From 8c88a3c6bf94b0793159448f5f536abd3812836d Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 16:55:01 +0200 Subject: [PATCH 01/10] added resources struct and code --- rust/crd/src/lib.rs | 76 ++++++++++++++++++++++++-- rust/operator-binary/src/controller.rs | 14 ++++- 2 files changed, 82 insertions(+), 8 deletions(-) diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs index a314d54e..4fc1a59b 100644 --- a/rust/crd/src/lib.rs +++ b/rust/crd/src/lib.rs @@ -1,8 +1,14 @@ use serde::{Deserialize, Serialize}; -use stackable_operator::kube::CustomResource; -use stackable_operator::product_config_utils::{ConfigError, Configuration}; -use stackable_operator::role_utils::Role; -use stackable_operator::schemars::{self, JsonSchema}; +use stackable_operator::{ + commons::resources::{CpuLimits, MemoryLimits, NoRuntimeLimits, Resources}, + config::merge::Merge, + k8s_openapi::apimachinery::pkg::api::resource::Quantity, + kube::CustomResource, + product_config_utils::{ConfigError, Configuration}, + role_utils::Role, + role_utils::RoleGroupRef, + schemars::{self, JsonSchema}, +}; use std::collections::BTreeMap; use strum::{Display, EnumIter, EnumString}; @@ -31,9 +37,31 @@ pub struct OpaSpec { pub version: Option, } -#[derive(Clone, Debug, Default, Deserialize, Eq, JsonSchema, PartialEq, Serialize)] +#[derive(Clone, Debug, Default, Deserialize, Eq, Merge, JsonSchema, PartialEq, Serialize)] #[serde(rename_all = "camelCase")] -pub struct OpaConfig {} +pub struct OpaStorageConfig {} + +#[derive(Clone, Debug, Default, Deserialize, JsonSchema, PartialEq, Serialize)] +#[serde(rename_all = "camelCase")] +pub struct OpaConfig { + pub resources: Option>, +} + +impl OpaConfig { + fn default_resources() -> Resources { + Resources { + cpu: CpuLimits { + min: Some(Quantity("200m".to_owned())), + max: Some(Quantity("2".to_owned())), + }, + memory: MemoryLimits { + limit: Some(Quantity("2Gi".to_owned())), + runtime_limits: NoRuntimeLimits {}, + }, + storage: OpaStorageConfig {}, + } + } +} impl Configuration for OpaConfig { type Configurable = OpaCluster; @@ -97,4 +125,40 @@ impl OpaCluster { self.metadata.namespace.as_ref()? )) } + + /// Retrieve and merge resource configs for role and role groups + pub fn resolve_resource_config_for_role_and_rolegroup( + &self, + role: &OpaRole, + rolegroup_ref: &RoleGroupRef, + ) -> Option> { + // Initialize the result with all default values as baseline + let conf_defaults = OpaConfig::default_resources(); + + let role = match role { + OpaRole::Server => &self.spec.servers, + }; + + // Retrieve role resource config + let mut conf_role: Resources = + role.config.config.resources.clone().unwrap_or_default(); + + // Retrieve rolegroup specific resource config + let mut conf_rolegroup: Resources = role + .role_groups + .get(&rolegroup_ref.role_group) + .and_then(|rg| rg.config.config.resources.clone()) + .unwrap_or_default(); + + // Merge more specific configs into default config + // Hierarchy is: + // 1. RoleGroup + // 2. Role + // 3. Default + conf_role.merge(&conf_defaults); + conf_rolegroup.merge(&conf_role); + + tracing::debug!("Merged resource config: {:?}", conf_rolegroup); + Some(conf_rolegroup) + } } diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index 031b9b99..84e523eb 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -3,8 +3,9 @@ use crate::built_info::PKG_VERSION; use crate::discovery::{self, build_discovery_configmaps}; use snafu::{OptionExt, ResultExt, Snafu}; -use stackable_opa_crd::{OpaCluster, OpaRole, APP_NAME}; +use stackable_opa_crd::{OpaCluster, OpaRole, OpaStorageConfig, APP_NAME}; use stackable_operator::builder::SecurityContextBuilder; +use stackable_operator::commons::resources::{NoRuntimeLimits, Resources}; use stackable_operator::k8s_openapi::api::core::v1::{ EmptyDirVolumeSource, HTTPGetAction, Probe, ServiceAccount, }; @@ -112,6 +113,8 @@ pub enum Error { ProductConfigTransform { source: stackable_operator::product_config_utils::ConfigError, }, + #[snafu(display("failed to resolve and merge resource config for role and role group"))] + FailedToResolveResourceConfig, } type Result = std::result::Result; @@ -191,8 +194,13 @@ pub async fn reconcile_opa(opa: Arc, ctx: Arc) -> Result, opa: &OpaCluster, server_config: &HashMap>, + resources: &Resources, ) -> Result { let opa_version = opa_version(opa)?; let image = format!("docker.stackable.tech/stackable/opa:{}", opa_version); @@ -400,6 +409,7 @@ fn build_server_rolegroup_daemonset( .add_env_vars(env) .add_container_port(APP_PORT_NAME, APP_PORT.into()) .add_volume_mount("config", "/stackable/config") + .resources(resources.clone().into()) .readiness_probe(Probe { initial_delay_seconds: Some(5), period_seconds: Some(10), From 821e30ce24d71e45638bb64c0cbd97b662906e8f Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 16:55:11 +0200 Subject: [PATCH 02/10] regenerated charts --- deploy/crd/opacluster.crd.yaml | 60 +++++++++++++++++++++++++ deploy/helm/opa-operator/crds/crds.yaml | 60 +++++++++++++++++++++++++ deploy/manifests/crds.yaml | 60 +++++++++++++++++++++++++ 3 files changed, 180 insertions(+) diff --git a/deploy/crd/opacluster.crd.yaml b/deploy/crd/opacluster.crd.yaml index a5053088..8ba1126f 100644 --- a/deploy/crd/opacluster.crd.yaml +++ b/deploy/crd/opacluster.crd.yaml @@ -31,6 +31,36 @@ spec: type: object config: default: {} + properties: + resources: + nullable: true + properties: + cpu: + default: + min: ~ + max: ~ + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object type: object configOverrides: additionalProperties: @@ -54,6 +84,36 @@ spec: type: object config: default: {} + properties: + resources: + nullable: true + properties: + cpu: + default: + min: ~ + max: ~ + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object type: object configOverrides: additionalProperties: diff --git a/deploy/helm/opa-operator/crds/crds.yaml b/deploy/helm/opa-operator/crds/crds.yaml index 5a459ddf..103d1a0e 100644 --- a/deploy/helm/opa-operator/crds/crds.yaml +++ b/deploy/helm/opa-operator/crds/crds.yaml @@ -33,6 +33,36 @@ spec: type: object config: default: {} + properties: + resources: + nullable: true + properties: + cpu: + default: + min: ~ + max: ~ + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object type: object configOverrides: additionalProperties: @@ -56,6 +86,36 @@ spec: type: object config: default: {} + properties: + resources: + nullable: true + properties: + cpu: + default: + min: ~ + max: ~ + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object type: object configOverrides: additionalProperties: diff --git a/deploy/manifests/crds.yaml b/deploy/manifests/crds.yaml index efc505dd..e4403ed4 100644 --- a/deploy/manifests/crds.yaml +++ b/deploy/manifests/crds.yaml @@ -34,6 +34,36 @@ spec: type: object config: default: {} + properties: + resources: + nullable: true + properties: + cpu: + default: + min: ~ + max: ~ + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object type: object configOverrides: additionalProperties: @@ -57,6 +87,36 @@ spec: type: object config: default: {} + properties: + resources: + nullable: true + properties: + cpu: + default: + min: ~ + max: ~ + properties: + max: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + min: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + type: object + memory: + properties: + limit: + description: "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n ::= \n (Note that may be empty, from the \"\" case in .)\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n ::= m | \"\" | k | M | G | T | P | E\n (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n ::= \"e\" | \"E\" \n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n a. No precision is lost\n b. No fractional digits will be emitted\n c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n 1.5 will be serialized as \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation." + nullable: true + type: string + runtimeLimits: + type: object + type: object + storage: + type: object + type: object type: object configOverrides: additionalProperties: From 5186aecb885fbdbf7f8c92e66fd6327e9f8ac5b3 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 17:01:27 +0200 Subject: [PATCH 03/10] adapted docs --- docs/modules/ROOT/pages/usage.adoc | 64 ++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/docs/modules/ROOT/pages/usage.adoc b/docs/modules/ROOT/pages/usage.adoc index 37842fa5..1bd4b92d 100644 --- a/docs/modules/ROOT/pages/usage.adoc +++ b/docs/modules/ROOT/pages/usage.adoc @@ -78,3 +78,67 @@ servers: default: config: {} ---- + +=== Storage for data volumes + +The OPA Operator currently does not support using https://kubernetes.io/docs/concepts/storage/persistent-volumes[PersistentVolumeClaims] for internal storage. + +=== Memory requests + +You can request a certain amount of memory for each individual role group as shown below: + +[source,yaml] +---- +servers: + roleGroups: + default: + config: + resources: + memory: + limit: '2Gi' +---- + +In this example, each OPA container in the `default` role group will have a maximum of 2 gigabytes of memory. To be more precise, these memory limits apply to the container running OPA but not to any sidecar containers (e.g. the BundleBuilder) that are part of the pod. + +A general rule of thumb on how to size the memory for OPA is described https://www.openpolicyagent.org/docs/latest/policy-performance/#resource-utilization[here]. + +For more details regarding Kubernetes memory requests and limits see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/[Assign Memory Resources to Containers and Pods]. + +=== CPU requests + +Similarly to memory resources, you can also configure CPU limits, as shown below: + +[source,yaml] +---- +servers: + roleGroups: + default: + config: + resources: + cpu: + max: '500m' + min: '250m' +---- + +=== Defaults + +If nothing is specified, the operator will automatically set the following default values for resources: + +[source,yaml] +---- +servers: + roleGroups: + default: + config: + resources: + requests: + cpu: 200m + memory: 2Gi + limits: + cpu: "2" + memory: 2Gi +---- + +WARNING: The default values are _most likely_ not sufficient to run a proper cluster in production. Please adapt according to your requirements. + +For more details regarding Kubernetes CPU limits see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/[Assign CPU Resources to Containers and Pods]. From 4ed911bc5f07b73d56772f03656f650c28c92b0a Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 17:08:43 +0200 Subject: [PATCH 04/10] adapted changelog --- CHANGELOG.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a2a27b2..a2e688e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- CPU and memory limits are now configurable ([#347]). + +[#347]: https://github.com/stackabletech/opa-operator/pull/347 + ## [0.10.0] - 2022-09-06 ### Changed @@ -11,9 +17,9 @@ All notable changes to this project will be documented in this file. - Include chart name when installing with a custom release name ([#313], [#314]). - `operator-rs` `0.15.0` -> `0.22.0` ([#315]). -[#313]: https://github.com/stackabletech/trino-operator/pull/313 -[#314]: https://github.com/stackabletech/trino-operator/pull/314 -[#315]: https://github.com/stackabletech/trino-operator/pull/315 +[#313]: https://github.com/stackabletech/opa-operator/pull/313 +[#314]: https://github.com/stackabletech/opa-operator/pull/314 +[#315]: https://github.com/stackabletech/opa-operator/pull/315 ## [0.9.0] - 2022-06-30 From 26d011b82d42fcb6e2933ffa99d28e645a5b0526 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 17:37:08 +0200 Subject: [PATCH 05/10] added tests --- .../templates/kuttl/resources/01-assert.yaml | 41 +++++++++++++++++ .../kuttl/resources/01-install-opa.yaml.j2 | 45 +++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 tests/templates/kuttl/resources/01-assert.yaml create mode 100644 tests/templates/kuttl/resources/01-install-opa.yaml.j2 diff --git a/tests/templates/kuttl/resources/01-assert.yaml b/tests/templates/kuttl/resources/01-assert.yaml new file mode 100644 index 00000000..d4fae070 --- /dev/null +++ b/tests/templates/kuttl/resources/01-assert.yaml @@ -0,0 +1,41 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +commands: + - script: kubectl -n $NAMESPACE rollout status daemonset opa-server-resources-from-role --timeout 301s + timeout: 300 + - script: kubectl -n $NAMESPACE rollout status daemonset opa-server-resources-from-role-group --timeout 301s + timeout: 300 +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: opa-server-resources-from-role +spec: + template: + spec: + containers: + - name: opa + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: "1" + memory: 1Gi +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: opa-server-resources-from-role-group +spec: + template: + spec: + containers: + - name: opa + resources: + requests: + cpu: 300m + memory: 3Gi + limits: + cpu: "3" + memory: 3Gi diff --git a/tests/templates/kuttl/resources/01-install-opa.yaml.j2 b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 new file mode 100644 index 00000000..5cfaeb87 --- /dev/null +++ b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: test + labels: + opa.stackable.tech/bundle: "true" +data: + test.rego: | + package test + + hello { + true + } + + world { + false + } +--- +apiVersion: opa.stackable.tech/v1alpha1 +kind: OpaCluster +metadata: + name: opa +spec: + version: {{ test_scenario['values']['opa'] }} + servers: + config: + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: "1" + memory: 1Gi + roleGroups: + resources-from-role: {} + resources-from-role-group: + config: + resources: + requests: + cpu: 300m + memory: 3Gi + limits: + cpu: "3" + memory: 3Gi From e757b218e38da2c2b5d7ca44ce0bff038fb5c68d Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 18:05:54 +0200 Subject: [PATCH 06/10] fixed tests --- .../templates/kuttl/resources/01-assert.yaml | 35 ++++++++++--------- .../kuttl/resources/01-install-opa.yaml.j2 | 22 ++++++------ tests/test-definition.yaml | 3 ++ 3 files changed, 32 insertions(+), 28 deletions(-) diff --git a/tests/templates/kuttl/resources/01-assert.yaml b/tests/templates/kuttl/resources/01-assert.yaml index d4fae070..56c61b87 100644 --- a/tests/templates/kuttl/resources/01-assert.yaml +++ b/tests/templates/kuttl/resources/01-assert.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestAssert commands: @@ -14,14 +15,15 @@ spec: template: spec: containers: - - name: opa - resources: - requests: - cpu: 100m - memory: 1Gi - limits: - cpu: "1" - memory: 1Gi + - name: opa + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: "1" + memory: 1Gi + - name: opa-bundle-builder --- apiVersion: apps/v1 kind: DaemonSet @@ -31,11 +33,12 @@ spec: template: spec: containers: - - name: opa - resources: - requests: - cpu: 300m - memory: 3Gi - limits: - cpu: "3" - memory: 3Gi + - name: opa + resources: + requests: + cpu: 300m + memory: 3Gi + limits: + cpu: "3" + memory: 3Gi + - name: opa-bundle-builder diff --git a/tests/templates/kuttl/resources/01-install-opa.yaml.j2 b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 index 5cfaeb87..0ebb544c 100644 --- a/tests/templates/kuttl/resources/01-install-opa.yaml.j2 +++ b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 @@ -26,20 +26,18 @@ spec: servers: config: resources: - requests: - cpu: 100m - memory: 1Gi - limits: - cpu: "1" - memory: 1Gi + cpu: + min: 100m + max: "1" + memory: + limit: 1Gi roleGroups: resources-from-role: {} resources-from-role-group: config: resources: - requests: - cpu: 300m - memory: 3Gi - limits: - cpu: "3" - memory: 3Gi + cpu: + min: 300m + max: "3" + memory: + limit: 3Gi diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 0cdc9852..23c50f28 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -8,3 +8,6 @@ tests: - name: smoke dimensions: - opa + - name: resources + dimensions: + - opa From 308c0c11819454bfa4d146c71247dabf9b8a8274 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 18:09:09 +0200 Subject: [PATCH 07/10] removed cm from tests --- .../kuttl/resources/01-install-opa.yaml.j2 | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/tests/templates/kuttl/resources/01-install-opa.yaml.j2 b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 index 0ebb544c..da867e72 100644 --- a/tests/templates/kuttl/resources/01-install-opa.yaml.j2 +++ b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 @@ -1,22 +1,4 @@ --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test - labels: - opa.stackable.tech/bundle: "true" -data: - test.rego: | - package test - - hello { - true - } - - world { - false - } ---- apiVersion: opa.stackable.tech/v1alpha1 kind: OpaCluster metadata: From 3ebbb066877b19ac0bb5e8abe966d32751dee265 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 15 Sep 2022 18:35:12 +0200 Subject: [PATCH 08/10] fix yaml lint --- .../templates/kuttl/resources/01-assert.yaml | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/tests/templates/kuttl/resources/01-assert.yaml b/tests/templates/kuttl/resources/01-assert.yaml index 56c61b87..cbbd17fe 100644 --- a/tests/templates/kuttl/resources/01-assert.yaml +++ b/tests/templates/kuttl/resources/01-assert.yaml @@ -15,15 +15,15 @@ spec: template: spec: containers: - - name: opa - resources: - requests: - cpu: 100m - memory: 1Gi - limits: - cpu: "1" - memory: 1Gi - - name: opa-bundle-builder + - name: opa + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: "1" + memory: 1Gi + - name: opa-bundle-builder --- apiVersion: apps/v1 kind: DaemonSet @@ -33,12 +33,12 @@ spec: template: spec: containers: - - name: opa - resources: - requests: - cpu: 300m - memory: 3Gi - limits: - cpu: "3" - memory: 3Gi - - name: opa-bundle-builder + - name: opa + resources: + requests: + cpu: 300m + memory: 3Gi + limits: + cpu: "3" + memory: 3Gi + - name: opa-bundle-builder From 8c83d7d2fd7a4f1b859038c8a325625bafcf1550 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Fri, 16 Sep 2022 09:04:11 +0200 Subject: [PATCH 09/10] Adressed review comments --- docs/modules/ROOT/pages/usage.adoc | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/modules/ROOT/pages/usage.adoc b/docs/modules/ROOT/pages/usage.adoc index 1bd4b92d..1911f13c 100644 --- a/docs/modules/ROOT/pages/usage.adoc +++ b/docs/modules/ROOT/pages/usage.adoc @@ -100,7 +100,7 @@ servers: In this example, each OPA container in the `default` role group will have a maximum of 2 gigabytes of memory. To be more precise, these memory limits apply to the container running OPA but not to any sidecar containers (e.g. the BundleBuilder) that are part of the pod. -A general rule of thumb on how to size the memory for OPA is described https://www.openpolicyagent.org/docs/latest/policy-performance/#resource-utilization[here]. +A general rule of thumb on how to size the memory for OPA is described https://www.openpolicyagent.org/docs/latest/policy-performance/#resource-utilization[in the OPA documentation]. For more details regarding Kubernetes memory requests and limits see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/[Assign Memory Resources to Containers and Pods]. @@ -131,12 +131,11 @@ servers: default: config: resources: - requests: - cpu: 200m - memory: 2Gi - limits: - cpu: "2" - memory: 2Gi + cpu: + min: '200m' + max: "2" + memory: + limit: '2Gi' ---- WARNING: The default values are _most likely_ not sufficient to run a proper cluster in production. Please adapt according to your requirements. From 1c6f0593d758c7d3995b5391e1aaafd39dee235e Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Fri, 16 Sep 2022 09:25:12 +0200 Subject: [PATCH 10/10] only using opa-latest for resource tests now --- tests/templates/kuttl/resources/01-install-opa.yaml.j2 | 2 +- tests/test-definition.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/templates/kuttl/resources/01-install-opa.yaml.j2 b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 index da867e72..1bd41081 100644 --- a/tests/templates/kuttl/resources/01-install-opa.yaml.j2 +++ b/tests/templates/kuttl/resources/01-install-opa.yaml.j2 @@ -4,7 +4,7 @@ kind: OpaCluster metadata: name: opa spec: - version: {{ test_scenario['values']['opa'] }} + version: {{ test_scenario['values']['opa-latest'] }} servers: config: resources: diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index 23c50f28..d2a77b57 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -4,10 +4,13 @@ dimensions: values: - 0.37.2-stackable0.2.0 - 0.41.0-stackable0.1.0 + - name: opa-latest + values: + - 0.41.0-stackable0.1.0 tests: - name: smoke dimensions: - opa - name: resources dimensions: - - opa + - opa-latest