Skip to content

Commit

Permalink
fix(helm): set CP memory limits, by default equal to memory request, …
Browse files Browse the repository at this point in the history 
…set CP CPU requests (#6127)

* ci: don't require CPU limits and enable kube-linter checks

See https://web.archive.org/web/20220805232857/https://home.robusta.dev/blog/stop-using-cpu-limits/ and https://web.archive.org/web/20220720151847/https://github.com/robusta-dev/alert-explanations/wiki/CPUThrottlingHigh-(Prometheus-Alert)
Generally we shouldn't be setting CPU limits on Pods.

[Best practice on memory is request=limit](https://web.archive.org/web/20221128074809/https://home.robusta.dev/blog/kubernetes-memory-limit)

* ci(make): only kube-lint deployments/charts/kuma
* fix(helm): set CP memory limits, by default equal to memory request

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
  • Loading branch information
@michaelbeaumont
michaelbeaumont authored Mar 10, 2023
1 parent 5d17447 commit cc367db
Show file tree
Hide file tree
Showing 28 changed files with 89 additions and 50 deletions.
18 changes: 15 additions & 3 deletions .kube-linter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,18 @@
checks:
doNotAutoAddDefaults: true
include:
- "privileged-container"
exclude:
- "unset-cpu-requirements"

customChecks:
- name: "unset-cpu-requests"
description: "Indicates when containers do not have CPU requests set."
scope:
objectKinds:
- DeploymentLike
remediation: >-
Set CPU requests for your container based on its requirements.
Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
template: "cpu-requirements"
params:
requirementsType: "request"
lowerBoundMillis: 0
upperBoundMillis: 0
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -652,8 +652,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.cni-legacy-enabled.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -630,8 +630,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5897,8 +5897,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
8 changes: 3 additions & 5 deletions app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,12 @@ controlPlane:
automountServiceAccountToken: true

# -- Optionally override the resource spec
# @default -- the resources will be chosen based on the mode
resources:
requests:
# cpu: 100m
# memory: 256Mi
cpu: 500m
memory: 256Mi
limits:
# cpu: 250m
# memory: 512Mi
memory: 256Mi

# -- Pod lifecycle settings (useful for adding a preStop hook, when
# using AWS ALB or NLB)
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.gateway-api-present-not-enabled.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5897,8 +5897,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.gateway-api-present.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6053,8 +6053,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
2 changes: 2 additions & 0 deletions app/kumactl/cmd/install/testdata/install-control-plane.global-universal-on-k8s.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,8 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 500m
memory: 256Mi
Expand Down
2 changes: 2 additions & 0 deletions app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,8 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 500m
memory: 256Mi
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,8 +452,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -468,8 +468,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.registry.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,8 +452,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion ...l/cmd/install/testdata/install-control-plane.tproxy-ebpf-experimental-enabled.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,8 +462,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -483,8 +483,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5963,8 +5963,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,8 +452,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,8 +487,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -456,8 +456,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-cp-helm/empty.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,8 +452,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-cp-helm/fix4485.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -475,8 +475,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-cp-helm/fix4496.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -498,8 +498,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -728,8 +728,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-cp-helm/fix5978.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -518,8 +518,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
4 changes: 3 additions & 1 deletion app/kumactl/cmd/install/testdata/install-cp-helm/securityContext.golden.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -453,8 +453,10 @@ spec:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
cpu: 500m
memory: 256Mi

volumeMounts:
Expand Down
2 changes: 1 addition & 1 deletion deployments/charts/kuma/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ A Helm chart for the Kuma Control Plane
| controlPlane.globalZoneSyncService.port | int | `5685` | Port on which Global Zone Sync Service is exposed |
| controlPlane.defaults.skipMeshCreation | bool | `false` | Whether to skip creating the default Mesh |
| controlPlane.automountServiceAccountToken | bool | `true` | Whether to automountServiceAccountToken for cp. Optionally set to false |
| controlPlane.resources | object | the resources will be chosen based on the mode | Optionally override the resource spec |
| controlPlane.resources | object | `{"limits":{"memory":"256Mi"},"requests":{"cpu":"500m","memory":"256Mi"}}` | Optionally override the resource spec |
| controlPlane.lifecycle | object | `{}` | Pod lifecycle settings (useful for adding a preStop hook, when using AWS ALB or NLB) |
| controlPlane.terminationGracePeriodSeconds | int | `30` | Number of seconds to wait before force killing the pod. Make sure to update this if you add a preStop hook. |
| controlPlane.tls.general.secretName | string | `""` | Secret that contains tls.crt, tls.key [and ca.crt when no controlPlane.tls.general.caSecretName specified] for protecting Kuma in-cluster communication |
Expand Down
17 changes: 2 additions & 15 deletions deployments/charts/kuma/templates/cp-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,21 +153,8 @@ spec:
path: /ready
port: 5680
resources:
{{- if .Values.controlPlane.resources.requests }}
requests:
{{ .Values.controlPlane.resources.requests | toYaml | nindent 14 }}
{{- else if eq .Values.controlPlane.mode "global" }}
requests:
cpu: 500m
memory: 256Mi
{{- else }}
requests:
cpu: 100m
memory: 256Mi
{{- end }}
{{- if .Values.controlPlane.resources.limits }}
limits:
{{ .Values.controlPlane.resources.limits | toYaml | nindent 14 }}
{{- if .Values.controlPlane.resources }}
{{- .Values.controlPlane.resources | toYaml | nindent 12 }}
{{- end }}
{{ with .Values.controlPlane.lifecycle }}
lifecycle: {{ . | toYaml | nindent 14 }}
Expand Down
8 changes: 3 additions & 5 deletions deployments/charts/kuma/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,12 @@ controlPlane:
automountServiceAccountToken: true

# -- Optionally override the resource spec
# @default -- the resources will be chosen based on the mode
resources:
requests:
# cpu: 100m
# memory: 256Mi
cpu: 500m
memory: 256Mi
limits:
# cpu: 250m
# memory: 512Mi
memory: 256Mi

# -- Pod lifecycle settings (useful for adding a preStop hook, when
# using AWS ALB or NLB)
Expand Down
2 changes: 1 addition & 1 deletion mk/check.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ format: fmt format/common

.PHONY: kube-lint
kube-lint:
$(KUBE_LINTER) lint .
$(KUBE_LINTER) lint deployments/charts/kuma

.PHONY: hadolint
hadolint:
Expand Down

0 comments on commit cc367db

Please sign in to comment.