask.limits.cpu': '2' - - 'teamConfig.{team}.resources.gitcloneTask.limits.memory': 2Gi - - 'teamConfig.{team}.resources.grypeTask.requests.cpu': 200m - - 'teamConfig.{team}.resources.grypeTask.requests.memory': 128Mi - - 'teamConfig.{team}.resources.grypeTask.limits.cpu': '2' - - 'teamConfig.{team}.resources.grypeTask.limits.memory': 2Gi - - 'teamConfig.{team}.resources.kanikoTask.requests.cpu': 200m - - 'teamConfig.{team}.resources.kanikoTask.requests.memory': 128Mi - - 'teamConfig.{team}.resources.kanikoTask.limits.cpu': '2' - - 'teamConfig.{team}.resources.kanikoTask.limits.memory': 2Gi - - 'teamConfig.{team}.resources.tektonDashboard.requests.cpu': 10m - - 'teamConfig.{team}.resources.tektonDashboard.requests.memory': 64Mi - - 'teamConfig.{team}.resources.tektonDashboard.limits.cpu': 100m - - 'teamConfig.{team}.resources.tektonDashboard.limits.memory': 128Mi - - 'teamConfig.{team}.resources.grafanaSidecar.requests.cpu': 10m - - 'teamConfig.{team}.resources.grafanaSidecar.requests.memory': 128Mi - - 'teamConfig.{team}.resources.grafanaSidecar.limits.cpu': 200m - - 'teamConfig.{team}.resources.grafanaSidecar.limits.memory': 256Mi From 309a9716e17019e6e3c535f969e84119d1090e52 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Thu, 10 Oct 2024 10:30:00 +0200 Subject: [PATCH 13/16] fix: fixtures --- tests/fixtures/env/teams.yaml | 57 ----------------------------------- 1 file changed, 57 deletions(-) diff --git a/tests/fixtures/env/teams.yaml b/tests/fixtures/env/teams.yaml index cdab7c46f9..57a0146ee0 100644 --- a/tests/fixtures/env/teams.yaml +++ b/tests/fixtures/env/teams.yaml @@ -52,60 +52,3 @@ teamConfig: - downloadCertificateAuthority policies: - edit policies - resources: - alertmanager: - requests: - cpu: 10m - memory: 64Mi - limits: - cpu: 200m - memory: 256Mi - grafana: - requests: - cpu: 10m - memory: 128Mi - limits: - cpu: '1' - memory: 1Gi - grafanaSidecar: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 128Mi - buildpacksTask: - limits: - cpu: '2' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - gitcloneTask: - limits: - cpu: '2' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - grypeTask: - limits: - cpu: '2' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - kanikoTask: - limits: - cpu: '2' - memory: 2Gi - requests: - cpu: 500m - memory: 512Mi - tektonDashboard: - limits: - cpu: 1000m - memory: 188Mi - requests: - cpu: 10m - memory: 64Mi From abed5d5cceb7a172864934d21cbc8080ec12ab47 Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Thu, 10 Oct 2024 12:59:24 +0200 Subject: [PATCH 14/16] fix: team grafana sidecar --- helmfile.d/helmfile-60.teams.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index 93182979da..8f207f1bf7 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -82,6 +82,7 @@ releases: role_attribute_path: contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'team-admin') && 'Admin' || contains(groups[*], 'team-{{ $teamId }}') && 'Editor'{{ if not ($team | get "managedMonitoring.private" false) }} || 'Viewer'{{- end }} server: root_url: https://grafana-{{ $teamId }}.{{ $domain }} + sidecar: datasources: defaultDatasourceEnabled: false dashboards: From 3b5f4feeebb84eec11b21134e356a48dda39737e Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Thu, 10 Oct 2024 20:41:08 +0200 Subject: [PATCH 15/16] fix: rv cmnts --- .../templates/tekton-tasks/buildpacks.yaml | 1 - .../templates/tekton-tasks/git-clone.yaml | 1 - charts/team-ns/templates/tekton-tasks/grype.yaml | 1 - .../team-ns/templates/tekton-tasks/kaniko.yaml | 1 - charts/tekton-pipelines/values.yaml | 16 ++++++++++++++-- values-changes.yaml | 4 ++++ values/argocd/argocd.gotmpl | 10 ---------- 7 files changed, 18 insertions(+), 16 deletions(-) diff --git a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml index 96a8a7c4e8..b9a80b4f34 100644 --- a/charts/team-ns/templates/tekton-tasks/buildpacks.yaml +++ b/charts/team-ns/templates/tekton-tasks/buildpacks.yaml @@ -1,4 +1,3 @@ -{{- $v := .Values }} apiVersion: tekton.dev/v1 kind: Task metadata: diff --git a/charts/team-ns/templates/tekton-tasks/git-clone.yaml b/charts/team-ns/templates/tekton-tasks/git-clone.yaml index 2d209c505f..9e8f1c5a8f 100644 --- a/charts/team-ns/templates/tekton-tasks/git-clone.yaml +++ b/charts/team-ns/templates/tekton-tasks/git-clone.yaml @@ -1,4 +1,3 @@ -{{- $v := .Values }} apiVersion: tekton.dev/v1 kind: Task metadata: diff --git a/charts/team-ns/templates/tekton-tasks/grype.yaml b/charts/team-ns/templates/tekton-tasks/grype.yaml index 4e10f5d163..2284b5985f 100644 --- a/charts/team-ns/templates/tekton-tasks/grype.yaml +++ b/charts/team-ns/templates/tekton-tasks/grype.yaml @@ -1,4 +1,3 @@ -{{- $v := .Values }} apiVersion: tekton.dev/v1 kind: Task metadata: diff --git a/charts/team-ns/templates/tekton-tasks/kaniko.yaml b/charts/team-ns/templates/tekton-tasks/kaniko.yaml index fa4903f462..dd9d3cfa68 100644 --- a/charts/team-ns/templates/tekton-tasks/kaniko.yaml +++ b/charts/team-ns/templates/tekton-tasks/kaniko.yaml @@ -1,4 +1,3 @@ -{{- $v := .Values }} apiVersion: tekton.dev/v1 kind: Task metadata: diff --git a/charts/tekton-pipelines/values.yaml b/charts/tekton-pipelines/values.yaml index dd018d4097..399bca5a1d 100644 --- a/charts/tekton-pipelines/values.yaml +++ b/charts/tekton-pipelines/values.yaml @@ -20,7 +20,13 @@ controller: - windows tolerations: [] nodeSelector: {} - resources: {} + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi # Values for tekton-pipelines-webhook webhook: deployment: @@ -50,7 +56,13 @@ remoteresolver: affinity: {} tolerations: [] nodeSelector: {} - resources: {} + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi events: deployment: diff --git a/values-changes.yaml b/values-changes.yaml index 3a0c3b3681..26bc28240c 100644 --- a/values-changes.yaml +++ b/values-changes.yaml @@ -304,3 +304,7 @@ changes: - 'apps.grafana.resources.downloadDashboards' - 'apps.grafana.resources.grafanaTeams' - 'apps.grafana.resources.sidecarTeams' + - 'apps.alertmanger.resources.alertmanagerTeams' + - 'apps.jaeger.ingester' + - 'apps.jaeger.collector' + - 'apps.jaeger.agent' diff --git a/values/argocd/argocd.gotmpl b/values/argocd/argocd.gotmpl index 6b2b6c49c8..f50c74403d 100644 --- a/values/argocd/argocd.gotmpl +++ b/values/argocd/argocd.gotmpl @@ -12,11 +12,6 @@ global: # ApplicationSet Controller applicationSet: replicas: {{ $a.applicationSet.replicas }} - pdb: - enabled: true - labels: - app.kubernetes.io/component: applicationset-controller - minAvailable: 1 resources: {{- $a.resources.applicationSet | toYaml | nindent 4 }} metrics: enabled: true @@ -28,11 +23,6 @@ applicationSet: # Application Controller controller: replicas: {{ $a.controller.replicas }} - pdb: - enabled: true - labels: - app.kubernetes.io/component: application-controller - minAvailable: 1 resources: {{- $a.resources.controller | toYaml | nindent 4 }} metrics: enabled: true From 1911300a4e87fc5eb15a05d943562feac689788d Mon Sep 17 00:00:00 2001 From: Sander Rodenhuis Date: Mon, 14 Oct 2024 13:43:01 +0200 Subject: [PATCH 16/16] fix: tkn pl resources --- .../templates/deployment-tekton-pipelines-remote-resolvers.yaml | 2 +- .../templates/deployment-tekton-pipelines-webhook.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml index 9ba478663d..0fb2593252 100644 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml +++ b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml @@ -64,7 +64,7 @@ spec: containers: - name: controller image: {{ .Values.remoteresolver.deployment.image }} - resources: {{- toYaml .Values.controller.resources | nindent 12 }} + resources: {{- toYaml .Values.remoteresolver.resources | nindent 12 }} ports: - name: metrics containerPort: 9090 diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml index 73ff465386..a7faec3d7d 100644 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml +++ b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml @@ -78,7 +78,7 @@ spec: # and substituted here. image: {{ .Values.webhook.deployment.image }} # Resource request required for autoscaler to take any action for a metric - resources: {{- toYaml .Values.events.resources | nindent 12 }} + resources: {{- toYaml .Values.webhook.resources | nindent 12 }} env: - name: SYSTEM_NAMESPACE valueFrom: