Research: Do we need resource limits for the bundle builder container if we use config maps/pvcs?

[maltesander]

The PR #347 implements resource limits and requests for the opa container. The second container opa-bundle-builder currently does not have any limits.

The opa-bundle-builder basically reads all provided OPA rego config maps and puts the content into a tar bundle. From the OPA docs this could grow to a quite a size.

Currently, the size of the data in ConfigMaps cannot exceed 1MB (etcd limit).

This can become a problem if there are many configmaps with rules / data.
The OpaBundleBuilder uses the tar crate, where it is stated that not all of the content must be explicitly in memory.

If rules are adapted dynamically, this also could put quite a load on the CPU when repacking the bundle.tar.gz (not sure we ever reach that many/big rules though).

This is done when:

• The tar crate is tested for memory consumption
• The tar crate is tested for CPU utilization
• We have some tests / estimates if we need more resources than the default ones for the opa-bundle-builder (e.g. with 1000 - 10000 Configmaps a ~1MB)