fix: add resources limits to linked container as required (#393)

cmd/template_lagoonservices_test.go

@@ -172,6 +172,47 @@ func TestTemplateLagoonServices(t *testing.T) {
 			templatePath: "testoutput",
 			want:         "internal/testdata/complex/service-templates/test2c-nginx-php",
 		},
+		{
+			name:        "test2d-nginx-php",
+			description: "tests an nginx-php deployment with admin resource overrides",
+			args: testdata.GetSeedData(
+				testdata.TestData{
+					ProjectName:     "example-project",
+					EnvironmentName: "main",
+					Branch:          "main",
+					LagoonYAML:      "internal/testdata/complex/lagoon.varnish.yml",
+					ImageReferences: map[string]string{
+						"nginx":   "harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8",
+						"php":     "harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8",
+						"cli":     "harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8",
+						"redis":   "harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8",
+						"varnish": "harbor.example/example-project/main/varnish@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8",
+					},
+					BuildPodVariables: []helpers.EnvironmentVariable{
+						{
+							Name:  "ADMIN_LAGOON_FEATURE_FLAG_CONTAINER_MEMORY_LIMIT",
+							Value: "16Gi",
+						},
+						{
+							Name:  "ADMIN_LAGOON_FEATURE_FLAG_EPHEMERAL_STORAGE_LIMIT",
+							Value: "160Gi",
+						},
+						{
+							Name:  "ADMIN_LAGOON_FEATURE_FLAG_EPHEMERAL_STORAGE_REQUESTS",
+							Value: "1Gi",
+						},
+					},
+					ProjectVariables: []lagoon.EnvironmentVariable{
+						{
+							Name:  "LAGOON_FEATURE_FLAG_ROOTLESS_WORKLOAD",
+							Value: "enabled",
+							Scope: "build",
+						},
+					},
+				}, true),
+			templatePath: "testoutput",
+			want:         "internal/testdata/complex/service-templates/test2d-nginx-php",
+		},
 		{
 			name:        "test3-funky-pvcs",
 			description: "only create pvcs of the requested persistent-name in the docker-compose file",

internal/templating/services/templates_deployment.go

@@ -551,7 +551,7 @@ func GenerateDeploymentTemplate(
 				deployment.Spec.Template.Spec.Volumes = append(deployment.Spec.Template.Spec.Volumes, volume)
 			}
 
-			// set the resource limit overrides if htey are provided
+			// set the resource limit overrides if they are provided
 			if buildValues.Resources.Limits.Memory != "" {
 				if container.Container.Resources.Limits == nil {
 					container.Container.Resources.Limits = corev1.ResourceList{}
@@ -651,6 +651,27 @@ func GenerateDeploymentTemplate(
 					helpers.TemplateThings(tpld, svm, &volumeMount)
 					linkedContainer.Container.VolumeMounts = append(linkedContainer.Container.VolumeMounts, volumeMount)
 				}
+
+				// set the resource limit overrides if they are provided
+				if buildValues.Resources.Limits.Memory != "" {
+					if linkedContainer.Container.Resources.Limits == nil {
+						linkedContainer.Container.Resources.Limits = corev1.ResourceList{}
+					}
+					linkedContainer.Container.Resources.Limits[corev1.ResourceMemory] = resource.MustParse(buildValues.Resources.Limits.Memory)
+				}
+				if buildValues.Resources.Limits.EphemeralStorage != "" {
+					if linkedContainer.Container.Resources.Limits == nil {
+						linkedContainer.Container.Resources.Limits = corev1.ResourceList{}
+					}
+					linkedContainer.Container.Resources.Limits[corev1.ResourceEphemeralStorage] = resource.MustParse(buildValues.Resources.Limits.EphemeralStorage)
+				}
+				if buildValues.Resources.Requests.EphemeralStorage != "" {
+					if linkedContainer.Container.Resources.Requests == nil {
+						linkedContainer.Container.Resources.Requests = corev1.ResourceList{}
+					}
+					linkedContainer.Container.Resources.Requests[corev1.ResourceEphemeralStorage] = resource.MustParse(buildValues.Resources.Requests.EphemeralStorage)
+				}
+
 				deployment.Spec.Template.Spec.Containers = append(deployment.Spec.Template.Spec.Containers, linkedContainer.Container)
 			}
 

internal/templating/services/templates_deployment_test.go

@@ -134,6 +134,15 @@ func TestGenerateDeploymentTemplate(t *testing.T) {
 						RunAsUser:  10000,
 						FsGroup:    10001,
 					},
+					Resources: generator.Resources{
+						Limits: generator.ResourceLimits{
+							Memory:           "16Gi",
+							EphemeralStorage: "160Gi",
+						},
+						Requests: generator.ResourceRequests{
+							EphemeralStorage: "1Gi",
+						},
+					},
 					GitSHA:       "0",
 					ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273",
 					ImageReferences: map[string]string{

internal/templating/services/test-resources/deployment/result-nginx-1.yaml

@@ -77,8 +77,12 @@ spec:
           initialDelaySeconds: 1
           timeoutSeconds: 3
         resources:
+          limits:
+            ephemeral-storage: 160Gi
+            memory: 16Gi
           requests:
             cpu: 10m
+            ephemeral-storage: 1Gi
             memory: 10Mi
         securityContext: {}
       - env:
@@ -109,8 +113,12 @@ spec:
           tcpSocket:
             port: 9000
         resources:
+          limits:
+            ephemeral-storage: 160Gi
+            memory: 16Gi
           requests:
             cpu: 10m
+            ephemeral-storage: 1Gi
             memory: 100Mi
         securityContext: {}
       enableServiceLinks: false
@@ -201,8 +209,12 @@ spec:
           initialDelaySeconds: 1
           timeoutSeconds: 3
         resources:
+          limits:
+            ephemeral-storage: 160Gi
+            memory: 16Gi
           requests:
             cpu: 10m
+            ephemeral-storage: 1Gi
             memory: 10Mi
         securityContext: {}
         volumeMounts:
@@ -236,8 +248,12 @@ spec:
           tcpSocket:
             port: 9000
         resources:
+          limits:
+            ephemeral-storage: 160Gi
+            memory: 16Gi
           requests:
             cpu: 10m
+            ephemeral-storage: 1Gi
             memory: 100Mi
         securityContext: {}
         volumeMounts:

internal/testdata/complex/service-templates/test2d-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml

@@ -0,0 +1,107 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  annotations:
+    lagoon.sh/branch: main
+    lagoon.sh/version: v2.7.x
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: cronjob-cli
+    app.kubernetes.io/managed-by: build-deploy-tool
+    app.kubernetes.io/name: cronjob-cli-persistent
+    lagoon.sh/buildType: branch
+    lagoon.sh/environment: main
+    lagoon.sh/environmentType: production
+    lagoon.sh/project: example-project
+    lagoon.sh/service: cli
+    lagoon.sh/service-type: cli-persistent
+    lagoon.sh/template: cli-persistent-0.1.0
+  name: cronjob-cli-drush-cron2
+spec:
+  concurrencyPolicy: Forbid
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    metadata:
+      creationTimestamp: null
+    spec:
+      template:
+        metadata:
+          annotations:
+            lagoon.sh/branch: main
+            lagoon.sh/configMapSha: abcdefg1234567890
+            lagoon.sh/version: v2.7.x
+          creationTimestamp: null
+          labels:
+            app.kubernetes.io/instance: cronjob-cli
+            app.kubernetes.io/managed-by: build-deploy-tool
+            app.kubernetes.io/name: cronjob-cli-persistent
+            lagoon.sh/buildType: branch
+            lagoon.sh/environment: main
+            lagoon.sh/environmentType: production
+            lagoon.sh/project: example-project
+            lagoon.sh/service: cli
+            lagoon.sh/service-type: cli-persistent
+            lagoon.sh/template: cli-persistent-0.1.0
+        spec:
+          containers:
+          - command:
+            - /lagoon/cronjob.sh
+            - drush cron
+            env:
+            - name: LAGOON_GIT_SHA
+              value: "0000000000000000000000000000000000000000"
+            - name: SERVICE_NAME
+              value: cli
+            envFrom:
+            - configMapRef:
+                name: lagoon-env
+            image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8
+            imagePullPolicy: Always
+            name: cronjob-cli-drush-cron2
+            resources:
+              limits:
+                ephemeral-storage: 160Gi
+                memory: 16Gi
+              requests:
+                cpu: 10m
+                ephemeral-storage: 1Gi
+                memory: 10Mi
+            securityContext: {}
+            volumeMounts:
+            - mountPath: /var/run/secrets/lagoon/sshkey/
+              name: lagoon-sshkey
+              readOnly: true
+            - mountPath: /app/docroot/sites/default/files//php
+              name: nginx-php-twig
+            - mountPath: /app/docroot/sites/default/files/
+              name: nginx-php
+          dnsConfig:
+            options:
+            - name: timeout
+              value: "60"
+            - name: attempts
+              value: "10"
+          enableServiceLinks: false
+          imagePullSecrets:
+          - name: lagoon-internal-registry-secret
+          priorityClassName: lagoon-priority-production
+          restartPolicy: Never
+          securityContext:
+            fsGroup: 10001
+            runAsGroup: 0
+            runAsUser: 10000
+          volumes:
+          - name: lagoon-sshkey
+            secret:
+              defaultMode: 420
+              secretName: lagoon-sshkey
+          - emptyDir: {}
+            name: nginx-php-twig
+          - name: nginx-php
+            persistentVolumeClaim:
+              claimName: nginx-php
+  schedule: 18,48 * * * *
+  startingDeadlineSeconds: 240
+  successfulJobsHistoryLimit: 0
+status: {}

internal/testdata/complex/service-templates/test2d-nginx-php/deployment-cli.yaml

@@ -0,0 +1,107 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    lagoon.sh/branch: main
+    lagoon.sh/version: v2.7.x
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: cli
+    app.kubernetes.io/managed-by: build-deploy-tool
+    app.kubernetes.io/name: cli-persistent
+    lagoon.sh/buildType: branch
+    lagoon.sh/environment: main
+    lagoon.sh/environmentType: production
+    lagoon.sh/project: example-project
+    lagoon.sh/service: cli
+    lagoon.sh/service-type: cli-persistent
+    lagoon.sh/template: cli-persistent-0.1.0
+  name: cli
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: cli
+      app.kubernetes.io/name: cli-persistent
+  strategy: {}
+  template:
+    metadata:
+      annotations:
+        lagoon.sh/branch: main
+        lagoon.sh/configMapSha: abcdefg1234567890
+        lagoon.sh/version: v2.7.x
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/instance: cli
+        app.kubernetes.io/managed-by: build-deploy-tool
+        app.kubernetes.io/name: cli-persistent
+        lagoon.sh/buildType: branch
+        lagoon.sh/environment: main
+        lagoon.sh/environmentType: production
+        lagoon.sh/project: example-project
+        lagoon.sh/service: cli
+        lagoon.sh/service-type: cli-persistent
+        lagoon.sh/template: cli-persistent-0.1.0
+    spec:
+      containers:
+      - env:
+        - name: LAGOON_GIT_SHA
+          value: "0000000000000000000000000000000000000000"
+        - name: CRONJOBS
+          value: |
+            3,18,33,48 * * * * drush cron
+        - name: SERVICE_NAME
+          value: cli
+        envFrom:
+        - configMapRef:
+            name: lagoon-env
+        image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8
+        imagePullPolicy: Always
+        name: cli
+        readinessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - if [ -x /bin/entrypoint-readiness ]; then /bin/entrypoint-readiness;
+              fi
+          failureThreshold: 3
+          initialDelaySeconds: 5
+          periodSeconds: 2
+        resources:
+          limits:
+            ephemeral-storage: 160Gi
+            memory: 16Gi
+          requests:
+            cpu: 10m
+            ephemeral-storage: 1Gi
+            memory: 10Mi
+        securityContext: {}
+        volumeMounts:
+        - mountPath: /var/run/secrets/lagoon/sshkey/
+          name: lagoon-sshkey
+          readOnly: true
+        - mountPath: /app/docroot/sites/default/files//php
+          name: nginx-php-twig
+        - mountPath: /app/docroot/sites/default/files/
+          name: nginx-php
+      enableServiceLinks: false
+      imagePullSecrets:
+      - name: lagoon-internal-registry-secret
+      priorityClassName: lagoon-priority-production
+      securityContext:
+        fsGroup: 10001
+        runAsGroup: 0
+        runAsUser: 10000
+      volumes:
+      - name: lagoon-sshkey
+        secret:
+          defaultMode: 420
+          secretName: lagoon-sshkey
+      - emptyDir: {}
+        name: nginx-php-twig
+      - name: nginx-php
+        persistentVolumeClaim:
+          claimName: nginx-php
+status: {}