Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Research: Do we need resource limits for the bundle builder container if we use config maps/pvcs? #348

Open
3 tasks
maltesander opened this issue Sep 15, 2022 · 0 comments
Open
3 tasks

Research: Do we need resource limits for the bundle builder container if we use config maps/pvcs? #348

maltesander opened this issue Sep 15, 2022 · 0 comments

Comments

@maltesander
Copy link
Member

maltesander commented Sep 15, 2022
edited
Loading

The PR #347 implements resource limits and requests for the opa container. The second container opa-bundle-builder currently does not have any limits.

The opa-bundle-builder basically reads all provided OPA rego config maps and puts the content into a tar bundle. From the OPA docs this could grow to a quite a size.

Currently, the size of the data in ConfigMaps cannot exceed 1MB (etcd limit).

This can become a problem if there are many configmaps with rules / data.
The OpaBundleBuilder uses the tar crate, where it is stated that not all of the content must be explicitly in memory.

If rules are adapted dynamically, this also could put quite a load on the CPU when repacking the bundle.tar.gz (not sure we ever reach that many/big rules though).

This is done when:

  • The tar crate is tested for memory consumption
  • The tar crate is tested for CPU utilization
  • We have some tests / estimates if we need more resources than the default ones for the opa-bundle-builder (e.g. with 1000 - 10000 Configmaps a ~1MB)
@maltesander maltesander mentioned this issue Sep 15, 2022
Closed
7 tasks
bors bot pushed a commit that referenced this issue Sep 16, 2022
@maltesander
Implement resource requests and limits for OPA pods (#347)
8cdc098 
# Description

- added cpu and memory resource limits

fixes #325

This currently only sets resource limits for the `opa` container. I created an issue #348 in case we ever need to provide the `opa-bundle-builder` container with more resources.

Test:
https://ci.stackable.tech/view/02%20Operator%20Tests%20(custom)/job/opa-operator-it-custom/12/



Co-authored-by: Malte Sander <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maltesander