From 3910d84c5909c04055f7f1a715b60ae9c84f0178 Mon Sep 17 00:00:00 2001 From: Jim Grady Date: Fri, 8 Mar 2024 14:08:36 -0500 Subject: [PATCH] Set Kubernetes resource requests and limits (#3002) --- .../templates/deployment-cert-proxy-server.yaml | 9 +++++++-- .../templates/deployment-nuc-proxy.yaml | 9 +++++++-- .../charts/backend/templates/deployment-backend.yaml | 9 ++++++++- deploy/helm/thecombine/charts/backend/values.yaml | 2 ++ .../thecombine/charts/database/templates/database.yaml | 9 ++++++++- deploy/helm/thecombine/charts/database/values.yaml | 2 ++ .../charts/frontend/templates/deployment-frontend.yaml | 9 ++++++++- deploy/helm/thecombine/charts/frontend/values.yaml | 2 ++ .../maintenance/templates/cronjob-daily-backup.yaml | 7 ++++++- .../maintenance/templates/deployment-maintenance.yaml | 9 ++++++++- deploy/helm/thecombine/charts/maintenance/values.yaml | 2 ++ deploy/helm/thecombine/values.yaml | 2 ++ deploy/scripts/setup_files/profiles/dev.yaml | 1 + deploy/scripts/setup_files/profiles/prod.yaml | 1 + deploy/scripts/setup_files/profiles/staging.yaml | 1 + 15 files changed, 65 insertions(+), 9 deletions(-) diff --git a/deploy/helm/cert-proxy-server/templates/deployment-cert-proxy-server.yaml b/deploy/helm/cert-proxy-server/templates/deployment-cert-proxy-server.yaml index 5707356b52..7c23b4cb71 100644 --- a/deploy/helm/cert-proxy-server/templates/deployment-cert-proxy-server.yaml +++ b/deploy/helm/cert-proxy-server/templates/deployment-cert-proxy-server.yaml @@ -61,9 +61,14 @@ spec: - name: CERT_PROXY_NAMESPACE value: {{ .Release.Namespace }} image: {{ include "cert-proxy-server.containerImage" . }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} + imagePullPolicy: Always name: combine-cert-proxy - resources: {} + resources: + requests: + cpu: 2m + memory: 100M + limits: + memory: 150M restartPolicy: Always {{- if ne .Values.global.pullSecretName "None" }} imagePullSecrets: diff --git a/deploy/helm/cert-proxy-server/templates/deployment-nuc-proxy.yaml b/deploy/helm/cert-proxy-server/templates/deployment-nuc-proxy.yaml index f81aed8e7a..3ac30a1463 100644 --- a/deploy/helm/cert-proxy-server/templates/deployment-nuc-proxy.yaml +++ b/deploy/helm/cert-proxy-server/templates/deployment-nuc-proxy.yaml @@ -45,10 +45,15 @@ spec: key: SERVER_NAME name: {{ .Values.envNginxProxy }} image: nginx:1.21 - imagePullPolicy: IfNotPresent + imagePullPolicy: Always ports: - containerPort: 80 - resources: {} + resources: + requests: + cpu: 1m + memory: 10M + limits: + memory: 50M volumeMounts: - name: nginx-html mountPath: /usr/share/nginx/html diff --git a/deploy/helm/thecombine/charts/backend/templates/deployment-backend.yaml b/deploy/helm/thecombine/charts/backend/templates/deployment-backend.yaml index 1513eaee6b..aec75369c4 100644 --- a/deploy/helm/thecombine/charts/backend/templates/deployment-backend.yaml +++ b/deploy/helm/thecombine/charts/backend/templates/deployment-backend.yaml @@ -79,7 +79,14 @@ spec: name: env-backend-secrets ports: - containerPort: 5000 - resources: {} + resources: + requests: + cpu: 5m + memory: 960Mi +{{- if .Values.global.includeResourceLimits }} + limits: + memory: 4Gi +{{- end }} volumeMounts: - mountPath: /home/app/.CombineFiles name: backend-data diff --git a/deploy/helm/thecombine/charts/backend/values.yaml b/deploy/helm/thecombine/charts/backend/values.yaml index 36d35d23b5..3bc97872dc 100644 --- a/deploy/helm/thecombine/charts/backend/values.yaml +++ b/deploy/helm/thecombine/charts/backend/values.yaml @@ -21,6 +21,8 @@ global: combineJwtSecretKey: "Override" combineSmtpUsername: "Override" combineSmtpPassword: "Override" + # Values for pulling container image from image registry + imagePullPolicy: "Override" imageTag: "latest" # Define the image registry to use (may be blank for local images) imageRegistry: "" diff --git a/deploy/helm/thecombine/charts/database/templates/database.yaml b/deploy/helm/thecombine/charts/database/templates/database.yaml index 836feea552..6e681ca546 100644 --- a/deploy/helm/thecombine/charts/database/templates/database.yaml +++ b/deploy/helm/thecombine/charts/database/templates/database.yaml @@ -48,7 +48,14 @@ spec: name: database ports: - containerPort: 27017 - resources: {} + resources: + requests: + cpu: 25m + memory: 950Mi +{{- if .Values.global.includeResourceLimits }} + limits: + memory: 2Gi +{{- end }} volumeMounts: - mountPath: /data/db name: database-data diff --git a/deploy/helm/thecombine/charts/database/values.yaml b/deploy/helm/thecombine/charts/database/values.yaml index 8076f898c5..ab2740d6ad 100644 --- a/deploy/helm/thecombine/charts/database/values.yaml +++ b/deploy/helm/thecombine/charts/database/values.yaml @@ -6,6 +6,8 @@ global: # Update strategy should be "Recreate" or "Rolling Update" updateStrategy: Recreate pullSecretName: "None" + # Values for pulling container image from image registry + imagePullPolicy: "Override" imageTag: "latest" # Define the image registry to use (may be blank for local images) imageRegistry: "" diff --git a/deploy/helm/thecombine/charts/frontend/templates/deployment-frontend.yaml b/deploy/helm/thecombine/charts/frontend/templates/deployment-frontend.yaml index 4fd7d96181..1f350c41a3 100644 --- a/deploy/helm/thecombine/charts/frontend/templates/deployment-frontend.yaml +++ b/deploy/helm/thecombine/charts/frontend/templates/deployment-frontend.yaml @@ -74,7 +74,14 @@ spec: ports: - containerPort: 80 - containerPort: 443 - resources: {} + resources: + requests: + cpu: 1m + memory: 15M +{{- if .Values.global.includeResourceLimits }} + limits: + memory: 40M +{{- end }} volumeMounts: - mountPath: /usr/share/nginx/fonts name: font-data diff --git a/deploy/helm/thecombine/charts/frontend/values.yaml b/deploy/helm/thecombine/charts/frontend/values.yaml index 345ee3a1f6..145e78a047 100644 --- a/deploy/helm/thecombine/charts/frontend/values.yaml +++ b/deploy/helm/thecombine/charts/frontend/values.yaml @@ -8,6 +8,8 @@ global: pullSecretName: aws-login-credentials # Update strategy should be "Recreate" or "Rolling Update" updateStrategy: Recreate + # Values for pulling container image from image registry + imagePullPolicy: "Override" imageTag: "latest" # Define the image registry to use (may be blank for local images) imageRegistry: "" diff --git a/deploy/helm/thecombine/charts/maintenance/templates/cronjob-daily-backup.yaml b/deploy/helm/thecombine/charts/maintenance/templates/cronjob-daily-backup.yaml index f92315e7cb..e37bd8df77 100644 --- a/deploy/helm/thecombine/charts/maintenance/templates/cronjob-daily-backup.yaml +++ b/deploy/helm/thecombine/charts/maintenance/templates/cronjob-daily-backup.yaml @@ -30,7 +30,12 @@ spec: - deployment/maintenance - -- - combine-backup-job.sh - resources: {} + resources: + requests: + cpu: 200m + memory: 150M + limits: + memory: 150M securityContext: capabilities: {} terminationMessagePath: /dev/termination-log diff --git a/deploy/helm/thecombine/charts/maintenance/templates/deployment-maintenance.yaml b/deploy/helm/thecombine/charts/maintenance/templates/deployment-maintenance.yaml index 3fd5f6d5c6..6ffb0a0d5a 100644 --- a/deploy/helm/thecombine/charts/maintenance/templates/deployment-maintenance.yaml +++ b/deploy/helm/thecombine/charts/maintenance/templates/deployment-maintenance.yaml @@ -103,7 +103,14 @@ spec: configMapKeyRef: key: local_font_url name: env-maintenance - resources: {} + resources: + requests: + cpu: 200m + memory: 1200Mi +{{- if .Values.global.includeResourceLimits }} + limits: + memory: 4Gi +{{- end }} volumeMounts: - mountPath: {{ .Values.fontsDir }} name: font-data diff --git a/deploy/helm/thecombine/charts/maintenance/values.yaml b/deploy/helm/thecombine/charts/maintenance/values.yaml index 83990d1b07..d1424183e6 100644 --- a/deploy/helm/thecombine/charts/maintenance/values.yaml +++ b/deploy/helm/thecombine/charts/maintenance/values.yaml @@ -19,6 +19,8 @@ global: awsSecretAccessKey: "Override" pullSecretName: "None" awsS3Access: aws-s3-credentials + # Values for pulling container image from image registry + imagePullPolicy: "Override" imageTag: "latest" # Define the image registry to use (may be blank for local images) imageRegistry: "" diff --git a/deploy/helm/thecombine/values.yaml b/deploy/helm/thecombine/values.yaml index 6f93b72f24..49a47078a1 100644 --- a/deploy/helm/thecombine/values.yaml +++ b/deploy/helm/thecombine/values.yaml @@ -39,6 +39,8 @@ global: # Update strategy should be "Recreate" or "Rolling Update" updateStrategy: Recreate + includeResourceLimits: false + aws-login: enabled: true diff --git a/deploy/scripts/setup_files/profiles/dev.yaml b/deploy/scripts/setup_files/profiles/dev.yaml index b7c736de7c..9f1e3feb88 100644 --- a/deploy/scripts/setup_files/profiles/dev.yaml +++ b/deploy/scripts/setup_files/profiles/dev.yaml @@ -17,6 +17,7 @@ charts: global: imageRegistry: "" imagePullPolicy: Never + includeResourceLimits: false awsS3Location: dev.thecombine.app ingressClass: nginx diff --git a/deploy/scripts/setup_files/profiles/prod.yaml b/deploy/scripts/setup_files/profiles/prod.yaml index 03224a0d5e..2e45809325 100644 --- a/deploy/scripts/setup_files/profiles/prod.yaml +++ b/deploy/scripts/setup_files/profiles/prod.yaml @@ -32,6 +32,7 @@ charts: fontStorageAccessMode: ReadWriteMany imagePullPolicy: Always pullSecretName: None + includeResourceLimits: true certManager: enabled: false cert-proxy-server: diff --git a/deploy/scripts/setup_files/profiles/staging.yaml b/deploy/scripts/setup_files/profiles/staging.yaml index 026e550d36..6c86d40934 100644 --- a/deploy/scripts/setup_files/profiles/staging.yaml +++ b/deploy/scripts/setup_files/profiles/staging.yaml @@ -15,6 +15,7 @@ charts: awsS3Location: prod.thecombine.app fontStorageAccessMode: ReadWriteMany imagePullPolicy: Always + includeResourceLimits: true tlsSecretName: thecombine-app-tls certManager: enabled: false