Merge pull request #349 from mintel/INFRA-37596-remove-cpu-limits-prod

Remove default CPU limits for containers
mintel · Oct 1, 2024 · 6c1475c · 6c1475c
2 parents 6a1f292 + fc7a443
commit 6c1475c
Show file tree

Hide file tree

Showing 13 changed files with 10 additions and 45 deletions.
diff --git a/charts/standard-application-stack/CHANGELOG.md b/charts/standard-application-stack/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v7.5.1] - 2024-10-01
+### Removed
+- Remove default CPU limits for containers
+
 ## [v7.5.0] - 2024-09-09
 ### Added
 - Add `app.mintel.com/application` to `podTargetLabels` (ensures label is added to ingested metric)

diff --git a/charts/standard-application-stack/Chart.yaml b/charts/standard-application-stack/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 7.5.0
+version: 7.5.1
 
 dependencies:
   - name: redis

diff --git a/charts/standard-application-stack/README.md b/charts/standard-application-stack/README.md
@@ -1,6 +1,6 @@
 # standard-application-stack
 
-![Version: 7.5.0](https://img.shields.io/badge/Version-7.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 7.5.1](https://img.shields.io/badge/Version-7.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A generic chart to support most common application requirements
 
@@ -92,15 +92,13 @@ A generic chart to support most common application requirements
 | extraSecrets | list | `[]` |  |
 | filebeatSidecar.enabled | bool | `false` |  |
 | filebeatSidecar.metrics.enabled | bool | `true` |  |
-| filebeatSidecar.metrics.resources.limits.cpu | string | `"200m"` |  |
 | filebeatSidecar.metrics.resources.limits.memory | string | `"200Mi"` |  |
 | filebeatSidecar.metrics.resources.requests.cpu | string | `"100m"` |  |
 | filebeatSidecar.metrics.resources.requests.memory | string | `"100Mi"` |  |
-| filebeatSidecar.resources.limits.cpu | string | `"200m"` |  |
 | filebeatSidecar.resources.limits.memory | string | `"200Mi"` |  |
 | filebeatSidecar.resources.requests.cpu | string | `"100m"` |  |
 | filebeatSidecar.resources.requests.memory | string | `"100Mi"` |  |
-| gitSyncSidecar | object | `{"branch":"main","enabled":false,"resources":{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"50m","memory":"50Mi"}},"root":"/data/git-sync"}` | Helper to sync a local directory with Git ref: https://github.com/kubernetes/git-sync |
+| gitSyncSidecar | object | `{"branch":"main","enabled":false,"resources":{"limits":{"memory":"200Mi"},"requests":{"cpu":"50m","memory":"50Mi"}},"root":"/data/git-sync"}` | Helper to sync a local directory with Git ref: https://github.com/kubernetes/git-sync |
 | gitSyncSidecar.branch | string | `"main"` | The git branch to check out |
 | global | object | `{"additionalLabels":{},"application":"","cloudProvider":{"accountId":"","region":""},"clusterDomain":"127.0.0.1.nip.io","clusterEnv":"local","clusterName":"","component":"","ingressTLSSecrets":{},"name":"example-app","owner":"","partOf":"","runtimeEnvironment":"kubernetes","terraform":{"externalSecrets":false,"irsa":false}}` | Global variables for us in all charts and sub charts |
 | global.additionalLabels | object | `{}` | Additional labels to apply to all resources |
@@ -198,14 +196,12 @@ A generic chart to support most common application requirements
 | mailhog.enabled | bool | `false` |  |
 | main | object | `{"env":[]}` | Optional environment variables injected into the 'main' container of the app-deployment |
 | mariadb.client.enabled | bool | `true` |  |
-| mariadb.client.resources.limits.cpu | string | `"300m"` |  |
 | mariadb.client.resources.limits.memory | string | `"128Mi"` |  |
 | mariadb.client.resources.requests.cpu | string | `"100m"` |  |
 | mariadb.client.resources.requests.memory | string | `"64Mi"` |  |
 | mariadb.enabled | bool | `false` |  |
 | mariadb.extraUsers | object | `{"enabled":false,"job":{"logLevel":"INFO"},"users":[]}` | set up extra users for a database and table that already exist |
 | mariadb.metrics.enabled | bool | `false` |  |
-| mariadb.metrics.resources.limits.cpu | string | `"300m"` |  |
 | mariadb.metrics.resources.limits.memory | string | `"128Mi"` |  |
 | mariadb.metrics.resources.requests.cpu | string | `"100m"` |  |
 | mariadb.metrics.resources.requests.memory | string | `"64Mi"` |  |
@@ -243,8 +239,8 @@ A generic chart to support most common application requirements
 | oauthProxy.skipAuthRegexes | list | `[]` | Optional: list of URL endpoints to bypass oauth-proxy for Health check and readiness urls are skipped automatically |
 | oauthProxy.type | string | `"portal"` | Identifies oauth-proxy as auth'ing with a mintel portal instance |
 | oauthProxy.userIdClaim | string | `""` | Optional: Claim contains the user ID |
-| opensearch | object | `{"awsEsProxy":{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}},"enabled":false,"outputSecret":true,"secretRefreshIntervalOverride":"","secretStoreRefOverride":""}` | Configures AWS Opensearch deployment/connections |
-| opensearch.awsEsProxy | object | `{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}}` | Configures aws-es-proxy to enable external access to opensearch |
+| opensearch | object | `{"awsEsProxy":{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}},"enabled":false,"outputSecret":true,"secretRefreshIntervalOverride":"","secretStoreRefOverride":""}` | Configures AWS Opensearch deployment/connections |
+| opensearch.awsEsProxy | object | `{"enabled":false,"ingress":{"alb":{"backendProtocol":"HTTP","backendProtocolVersion":"HTTP1","healthcheck":{"healthyThresholdCount":2,"intervalSeconds":15,"path":"/_cluster/health","protocol":"HTTP","timeoutSeconds":5,"unhealthyThresholdCount":2},"okta":{"authOnUnauthenticated":"authenticate","enabled":false,"extraRedirectPaths":[],"groups":"","ingressName":"","redirectPath":"","users":""},"preStopDelay":{"delaySeconds":15,"enabled":true},"scheme":"internet-facing","targetGroupAttributes":{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}},"enabled":false,"extraAnnotations":{},"path":"/_dashboards"},"port":9200,"resources":{"limits":{"memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}}` | Configures aws-es-proxy to enable external access to opensearch |
 | opensearch.awsEsProxy.enabled | bool | `false` | Set to true to add an aws-es-proxy deployment in front of opensearch |
 | opensearch.awsEsProxy.ingress.alb.backendProtocol | string | `"HTTP"` | Application Version (HTTP / HTTPS) |
 | opensearch.awsEsProxy.ingress.alb.backendProtocolVersion | string | `"HTTP1"` | Application Protocol Version (HTTP1 / HTTP2 / GRPC) |
@@ -267,7 +263,7 @@ A generic chart to support most common application requirements
 | opensearch.awsEsProxy.ingress.alb.targetGroupAttributes | object | `{"deregistration_delay.timeout_seconds":5,"load_balancing.algorithm.type":"least_outstanding_requests"}` | Target group attributes (see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes) |
 | opensearch.awsEsProxy.ingress.path | string | `"/_dashboards"` | Path for the Ingress |
 | opensearch.awsEsProxy.port | int | `9200` | Port for aws-es-proxy to listen on |
-| opensearch.awsEsProxy.resources | object | `{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resource requests and limits for aws-es-proxy sidecar ref: http://kubernetes.io/docs/user-guide/compute-resources |
+| opensearch.awsEsProxy.resources | object | `{"limits":{"memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resource requests and limits for aws-es-proxy sidecar ref: http://kubernetes.io/docs/user-guide/compute-resources |
 | opensearch.awsEsProxy.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | Ingress for aws-es-proxy |
 | opensearch.enabled | bool | `false` | Set to true if deployment makes use of AWS opensearch |
 | opensearch.outputSecret | bool | `true` | set outputSecret to true to allow TF Cloud chart create ExternalSecrets |
@@ -290,7 +286,6 @@ A generic chart to support most common application requirements
 | podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":1000}` | Pod Security context for the container ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
 | port | int | `8000` | Set port to null to skip adding container Ports |
 | postgresql.client.enabled | bool | `true` |  |
-| postgresql.client.resources.limits.cpu | string | `"300m"` |  |
 | postgresql.client.resources.limits.memory | string | `"128Mi"` |  |
 | postgresql.client.resources.requests.cpu | string | `"100m"` |  |
 | postgresql.client.resources.requests.memory | string | `"64Mi"` |  |
@@ -300,7 +295,6 @@ A generic chart to support most common application requirements
 | postgresql.extraUsers.users | list | `[]` |  |
 | postgresql.image.tag | string | `"13.5.0-debian-10-r52"` |  |
 | postgresql.metrics.enabled | bool | `false` |  |
-| postgresql.metrics.resources.limits.cpu | string | `"300m"` |  |
 | postgresql.metrics.resources.limits.memory | string | `"128Mi"` |  |
 | postgresql.metrics.resources.requests.cpu | string | `"100m"` |  |
 | postgresql.metrics.resources.requests.memory | string | `"64M"` |  |

diff --git a/charts/standard-application-stack/templates/_oauth-proxy.tpl b/charts/standard-application-stack/templates/_oauth-proxy.tpl
@@ -73,7 +73,6 @@
     {{- toYaml .proxiedService.oauthProxy.resources | nindent 4 }}
     {{- else }}
     limits:
-      cpu: 200m
       memory: 128Mi
     requests:
       cpu: 100m

diff --git a/charts/standard-application-stack/templates/mariadb-py-dba.yaml b/charts/standard-application-stack/templates/mariadb-py-dba.yaml
@@ -44,7 +44,6 @@ spec:
           {{- end }}
         resources:
           limits:
-            cpu: 200m
             memory: 64Mi
           requests:
             cpu: 100m

diff --git a/charts/standard-application-stack/templates/postgresql-py-dba.yaml b/charts/standard-application-stack/templates/postgresql-py-dba.yaml
@@ -44,7 +44,6 @@ spec:
           {{- end }}
         resources:
           limits:
-            cpu: 200m
             memory: 64Mi
           requests:
             cpu: 100m

diff --git a/charts/standard-application-stack/tests/__snapshot__/jobs_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/jobs_test.yaml.snap
@@ -46,7 +46,6 @@ Check all .job.* values can be set correctly, without overriding from main deplo
               name: main
               resources:
                 limits:
-                  cpu: 1000m
                   memory: 2Gi
                 requests:
                   cpu: 1000m
@@ -119,7 +118,6 @@ Check all overrides/additions from main deployment work if enabled:
               name: main
               resources:
                 limits:
-                  cpu: 1000m
                   memory: 2Gi
                 requests:
                   cpu: 1000m
@@ -208,7 +206,6 @@ Check default values are correct with minimal configuration:
               name: main
               resources:
                 limits:
-                  cpu: 1000m
                   memory: 2Gi
                 requests:
                   cpu: 1000m

diff --git a/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/mariadb_py_dba_test.yaml.snap
@@ -38,7 +38,6 @@ adds correct config to configmap:
               name: main
               resources:
                 limits:
-                  cpu: 200m
                   memory: 64Mi
                 requests:
                   cpu: 100m
@@ -132,7 +131,6 @@ extraUsers adds job and configmap:
               name: main
               resources:
                 limits:
-                  cpu: 200m
                   memory: 64Mi
                 requests:
                   cpu: 100m

diff --git a/charts/standard-application-stack/tests/__snapshot__/oauth2proxy_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/oauth2proxy_test.yaml.snap
@@ -138,7 +138,6 @@ Check default container args:
                   scheme: HTTP
               resources:
                 limits:
-                  cpu: 200m
                   memory: 128Mi
                 requests:
                   cpu: 100m
@@ -307,7 +306,6 @@ Check setting skip-auth-regex from extra passed in values:
                   scheme: HTTP
               resources:
                 limits:
-                  cpu: 200m
                   memory: 128Mi
                 requests:
                   cpu: 100m
@@ -476,7 +474,6 @@ Check setting skip-auth-regex from extra passed in values when they already cont
                   scheme: HTTP
               resources:
                 limits:
-                  cpu: 200m
                   memory: 128Mi
                 requests:
                   cpu: 100m
@@ -644,7 +641,6 @@ Check setting skip-auth-regex from overridden health-check values:
                   scheme: HTTP
               resources:
                 limits:
-                  cpu: 200m
                   memory: 128Mi
                 requests:
                   cpu: 100m
@@ -812,7 +808,6 @@ Check sidecar present if enabled:
                   scheme: HTTP
               resources:
                 limits:
-                  cpu: 200m
                   memory: 128Mi
                 requests:
                   cpu: 100m

diff --git a/charts/standard-application-stack/tests/__snapshot__/opensearch_aws_es_proxy_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/opensearch_aws_es_proxy_test.yaml.snap
@@ -205,7 +205,6 @@ Check awsEsProxy deployment is created if enabled:
                 timeoutSeconds: 1
               resources:
                 limits:
-                  cpu: 200m
                   memory: 128Mi
                 requests:
                   cpu: 100m

diff --git a/charts/standard-application-stack/tests/__snapshot__/postgresql_py_dba_test.yaml.snap b/charts/standard-application-stack/tests/__snapshot__/postgresql_py_dba_test.yaml.snap
@@ -38,7 +38,6 @@ adds correct config to configmap:
               name: main
               resources:
                 limits:
-                  cpu: 200m
                   memory: 64Mi
                 requests:
                   cpu: 100m
@@ -132,7 +131,6 @@ extraUsers adds job and configmap:
               name: main
               resources:
                 limits:
-                  cpu: 200m
                   memory: 64Mi
                 requests:
                   cpu: 100m

diff --git a/charts/standard-application-stack/tests/jobs_test.yaml b/charts/standard-application-stack/tests/jobs_test.yaml
@@ -14,7 +14,6 @@ tests:
         - name: testJobName
           resources:
             limits:
-              cpu: 1000m
               memory: 2Gi
             requests:
               cpu: 1000m
@@ -75,7 +74,6 @@ tests:
               image: someimage
           resources:
             limits:
-              cpu: 1000m
               memory: 2Gi
             requests:
               cpu: 1000m
@@ -139,7 +137,6 @@ tests:
           path: spec.template.spec.containers[0].resources
           value:
             limits:
-              cpu: 1000m
               memory: 2Gi
             requests:
               cpu: 1000m
@@ -178,7 +175,6 @@ tests:
                 name: another-secret-ref
           resources:
             limits:
-              cpu: 1000m
               memory: 2Gi
             requests:
               cpu: 1000m

diff --git a/charts/standard-application-stack/values.yaml b/charts/standard-application-stack/values.yaml
@@ -355,7 +355,6 @@ readiness:
 resources:
   # -- The resource limits for the container
   limits: {}
-  #    cpu: 1000m
   #    memory: 2Gi
   # -- The requested resources for the container
   requests: {}
@@ -716,7 +715,6 @@ oauthProxy:
   #  resources:
   # -- The resource limits for the container
   #    limits: {}
-  #    cpu: 200m
   #    memory: 128Mi
   # -- The requested resources for the container
   #    requests: {}
@@ -769,7 +767,6 @@ celery:
   resources:
     # -- The resource limits for the container
     limits: {}
-    #    cpu: 1000m
     #    memory: 2Gi
     # -- The requested resources for the container
     requests: {}
@@ -843,7 +840,6 @@ celeryBeat:
   resources:
     # -- The resource limits for the container
     limits: {}
-    #    cpu: 1000m
     #    memory: 2Gi
     # -- The requested resources for the container
     requests: {}
@@ -917,7 +913,6 @@ cronjobs:
     #   extraInitContainers: {}
     #   resources:
     #     limits:
-    #       cpu: 1000m
     #       memory: 2Gi
     #     requests:
     #       cpu: 1000m
@@ -1027,7 +1022,6 @@ mariadb:
     #    image: {}
     resources:
       limits:
-        cpu: 300m
         memory: 128Mi
       requests:
         cpu: 100m
@@ -1037,7 +1031,6 @@ mariadb:
     #    image: {}
     resources:
       limits:
-        cpu: 300m
         memory: 128Mi
       requests:
         cpu: 100m
@@ -1096,7 +1089,6 @@ postgresql:
     #    image: {}
     resources:
       limits:
-        cpu: 300m
         memory: 128Mi
       requests:
         cpu: 100m
@@ -1106,7 +1098,6 @@ postgresql:
     #    image: {}
     resources:
       limits:
-        cpu: 300m
         memory: 128Mi
       requests:
         cpu: 100m
@@ -1185,7 +1176,6 @@ gitSyncSidecar:
 
   resources:
     limits:
-      cpu: 200m
       memory: 200Mi
     requests:
       cpu: 50m
@@ -1195,7 +1185,6 @@ filebeatSidecar:
   enabled: false
   resources:
     limits:
-      cpu: 200m
       memory: 200Mi
     requests:
       cpu: 100m
@@ -1213,7 +1202,6 @@ filebeatSidecar:
     enabled: true
     resources:
       limits:
-        cpu: 200m
         memory: 200Mi
       requests:
         cpu: 100m
@@ -1247,7 +1235,6 @@ opensearch:
     # ref: http://kubernetes.io/docs/user-guide/compute-resources
     resources:
       limits:
-        cpu: 200m
         memory: 128Mi
       requests:
         cpu: 100m