From 78c2aafe56ff77d9ae5ce33cd7d4eeb85a921e27 Mon Sep 17 00:00:00 2001 From: mw Date: Fri, 8 Dec 2023 15:02:37 +0100 Subject: [PATCH] feat(base-cluster/limitrange-quotas) --- .../templates/global/namespaces.yaml | 40 ++++++++++ charts/base-cluster/values.schema.json | 32 ++++++++ charts/base-cluster/values.yaml | 77 +++++++++++++++++++ 3 files changed, 149 insertions(+) diff --git a/charts/base-cluster/templates/global/namespaces.yaml b/charts/base-cluster/templates/global/namespaces.yaml index d1d3b90b6d..f9565cc961 100644 --- a/charts/base-cluster/templates/global/namespaces.yaml +++ b/charts/base-cluster/templates/global/namespaces.yaml @@ -7,5 +7,45 @@ metadata: {{- with $namespace.additionalLabels -}} {{- . | toYaml | nindent 4 -}} {{- end }} +{{ if $namespace.resources }} +--- + {{- if $namespace.resources.defaults }} +apiVersion: v1 +kind: LimitRange +metadata: + name: {{ $name }} + namespace: {{ $name }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +spec: + {{- $limits := dict "type" "Container" -}} + {{/* this section defines default limits */}} + {{- with $namespace.resources.defaults.limits -}} + {{- $limits = set $limits "default" . -}} + {{- end -}} + + {{/* this section defines default requests */}} + {{- with $namespace.resources.defaults.requests -}} + {{- $limits = set $limits "defaultRequest" . -}} + {{- end }} + limits: {{- list $limits | toYaml | nindent 4 }} +{{- end }} +{{- end }} +{{ if $namespace.resources }} +{{ if $namespace.resources.quotas }} +--- +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ $name }} + namespace: {{ $name }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +spec: + {{- $quotas := dict -}} + {{- with $namespace.resources.quotas -}} + {{- $quotas = . }} + hard: {{- $quotas | toYaml | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} --- {{ end -}} \ No newline at end of file diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json index 88b64461f1..cbe08cf4d2 100644 --- a/charts/base-cluster/values.schema.json +++ b/charts/base-cluster/values.schema.json @@ -232,6 +232,38 @@ }, "condition": { "$ref": "#/$defs/condition" + }, + "resources": { + "type": "object", + "properties": { + "defaults": { + "type": "object", + "minProperties": 1, + "properties": { + "requests": { + "type": "object", + "additionalProperties": { + "$ref": "#/$defs/quantity" + } + }, + "limits": { + "type": "object", + "additionalProperties": { + "$ref": "#/$defs/quantity" + } + } + }, + "additionalProperties": false + }, + "quotas": { + "type": "object", + "description": "See https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "additionalProperties": { + "$ref": "#/$defs/quantity" + } + } + }, + "additionalProperties": false } }, "additionalProperties": false diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml index c75f38d48d..314701aeb2 100644 --- a/charts/base-cluster/values.yaml +++ b/charts/base-cluster/values.yaml @@ -10,21 +10,76 @@ global: condition: "{{ not (empty .Values.dns.provider) }}" additionalLabels: app.kubernetes.io/component: ingress + resources: + defaults: + requests: + cpu: 20m + memory: 100Mi + limits: + cpu: 100m + memory: 200Mi + quotas: + limits.cpu: "1" + limits.memory: 500Mi cert-manager: additionalLabels: app.kubernetes.io/component: cert-manager + resources: + defaults: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 500m + memory: 300Mi + quotas: + limits.cpu: "1" + limits.memory: 1Gi ingress-nginx: condition: "{{ .Values.ingress.enabled }}" additionalLabels: app.kubernetes.io/component: ingress + resources: + defaults: + requests: + cpu: 20m + memory: 100Mi + limits: + cpu: 100m + memory: 200Mi + quotas: + limits.cpu: "1" + limits.memory: 500Mi kyverno: condition: "{{ .Values.kyverno.enabled }}" additionalLabels: app.kubernetes.io/component: kyverno + resources: + defaults: + requests: + cpu: 350m + memory: 350Mi + limits: + cpu: 800m + memory: 800Mi + quotas: + limits.cpu: 1500m + limits.memory: 1500Mi monitoring: condition: "{{ or .Values.monitoring.prometheus.enabled .Values.monitoring.metricsServer.enabled }}" additionalLabels: app.kubernetes.io/component: monitoring + resources: + defaults: + requests: + cpu: 20m + memory: 100Mi + limits: + cpu: 100m + memory: 200Mi + quotas: + limits.cpu: "1" + limits.memory: 4000Mi loki: condition: "{{ .Values.monitoring.loki.enabled }}" additionalLabels: @@ -34,6 +89,17 @@ global: condition: "{{ .Values.monitoring.securityScanning.enabled }}" additionalLabels: app.kubernetes.io/component: security + resources: + defaults: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 300m + memory: 1500Mi + quotas: + limits.cpu: 500Mi + limits.memory: 4Gi nfs-server-provisioner: condition: "{{ .Values.storage.readWriteMany.enabled }}" additionalLabels: @@ -43,6 +109,17 @@ global: condition: "{{ .Values.backup.enabled }}" additionalLabels: app.kubernetes.io/component: backup + resources: + defaults: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + quotas: + limits.cpu: 1500Mi + limits.memory: 2Gi certificates: cluster-wildcard: dnsNames: |-