EV-4687 Make compliance components configurable - resource requests/l… #3209

vara2504 · 2024-02-29T00:54:04Z

…imits

reporter calico private changes:
https://github.com/tigera/calico-private/pull/7317

controller:
 
vara@vara:~/bzprofiles/Clusters/tc_std$ k get deployment.apps/compliance-controller -n tigera-compliance -o yaml|grep -A 5 -B 1 resources
        name: compliance-controller
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
vara@vara:~/bzprofiles/Clusters/tc_std$ kubectl patch compliance tigera-secure  --type=merge --patch='{"spec": {"complianceControllerDeployment":{"spec": {"template": {"spec": {"containers":[{"name":"compliance-controller","resources":{"limits":{"cpu":"150m", "memory":"500Mi"},"requests":{"cpu":"20m", "memory":"50Mi"}}}]}}}}}}'
compliance.operator.tigera.io/tigera-secure patched

vara@vara:~/bzprofiles/Clusters/tc_std$ k get deployment.apps/compliance-controller -n tigera-compliance -o yaml|grep -A 7 -B 1 resources
        name: compliance-controller
        resources:
          limits:
            cpu: 150m
            memory: 500Mi
          requests:
            cpu: 20m
            memory: 50Mi
        securityContext:

vara@vara:~/bzprofiles/Clusters/tc_std$ k get compliance -o yaml
apiVersion: v1
items:
- apiVersion: operator.tigera.io/v1
  kind: Compliance
  metadata:
    creationTimestamp: "2024-03-11T18:25:44Z"
    generation: 2
    name: tigera-secure
    resourceVersion: "38173"
    uid: a58f521c-fd37-4910-9643-d465fae245e6
  spec:
    complianceControllerDeployment:
      spec:
        template:
          spec:
            containers:
            - name: compliance-controller
              resources:
                limits:
                  cpu: 150m
                  memory: 500Mi
                requests:
                  cpu: 20m
                  memory: 50Mi

==
snapshot:

vara@vara:~/bzprofiles/Clusters/tc_std$ k get deployment.apps/compliance-snapshotter -n tigera-compliance -o yaml|grep -A 7 -B 1 resources
        name: compliance-snapshotter
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsGroup: 10001
vara@vara:~/bzprofiles/Clusters/tc_std$ kubectl patch compliance tigera-secure  --type=merge --patch='{"spec": {"complianceSnapshotterDeployment":{"spec": {"template": {"spec": {"containers":[{"name":"compliance-snapshotter","resources":{"limits":{"cpu":"150m", "memory":"500Mi"},"requests":{"cpu":"20m", "memory":"50Mi"}}}]}}}}}}'
compliance.operator.tigera.io/tigera-secure patched
vara@vara:~/bzprofiles/Clusters/tc_std$ k get deployment.apps/compliance-snapshotter -n tigera-compliance -o yaml|grep -A 7 -B 1 resources
        name: compliance-snapshotter
        resources:
          limits:
            cpu: 150m
            memory: 500Mi
          requests:
            cpu: 20m
            memory: 50Mi
        securityContext:
vara@vara:~/bzprofiles/Clusters/tc_std$ k get compliance -o yaml
apiVersion: v1
items:
- apiVersion: operator.tigera.io/v1
  kind: Compliance
  metadata:
    creationTimestamp: "2024-03-11T18:25:44Z"
    generation: 3
    name: tigera-secure
    resourceVersion: "39904"
    uid: a58f521c-fd37-4910-9643-d465fae245e6
  spec:
    complianceControllerDeployment:
      spec:
        template:
          spec:
            containers:
            - name: compliance-controller
              resources:
                limits:
                  cpu: 150m
                  memory: 500Mi
                requests:
                  cpu: 20m
                  memory: 50Mi
    complianceSnapshotterDeployment:
      spec:
        template:
          spec:
            containers:
            - name: compliance-snapshotter
              resources:
                limits:
                  cpu: 150m
                  memory: 500Mi
                requests:
                  cpu: 20m
                  memory: 50Mi

==============================


server:
 
 vara@vara:~/bzprofiles/Clusters/tc_config$ k get deployment.apps/compliance-server -n tigera-compliance -o yaml|grep -A 5 -B 1 resources
          timeoutSeconds: 5
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
vara@vara:~/bzprofiles/Clusters/tc_config$  kubectl patch compliance tigera-secure  --type=merge --patch='{"spec": {"complianceServerDeployment":{"spec": {"template": {"spec": {"containers":[{"name":"compliance-server","resources":{"limits":{"cpu":"150m", "memory":"500Mi"},"requests":{"cpu":"20m", "memory":"50Mi"}}}]}}}}}}'
compliance.operator.tigera.io/tigera-secure patched
vara@vara:~/bzprofiles/Clusters/tc_config$ k get deployment.apps/compliance-server -n tigera-compliance -o yaml|grep -A 7 -B 1 resources
          timeoutSeconds: 5
        resources:
          limits:
            cpu: 150m
            memory: 500Mi
          requests:
            cpu: 20m
            memory: 50Mi
        securityContext:

 
 ============================
benchmark:

vara@vara:~/bzprofiles/Clusters/tc_std$ k get daemonset.apps/compliance-benchmarker -n tigera-compliance -o yaml|grep -A 5 -B 1 resources
        name: compliance-benchmarker
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
vara@vara:~/bzprofiles/Clusters/tc_std$ kubectl patch compliance tigera-secure  --type=merge --patch='{"spec": {"complianceBenchmarkerDaemonSet":{"spec": {"template": {"spec": {"containers":[{"name":"compliance-benchmarker","resources":{"limits":{"cpu":"150m", "memory":"500Mi"},"requests":{"cpu":"20m", "memory":"50Mi"}}}]}}}}}}'
compliance.operator.tigera.io/tigera-secure patched
vara@vara:~/bzprofiles/Clusters/tc_std$ k get daemonset.apps/compliance-benchmarker -n tigera-compliance -o yaml|grep -A 7 -B 1 resources
        name: compliance-benchmarker
        resources:
          limits:
            cpu: 150m
            memory: 500Mi
          requests:
            cpu: 20m
            memory: 50Mi
        securityContext:
vara@vara:~/bzprofiles/Clusters/tc_std$ k get compliance -o yaml
apiVersion: v1
items:
- apiVersion: operator.tigera.io/v1
  kind: Compliance
  metadata:
    creationTimestamp: "2024-03-11T18:25:44Z"
    generation: 4
    name: tigera-secure
    resourceVersion: "40509"
    uid: a58f521c-fd37-4910-9643-d465fae245e6
  spec:
    complianceBenchmarkerDaemonSet:
      spec:
        template:
          spec:
            containers:
            - name: compliance-benchmarker
              resources:
                limits:
                  cpu: 150m
                  memory: 500Mi
                requests:
                  cpu: 20m
                  memory: 50Mi
    complianceControllerDeployment:
      spec:
        template:
          spec:
            containers:
            - name: compliance-controller
              resources:
                limits:
                  cpu: 150m
                  memory: 500Mi
                requests:
                  cpu: 20m
                  memory: 50Mi
    complianceSnapshotterDeployment:
      spec:
        template:
          spec:
            containers:
            - name: compliance-snapshotter
              resources:
                limits:
                  cpu: 150m
                  memory: 500Mi
                requests:
                  cpu: 20m
                  memory: 50Mi
  status:

Compliance report:

vara@vara:~/bzprofiles/Clusters/tc_std$ k get Podtemplates -n tigera-compliance -o yaml|grep -A 7 -B 1 resources
        name: reporter
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          runAsGroup: 0
vara@vara:~/bzprofiles/Clusters/tc_std$ kubectl patch compliance tigera-secure  --type=merge --patch='{"spec": {"complianceReporterPodTemplate": {"template": {"spec": {"containers":[{"name":"reporter","resources":{"limits":{"cpu":"150m", "memory":"500Mi"},"requests":{"cpu":"20m", "memory":"50Mi"}}}]}}}}}'
compliance.operator.tigera.io/tigera-secure patched

vara@vara:~/bzprofiles/Clusters/tc_std$ k get Podtemplates -n tigera-compliance -o yaml|grep -A 7 -B 1 resources
        name: reporter
        resources:
          limits:
            cpu: 150m
            memory: 500Mi
          requests:
            cpu: 20m
            memory: 50Mi
        securityContext:

Description

For PR author

Tests for change.
If changing pkg/apis/, run make gen-files
If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

Milestone set according to targeted release.
Appropriate labels:
- kind/bug if this is a bugfix.
- kind/enhancement if this is a a new feature.
- enterprise if this PR applies to Calico Enterprise only.

api/v1/compliance_report_types.go

…imits

Add UT for all compliance init containers

rene-dekker

lgtm

marvin-tigera added this to the v1.34.0 milestone Feb 29, 2024

marvin-tigera added docs-pr-required release-note-required labels Feb 29, 2024

vara2504 force-pushed the compliance_resources branch from 02e37ce to d69530b Compare February 29, 2024 22:42

vara2504 marked this pull request as ready for review February 29, 2024 23:07

vara2504 requested a review from a team as a code owner February 29, 2024 23:07

vara2504 force-pushed the compliance_resources branch from e55437c to c547836 Compare March 5, 2024 23:56

rene-dekker reviewed Mar 12, 2024

View reviewed changes

api/v1/compliance_report_types.go Outdated Show resolved Hide resolved

rene-dekker reviewed Mar 12, 2024

View reviewed changes

api/v1/compliance_report_types.go Outdated Show resolved Hide resolved

vara2504 added 3 commits March 12, 2024 12:37

EV-4687 Make compliance components configurable - resource requests/l…

787fdcd

…imits

Make compliance report configurable for resource requests/limits

a353dc0

Add UT for all compliance init containers

Update compliance types name

b1f6ed4

vara2504 force-pushed the compliance_resources branch from 88bcf22 to c385db4 Compare March 12, 2024 19:58

Update compliance reporter file name

6497dc3

vara2504 force-pushed the compliance_resources branch from f8cd508 to 6497dc3 Compare March 14, 2024 18:53

rene-dekker approved these changes Mar 14, 2024

View reviewed changes

rene-dekker merged commit 74ebb56 into tigera:master Mar 14, 2024
5 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

EV-4687 Make compliance components configurable - resource requests/l… #3209

EV-4687 Make compliance components configurable - resource requests/l… #3209

vara2504 commented Feb 29, 2024 •

edited

Loading

rene-dekker left a comment

EV-4687 Make compliance components configurable - resource requests/l… #3209

EV-4687 Make compliance components configurable - resource requests/l… #3209

Conversation

vara2504 commented Feb 29, 2024 • edited Loading

Description

For PR author

For PR reviewers

rene-dekker left a comment

Choose a reason for hiding this comment

vara2504 commented Feb 29, 2024 •

edited

Loading