diff --git a/cmd/controller/app/BUILD.bazel b/cmd/controller/app/BUILD.bazel index 8e3d19888..d73f2a6a7 100644 --- a/cmd/controller/app/BUILD.bazel +++ b/cmd/controller/app/BUILD.bazel @@ -16,6 +16,7 @@ go_library( "//pkg/util/kube:go_default_library", "//vendor/github.com/golang/glog:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/client-go/informers:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index d62d251dd..932c1fed6 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -24,6 +24,7 @@ import ( "github.com/golang/glog" "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/scheme" @@ -125,6 +126,26 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex glog.Infof("Using the following nameservers for DNS01 checks: %v", nameservers) + HTTP01SolverResourceRequestCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestCPU) + if err != nil { + return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestCPU: %s", err.Error()) + } + + HTTP01SolverResourceRequestMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestMemory) + if err != nil { + return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestMemory: %s", err.Error()) + } + + HTTP01SolverResourceLimitsCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsCPU) + if err != nil { + return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsCPU: %s", err.Error()) + } + + HTTP01SolverResourceLimitsMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsMemory) + if err != nil { + return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsMemory: %s", err.Error()) + } + // Create event broadcaster // Add cert-manager types to the default Kubernetes Scheme so Events can be // logged properly @@ -144,8 +165,12 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex KubeSharedInformerFactory: kubeSharedInformerFactory, SharedInformerFactory: sharedInformerFactory, ACMEOptions: controller.ACMEOptions{ - HTTP01SolverImage: opts.ACMEHTTP01SolverImage, - DNS01Nameservers: nameservers, + HTTP01SolverImage: opts.ACMEHTTP01SolverImage, + HTTP01SolverResourceRequestCPU: HTTP01SolverResourceRequestCPU, + HTTP01SolverResourceRequestMemory: HTTP01SolverResourceRequestMemory, + HTTP01SolverResourceLimitsCPU: HTTP01SolverResourceLimitsCPU, + HTTP01SolverResourceLimitsMemory: HTTP01SolverResourceLimitsMemory, + DNS01Nameservers: nameservers, }, IssuerOptions: controller.IssuerOptions{ ClusterIssuerAmbientCredentials: opts.ClusterIssuerAmbientCredentials, diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index aca2598b2..2fa501f3d 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -43,7 +43,11 @@ type ControllerOptions struct { EnabledControllers []string - ACMEHTTP01SolverImage string + ACMEHTTP01SolverImage string + ACMEHTTP01SolverResourceRequestCPU string + ACMEHTTP01SolverResourceRequestMemory string + ACMEHTTP01SolverResourceLimitsCPU string + ACMEHTTP01SolverResourceLimitsMemory string ClusterIssuerAmbientCredentials bool IssuerAmbientCredentials bool @@ -80,7 +84,11 @@ const ( ) var ( - defaultACMEHTTP01SolverImage = fmt.Sprintf("quay.io/jetstack/cert-manager-acmesolver:%s", util.AppVersion) + defaultACMEHTTP01SolverImage = fmt.Sprintf("quay.io/jetstack/cert-manager-acmesolver:%s", util.AppVersion) + defaultACMEHTTP01SolverResourceRequestCPU = "10m" + defaultACMEHTTP01SolverResourceRequestMemory = "64Mi" + defaultACMEHTTP01SolverResourceLimitsCPU = "10m" + defaultACMEHTTP01SolverResourceLimitsMemory = "64Mi" defaultEnabledControllers = []string{ issuerscontroller.ControllerName, @@ -144,6 +152,18 @@ func (s *ControllerOptions) AddFlags(fs *pflag.FlagSet) { "The docker image to use to solve ACME HTTP01 challenges. You most likely will not "+ "need to change this parameter unless you are testing a new feature or developing cert-manager.") + fs.StringVar(&s.ACMEHTTP01SolverResourceRequestCPU, "acme-http01-solver-resource-request-cpu", defaultACMEHTTP01SolverResourceRequestCPU, ""+ + "Defines the resource request CPU size when spawning new ACME HTTP01 challenge solver pods.") + + fs.StringVar(&s.ACMEHTTP01SolverResourceRequestMemory, "acme-http01-solver-resource-request-memory", defaultACMEHTTP01SolverResourceRequestMemory, ""+ + "Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods.") + + fs.StringVar(&s.ACMEHTTP01SolverResourceLimitsCPU, "acme-http01-solver-resource-limits-cpu", defaultACMEHTTP01SolverResourceLimitsCPU, ""+ + "Defines the resource limits CPU size when spawning new ACME HTTP01 challenge solver pods.") + + fs.StringVar(&s.ACMEHTTP01SolverResourceLimitsMemory, "acme-http01-solver-resource-limits-memory", defaultACMEHTTP01SolverResourceLimitsMemory, ""+ + "Defines the resource limits Memory size when spawning new ACME HTTP01 challenge solver pods.") + fs.BoolVar(&s.ClusterIssuerAmbientCredentials, "cluster-issuer-ambient-credentials", defaultClusterIssuerAmbientCredentials, ""+ "Whether a cluster-issuer may make use of ambient credentials for issuers. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the ClusterIssuer API object. "+ "When this flag is enabled, the following sources for credentials are also used: "+ diff --git a/pkg/controller/BUILD.bazel b/pkg/controller/BUILD.bazel index 68d5f7fdd..38ba13fd2 100644 --- a/pkg/controller/BUILD.bazel +++ b/pkg/controller/BUILD.bazel @@ -17,6 +17,7 @@ go_library( "//pkg/client/informers/externalversions:go_default_library", "//pkg/client/listers/certmanager/v1alpha1:go_default_library", "//pkg/issuer:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library", "//vendor/k8s.io/client-go/informers:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", diff --git a/pkg/controller/context.go b/pkg/controller/context.go index 611d9542e..ee486ce1e 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -19,6 +19,7 @@ package controller import ( "time" + "k8s.io/apimachinery/pkg/api/resource" kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/record" @@ -80,6 +81,18 @@ type ACMEOptions struct { // challenges HTTP01SolverImage string + // HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size + HTTP01SolverResourceRequestCPU resource.Quantity + + // HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size + HTTP01SolverResourceRequestMemory resource.Quantity + + // HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size + HTTP01SolverResourceLimitsCPU resource.Quantity + + // HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size + HTTP01SolverResourceLimitsMemory resource.Quantity + // DNS01Nameservers is a list of nameservers to use when performing self-checks // for ACME DNS01 validations. DNS01Nameservers []string diff --git a/pkg/issuer/acme/http/BUILD.bazel b/pkg/issuer/acme/http/BUILD.bazel index d61ef03e0..d354c90eb 100644 --- a/pkg/issuer/acme/http/BUILD.bazel +++ b/pkg/issuer/acme/http/BUILD.bazel @@ -18,7 +18,6 @@ go_library( "//vendor/k8s.io/api/core/v1:go_default_library", "//vendor/k8s.io/api/extensions/v1beta1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/labels:go_default_library", "//vendor/k8s.io/apimachinery/pkg/selection:go_default_library", diff --git a/pkg/issuer/acme/http/pod.go b/pkg/issuer/acme/http/pod.go index 50f972f29..0b9f62e2b 100644 --- a/pkg/issuer/acme/http/pod.go +++ b/pkg/issuer/acme/http/pod.go @@ -22,7 +22,6 @@ import ( "github.com/golang/glog" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/selection" @@ -151,12 +150,12 @@ func (s *Solver) buildPod(crt *v1alpha1.Certificate, ch v1alpha1.ACMEOrderChalle }, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("10m"), - corev1.ResourceMemory: resource.MustParse("64Mi"), + corev1.ResourceCPU: s.ACMEOptions.HTTP01SolverResourceRequestCPU, + corev1.ResourceMemory: s.ACMEOptions.HTTP01SolverResourceRequestMemory, }, Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("10m"), - corev1.ResourceMemory: resource.MustParse("64Mi"), + corev1.ResourceCPU: s.ACMEOptions.HTTP01SolverResourceLimitsCPU, + corev1.ResourceMemory: s.ACMEOptions.HTTP01SolverResourceLimitsMemory, }, }, Ports: []corev1.ContainerPort{