Hardcode smaller limits to prevent cluster request exhaustion

gravitational · Feb 27, 2024 · a1230f1 · a1230f1
1 parent dc6b08a
commit a1230f1
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 17 deletions.
diff --git a/examples/chart/teleport-cluster/templates/proxy/deployment.yaml b/examples/chart/teleport-cluster/templates/proxy/deployment.yaml
@@ -109,9 +109,16 @@ spec:
             - wait
             - no-resolve
             - '{{ include "teleport-cluster.auth.previousVersionServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local'
+# propagating through the limits from the main resources section would double the requested amounts
+# and may prevent scheduling on the cluster. as such, we hardcode small limits for this tiny container.
 {{- if $proxy.resources }}
           resources:
-  {{- toYaml $proxy.resources | nindent 12 }}
+            requests:
+              cpu: 0.1
+              memory: 256Mi
+            limits:
+              cpu: 1
+              memory: 512Mi
 {{- end }}
 {{- if $proxy.securityContext }}
           securityContext: {{- toYaml $proxy.securityContext | nindent 12 }}

diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -9,11 +9,11 @@ should provision initContainer correctly when set in values:
       name: wait-auth-update
       resources:
         limits:
-          cpu: 2
-          memory: 4Gi
-        requests:
           cpu: 1
-          memory: 2Gi
+          memory: 512Mi
+        requests:
+          cpu: 0.1
+          memory: 256Mi
     - args:
       - echo test
       image: alpine
@@ -253,11 +253,11 @@ should set resources for wait-auth-update initContainer when set in values:
       name: wait-auth-update
       resources:
         limits:
-          cpu: 2
-          memory: 4Gi
-        requests:
           cpu: 1
-          memory: 2Gi
+          memory: 512Mi
+        requests:
+          cpu: 0.1
+          memory: 256Mi
     serviceAccountName: RELEASE-NAME-proxy
     terminationGracePeriodSeconds: 60
     volumes:
@@ -361,11 +361,11 @@ should set resources when set in values:
       name: wait-auth-update
       resources:
         limits:
-          cpu: 2
-          memory: 4Gi
-        requests:
           cpu: 1
-          memory: 2Gi
+          memory: 512Mi
+        requests:
+          cpu: 0.1
+          memory: 256Mi
     serviceAccountName: RELEASE-NAME-proxy
     terminationGracePeriodSeconds: 60
     volumes:

diff --git a/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml b/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml
@@ -231,16 +231,16 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.initContainers[0].resources.requests.cpu
-          value: 1
+          value: 0.1
       - equal:
           path: spec.template.spec.initContainers[0].resources.requests.memory
-          value: 2Gi
+          value: 256Mi
       - equal:
           path: spec.template.spec.initContainers[0].resources.limits.cpu
-          value: 2
+          value: 1
       - equal:
           path: spec.template.spec.initContainers[0].resources.limits.memory
-          value: 4Gi
+          value: 512Mi
       - matchSnapshot:
           path: spec.template.spec