Skip to content

Commit

Permalink
feat(base-cluster/limitrange-quotas): add limitrange and resource quota
Browse files Browse the repository at this point in the history
  • Loading branch information
marvinWolff committed Dec 13, 2023
1 parent ca6efc3 commit e12f272
Show file tree
Hide file tree
Showing 3 changed files with 149 additions and 0 deletions.
40 changes: 40 additions & 0 deletions charts/base-cluster/templates/global/namespaces.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,45 @@ metadata:
{{- with $namespace.additionalLabels -}}
{{- . | toYaml | nindent 4 -}}
{{- end }}
{{ if $namespace.resources }}
---
{{- if $namespace.resources.defaults }}
apiVersion: v1
kind: LimitRange
metadata:
name: {{ $name }}
namespace: {{ $name }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
spec:
{{- $limits := dict "type" "Container" -}}
{{/* this section defines default limits */}}
{{- with $namespace.resources.defaults.limits -}}
{{- $limits = set $limits "default" . -}}
{{- end -}}

{{/* this section defines default requests */}}
{{- with $namespace.resources.defaults.requests -}}
{{- $limits = set $limits "defaultRequest" . -}}
{{- end }}
limits: {{- list $limits | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{ if $namespace.resources }}
{{ if $namespace.resources.quotas }}
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: {{ $name }}
namespace: {{ $name }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
spec:
{{- $quotas := dict -}}
{{- with $namespace.resources.quotas -}}
{{- $quotas = . }}
hard: {{- $quotas | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
---
{{ end -}}
32 changes: 32 additions & 0 deletions charts/base-cluster/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,38 @@
},
"condition": {
"$ref": "#/$defs/condition"
},
"resources": {
"type": "object",
"properties": {
"defaults": {
"type": "object",
"minProperties": 1,
"properties": {
"requests": {
"type": "object",
"additionalProperties": {
"$ref": "#/$defs/quantity"
}
},
"limits": {
"type": "object",
"additionalProperties": {
"$ref": "#/$defs/quantity"
}
}
},
"additionalProperties": false
},
"quotas": {
"type": "object",
"description": "See https://kubernetes.io/docs/concepts/policy/resource-quotas/",
"additionalProperties": {
"$ref": "#/$defs/quantity"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
Expand Down
77 changes: 77 additions & 0 deletions charts/base-cluster/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,76 @@ global:
condition: "{{ not (empty .Values.dns.provider) }}"
additionalLabels:
app.kubernetes.io/component: ingress
resources:
defaults:
requests:
cpu: 20m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
quotas:
limits.cpu: "1"
limits.memory: 500Mi
cert-manager:
additionalLabels:
app.kubernetes.io/component: cert-manager
resources:
defaults:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 500m
memory: 300Mi
quotas:
limits.cpu: "1"
limits.memory: 1Gi
ingress-nginx:
condition: "{{ .Values.ingress.enabled }}"
additionalLabels:
app.kubernetes.io/component: ingress
resources:
defaults:
requests:
cpu: 20m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
quotas:
limits.cpu: "1"
limits.memory: 500Mi
kyverno:
condition: "{{ .Values.kyverno.enabled }}"
additionalLabels:
app.kubernetes.io/component: kyverno
resources:
defaults:
requests:
cpu: 350m
memory: 350Mi
limits:
cpu: 800m
memory: 800Mi
quotas:
limits.cpu: 1500m
limits.memory: 1500Mi
monitoring:
condition: "{{ or .Values.monitoring.prometheus.enabled .Values.monitoring.metricsServer.enabled }}"
additionalLabels:
app.kubernetes.io/component: monitoring
resources:
defaults:
requests:
cpu: 20m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
quotas:
limits.cpu: "1"
limits.memory: 4000Mi
loki:
condition: "{{ .Values.monitoring.loki.enabled }}"
additionalLabels:
Expand All @@ -34,6 +89,17 @@ global:
condition: "{{ .Values.monitoring.securityScanning.enabled }}"
additionalLabels:
app.kubernetes.io/component: security
resources:
defaults:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 300m
memory: 1500Mi
quotas:
limits.cpu: 500Mi
limits.memory: 4Gi
nfs-server-provisioner:
condition: "{{ .Values.storage.readWriteMany.enabled }}"
additionalLabels:
Expand All @@ -43,6 +109,17 @@ global:
condition: "{{ .Values.backup.enabled }}"
additionalLabels:
app.kubernetes.io/component: backup
resources:
defaults:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi
quotas:
limits.cpu: 1500Mi
limits.memory: 2Gi
certificates:
cluster-wildcard:
dnsNames: |-
Expand Down

0 comments on commit e12f272

Please sign in to comment.