From d02414cf61ba2f4e29e44247c92f38555cc3765f Mon Sep 17 00:00:00 2001 From: TessaIO Date: Sat, 16 Mar 2024 21:57:51 +0100 Subject: [PATCH] chore/deployment: add resources requests and limits for helm and Kustomize Signed-off-by: TessaIO --- deployment/base/gc/gc.yaml | 7 ++ deployment/base/master/master-deployment.yaml | 7 ++ .../topologyupdater-daemonset.yaml | 7 ++ .../worker-daemonset/worker-daemonset.yaml | 7 ++ .../helm/node-feature-discovery/values.yaml | 72 ++++++++----------- docs/deployment/helm.md | 13 ++-- 6 files changed, 64 insertions(+), 49 deletions(-) diff --git a/deployment/base/gc/gc.yaml b/deployment/base/gc/gc.yaml index 42591b60b..d97b83a7a 100644 --- a/deployment/base/gc/gc.yaml +++ b/deployment/base/gc/gc.yaml @@ -19,6 +19,13 @@ spec: - name: nfd-gc image: gcr.io/k8s-staging-nfd/node-feature-discovery:master imagePullPolicy: Always + resources: + limits: + cpu: 20m + memory: 1Gi + requests: + cpu: 10m + memory: 128Mi command: - "nfd-gc" ports: diff --git a/deployment/base/master/master-deployment.yaml b/deployment/base/master/master-deployment.yaml index 25313d0d6..e0b659d01 100644 --- a/deployment/base/master/master-deployment.yaml +++ b/deployment/base/master/master-deployment.yaml @@ -21,6 +21,13 @@ spec: - name: nfd-master image: gcr.io/k8s-staging-nfd/node-feature-discovery:master imagePullPolicy: Always + resources: + limits: + cpu: 300m + memory: 4Gi + requests: + cpu: 100m + memory: 128Mi livenessProbe: grpc: port: 8082 diff --git a/deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml b/deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml index 28abd3a4b..0db740115 100644 --- a/deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml +++ b/deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml @@ -22,6 +22,13 @@ spec: command: - "nfd-topology-updater" args: [] + resources: + limits: + cpu: 100m + memory: 60Mi + requests: + cpu: 50m + memory: 40Mi ports: - name: metrics containerPort: 8081 diff --git a/deployment/base/worker-daemonset/worker-daemonset.yaml b/deployment/base/worker-daemonset/worker-daemonset.yaml index 2132498ce..816960f06 100644 --- a/deployment/base/worker-daemonset/worker-daemonset.yaml +++ b/deployment/base/worker-daemonset/worker-daemonset.yaml @@ -21,6 +21,13 @@ spec: imagePullPolicy: Always command: - "nfd-worker" + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 5m + memory: 64Mi args: - "-server=nfd-master:8080" ports: diff --git a/deployment/helm/node-feature-discovery/values.yaml b/deployment/helm/node-feature-discovery/values.yaml index dac6fcf4b..a5862d886 100644 --- a/deployment/helm/node-feature-discovery/values.yaml +++ b/deployment/helm/node-feature-discovery/values.yaml @@ -94,17 +94,13 @@ master: type: ClusterIP port: 8080 - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + resources: + limits: + cpu: 300m + memory: 4Gi + requests: + cpu: 100m + memory: 128Mi nodeSelector: {} @@ -411,17 +407,13 @@ worker: # Does not work on systems without /usr/src AND a read-only /usr, such as Talos mountUsrSrc: false - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 5m + memory: 64Mi nodeSelector: {} @@ -469,17 +461,13 @@ topologyUpdater: readOnlyRootFilesystem: true runAsUser: 0 - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + resources: + limits: + cpu: 100m + memory: 60Mi + requests: + cpu: 50m + memory: 40Mi nodeSelector: {} tolerations: [] @@ -503,17 +491,13 @@ gc: podSecurityContext: {} - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + resources: + limits: + cpu: 20m + memory: 1Gi + requests: + cpu: 10m + memory: 128Mi metricsPort: 8081 diff --git a/docs/deployment/helm.md b/docs/deployment/helm.md index ae3baa8b2..80e03d7aa 100644 --- a/docs/deployment/helm.md +++ b/docs/deployment/helm.md @@ -131,8 +131,8 @@ API's you need to install the prometheus operator in your cluster. | `master.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-master | | `master.service.type` | string | ClusterIP | NFD master service type. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | | `master.service.port` | integer | 8080 | NFD master service port. **NOTE**: this parameter is related to the deprecated gRPC API and will be removed with it in a future release | -| `master.resources` | dict | {} | NFD master pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| `master.nodeSelector` | dict | {} | NFD master pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | +| `master.resources.limits` | dict | {cpu: 300m, memory: 4Gi} | NFD master pod [resources limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | +| `master.resources.requests`| dict | {cpu: 100m, memory: 128Mi} | NFD master pod [resources requests](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | | `master.tolerations` | dict | _Scheduling to master node is disabled_ | NFD master pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | `master.annotations` | dict | {} | NFD master pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | | `master.affinity` | dict | | NFD master pod required [node affinity](https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) | @@ -155,7 +155,8 @@ API's you need to install the prometheus operator in your cluster. | `worker.serviceAccount.name` | string | | The name of the service account to use for nfd-worker. If not set and create is true, a name is generated using the fullname template (suffixed with `-worker`) | | `worker.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for nfd-worker | | `worker.mountUsrSrc` | bool | false | Specifies whether to allow users to mount the hostpath /user/src. Does not work on systems without /usr/src AND a read-only /usr | -| `worker.resources` | dict | {} | NFD worker pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| `worker.resources.limits` | dict | {cpu: 200m, memory: 512Mi} | NFD worker pod [resources limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | +| `worker.resources.requests` | dict | {cpu: 5m, memory: 64Mi} | NFD worker pod [resources requests](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | | `worker.nodeSelector` | dict | {} | NFD worker pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | | `worker.tolerations` | dict | {} | NFD worker pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | `worker.priorityClassName` | string | | NFD worker pod [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | @@ -180,7 +181,8 @@ API's you need to install the prometheus operator in your cluster. | `topologyUpdater.watchNamespace` | string | `*` | Namespace to watch pods, `*` for all namespaces | | `topologyUpdater.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | | `topologyUpdater.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | -| `topologyUpdater.resources` | dict | {} | Topology updater pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| `topologyUpdater.resources.limits` | dict | {cpu: 100m, memory: 60Mi} | NFD Topology Updater pod [resources limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | +| `topologyUpdater.resources.requests` | dict | {cpu: 50m, memory: 40Mi} | NFD Topology Updater pod [resources requests](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | | `topologyUpdater.nodeSelector` | dict | {} | Topology updater pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | | `topologyUpdater.tolerations` | dict | {} | Topology updater pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | `topologyUpdater.annotations` | dict | {} | Topology updater pod [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | @@ -202,7 +204,8 @@ API's you need to install the prometheus operator in your cluster. | `gc.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for garbage collector | | `gc.interval` | string | 1h | Time between periodic garbage collector runs | | `gc.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | -| `gc.resources` | dict | {} | Garbage collector pod [resources management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| `gc.resources.limits` | dict | {cpu: 20m, memory: 1Gi} | NFD Garbage Collector pod [resources limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | +| `gc.resources.requests` | dict | {cpu: 10m, memory: 128Mi} | NFD Garbage Collector pod [resources requests](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits) | | `gc.metricsPort` | integer | 8081 | Port on which to serve Prometheus metrics | | `gc.nodeSelector` | dict | {} | Garbage collector pod [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | | `gc.tolerations` | dict | {} | Garbage collector pod [node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |