From 283d52ef0d75c2e8b6e29d298e523d4bf8c93da8 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Wed, 27 Mar 2024 01:29:31 +0200 Subject: [PATCH] fix(addons): remove extra resources from there too (#768) --- .../tests/addons/autoperms_test.yaml | 4 + .../tests/addons/codeserver_test.yaml | 26 +++++ .../tests/addons/netshoot_test.yaml | 26 +++++ .../common-test/tests/addons/vpn_test.yaml | 104 ++++++++++++++++++ library/common/Chart.yaml | 2 +- .../addons/code-server/_container.tpl | 2 + .../templates/addons/netshoot/_container.tpl | 2 + .../addons/vpn/_gluetunContainer.tpl | 2 + .../addons/vpn/_openvpnContainer.tpl | 2 + .../addons/vpn/_tailscaleContainer.tpl | 2 + .../addons/vpn/_wireguardContainer.tpl | 2 + .../common/templates/lib/util/_autoperms.tpl | 1 + 12 files changed, 174 insertions(+), 1 deletion(-) diff --git a/library/common-test/tests/addons/autoperms_test.yaml b/library/common-test/tests/addons/autoperms_test.yaml index fa80ad62..49569528 100644 --- a/library/common-test/tests/addons/autoperms_test.yaml +++ b/library/common-test/tests/addons/autoperms_test.yaml @@ -635,6 +635,9 @@ tests: - it: should have different resources set: + resources: + limits: + nvidia.com/gpu: 1 workload: workload-name: enabled: true @@ -680,6 +683,7 @@ tests: limits: cpu: 4000m memory: 8Gi + nvidia.com/gpu: 1 - documentIndex: *jobDoc equal: path: spec.template.spec.containers[0].resources diff --git a/library/common-test/tests/addons/codeserver_test.yaml b/library/common-test/tests/addons/codeserver_test.yaml index c11a48a4..743f4c35 100644 --- a/library/common-test/tests/addons/codeserver_test.yaml +++ b/library/common-test/tests/addons/codeserver_test.yaml @@ -65,6 +65,9 @@ tests: - it: addon enabled should pass without other service set: workload: *workload + resources: + limits: + nvidia.com/gpu: 1 service: main: enabled: false @@ -90,10 +93,33 @@ tests: equal: path: spec.template.spec.containers[0].name value: test-release-name-common-test-codeserver + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument equal: path: spec.template.spec.containers[1].name value: test-release-name-common-test + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + nvidia.com/gpu: 1 + requests: + cpu: 10m + memory: 50Mi - documentIndex: *AddonServiceDocument equal: path: metadata.name diff --git a/library/common-test/tests/addons/netshoot_test.yaml b/library/common-test/tests/addons/netshoot_test.yaml index c16778d3..c2df2c68 100644 --- a/library/common-test/tests/addons/netshoot_test.yaml +++ b/library/common-test/tests/addons/netshoot_test.yaml @@ -7,6 +7,9 @@ release: tests: - it: addon enabled should pass set: + resources: + limits: + nvidia.com/gpu: 1 workload: main: enabled: true @@ -46,10 +49,33 @@ tests: equal: path: spec.template.spec.containers[0].name value: test-release-name-common-test + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + nvidia.com/gpu: 1 + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument equal: path: spec.template.spec.containers[1].name value: test-release-name-common-test-netshoot + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi - documentIndex: *ServiceDocument equal: path: metadata.name diff --git a/library/common-test/tests/addons/vpn_test.yaml b/library/common-test/tests/addons/vpn_test.yaml index f1640533..98b5c501 100644 --- a/library/common-test/tests/addons/vpn_test.yaml +++ b/library/common-test/tests/addons/vpn_test.yaml @@ -7,6 +7,9 @@ release: tests: - it: addon vpn gluetun enabled with config and env should pass set: + resources: + limits: + nvidia.com/gpu: 1 addons: vpn: type: gluetun @@ -71,10 +74,33 @@ tests: equal: path: spec.template.spec.containers[0].name value: test-release-name-common-test + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + nvidia.com/gpu: 1 + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument equal: path: spec.template.spec.containers[1].name value: test-release-name-common-test-vpn + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi - documentIndex: *ServiceDocument equal: path: metadata.name @@ -520,6 +546,9 @@ tests: - it: tailscale addon enabled with authkey should pass set: + resources: + limits: + nvidia.com/gpu: 1 addons: vpn: type: tailscale @@ -544,10 +573,33 @@ tests: equal: path: spec.template.spec.containers[0].name value: test-release-name-common-test + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + nvidia.com/gpu: 1 + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument equal: path: spec.template.spec.containers[1].name value: test-release-name-common-test-tailscale + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument contains: path: spec.template.spec.containers[1].env @@ -671,6 +723,9 @@ tests: - it: addon vpn openvpn enabled with configFile set: + resources: + limits: + nvidia.com/gpu: 1 addons: vpn: type: openvpn @@ -737,6 +792,18 @@ tests: equal: path: spec.template.spec.containers[0].name value: test-release-name-common-test + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + nvidia.com/gpu: 1 + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument contains: path: spec.template.spec.containers[1].volumeMounts @@ -755,6 +822,17 @@ tests: equal: path: spec.template.spec.containers[1].name value: test-release-name-common-test-vpn + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument contains: path: spec.template.spec.volumes @@ -766,6 +844,9 @@ tests: - it: addon vpn wireguard enabled with configFile set: + resources: + limits: + nvidia.com/gpu: 1 addons: vpn: type: wireguard @@ -832,6 +913,18 @@ tests: equal: path: spec.template.spec.containers[0].name value: test-release-name-common-test + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[0] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + nvidia.com/gpu: 1 + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument contains: path: spec.template.spec.containers[1].volumeMounts @@ -850,6 +943,17 @@ tests: equal: path: spec.template.spec.containers[1].name value: test-release-name-common-test-vpn + - documentIndex: *DeploymentDocument + isSubset: + path: spec.template.spec.containers[1] + content: + resources: + limits: + cpu: 4000m + memory: 8Gi + requests: + cpu: 10m + memory: 50Mi - documentIndex: *DeploymentDocument contains: path: spec.template.spec.volumes diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml index 5a46d853..5a3bef5e 100644 --- a/library/common/Chart.yaml +++ b/library/common/Chart.yaml @@ -15,7 +15,7 @@ maintainers: name: common sources: null type: library -version: 20.2.8 +version: 20.2.9 annotations: artifacthub.io/category: "integration-delivery" artifacthub.io/license: "BUSL-1.1" diff --git a/library/common/templates/addons/code-server/_container.tpl b/library/common/templates/addons/code-server/_container.tpl index a66572d2..62d5e6ed 100644 --- a/library/common/templates/addons/code-server/_container.tpl +++ b/library/common/templates/addons/code-server/_container.tpl @@ -18,6 +18,8 @@ probes: path: "/" imageSelector: "codeserverImage" imagePullPolicy: {{ .Values.codeserverImage.pullPolicy }} +resources: + excludeExtra: true securityContext: runAsUser: 0 runAsGroup: 0 diff --git a/library/common/templates/addons/netshoot/_container.tpl b/library/common/templates/addons/netshoot/_container.tpl index bfc954f4..8084420a 100644 --- a/library/common/templates/addons/netshoot/_container.tpl +++ b/library/common/templates/addons/netshoot/_container.tpl @@ -15,6 +15,8 @@ probes: startup: enabled: false imageSelector: "netshootImage" +resources: + excludeExtra: true securityContext: runAsUser: 0 runAsGroup: 0 diff --git a/library/common/templates/addons/vpn/_gluetunContainer.tpl b/library/common/templates/addons/vpn/_gluetunContainer.tpl index 59e3a4f7..1eb85c77 100644 --- a/library/common/templates/addons/vpn/_gluetunContainer.tpl +++ b/library/common/templates/addons/vpn/_gluetunContainer.tpl @@ -16,6 +16,8 @@ probes: enabled: false startup: enabled: false +resources: + excludeExtra: true securityContext: runAsUser: 0 runAsNonRoot: false diff --git a/library/common/templates/addons/vpn/_openvpnContainer.tpl b/library/common/templates/addons/vpn/_openvpnContainer.tpl index 26c881a2..59753203 100644 --- a/library/common/templates/addons/vpn/_openvpnContainer.tpl +++ b/library/common/templates/addons/vpn/_openvpnContainer.tpl @@ -16,6 +16,8 @@ probes: enabled: false startup: enabled: false +resources: + excludeExtra: true securityContext: runAsUser: 0 runAsGroup: 0 diff --git a/library/common/templates/addons/vpn/_tailscaleContainer.tpl b/library/common/templates/addons/vpn/_tailscaleContainer.tpl index 50998d0a..a66564a5 100644 --- a/library/common/templates/addons/vpn/_tailscaleContainer.tpl +++ b/library/common/templates/addons/vpn/_tailscaleContainer.tpl @@ -18,6 +18,8 @@ probes: enabled: false command: - /usr/local/bin/containerboot +resources: + excludeExtra: true securityContext: {{- if $.Values.addons.vpn.tailscale.userspace }} runAsUser: 1000 diff --git a/library/common/templates/addons/vpn/_wireguardContainer.tpl b/library/common/templates/addons/vpn/_wireguardContainer.tpl index 3fd7eb77..81b34647 100644 --- a/library/common/templates/addons/vpn/_wireguardContainer.tpl +++ b/library/common/templates/addons/vpn/_wireguardContainer.tpl @@ -16,6 +16,8 @@ probes: enabled: false startup: enabled: false +resources: + excludeExtra: true securityContext: runAsUser: 568 runAsGroup: 568 diff --git a/library/common/templates/lib/util/_autoperms.tpl b/library/common/templates/lib/util/_autoperms.tpl index 417a12fe..0270d672 100644 --- a/library/common/templates/lib/util/_autoperms.tpl +++ b/library/common/templates/lib/util/_autoperms.tpl @@ -59,6 +59,7 @@ podSpec: - DAC_OVERRIDE - FOWNER resources: + excludeExtra: true limits: cpu: 2000m memory: 2Gi