make http01 solver pod resource request/limits configurable, refs #892
Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>
This commit is contained in:
Arnold Bechtoldt
parent
d374e33b71
commit
845eb7f57c
@ -16,6 +16,7 @@ go_library(
|
||||
"//pkg/util/kube:go_default_library",
|
||||
"//vendor/github.com/golang/glog:go_default_library",
|
||||
"//vendor/k8s.io/api/core/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//vendor/k8s.io/client-go/informers:go_default_library",
|
||||
"//vendor/k8s.io/client-go/kubernetes:go_default_library",
|
||||
|
||||
@ -24,6 +24,7 @@ import (
|
||||
|
||||
"github.com/golang/glog"
|
||||
"k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/resource"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/kubernetes/scheme"
|
||||
@ -125,6 +126,26 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex
|
||||
|
||||
glog.Infof("Using the following nameservers for DNS01 checks: %v", nameservers)
|
||||
|
||||
HTTP01SolverResourceRequestCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestCPU)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestCPU: %s", err.Error())
|
||||
}
|
||||
|
||||
HTTP01SolverResourceRequestMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceRequestMemory)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceRequestMemory: %s", err.Error())
|
||||
}
|
||||
|
||||
HTTP01SolverResourceLimitsCPU, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsCPU)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsCPU: %s", err.Error())
|
||||
}
|
||||
|
||||
HTTP01SolverResourceLimitsMemory, err := resource.ParseQuantity(opts.ACMEHTTP01SolverResourceLimitsMemory)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("error parsing ACMEHTTP01SolverResourceLimitsMemory: %s", err.Error())
|
||||
}
|
||||
|
||||
// Create event broadcaster
|
||||
// Add cert-manager types to the default Kubernetes Scheme so Events can be
|
||||
// logged properly
|
||||
@ -145,6 +166,10 @@ func buildControllerContext(opts *options.ControllerOptions) (*controller.Contex
|
||||
SharedInformerFactory: sharedInformerFactory,
|
||||
ACMEOptions: controller.ACMEOptions{
|
||||
HTTP01SolverImage: opts.ACMEHTTP01SolverImage,
|
||||
HTTP01SolverResourceRequestCPU: HTTP01SolverResourceRequestCPU,
|
||||
HTTP01SolverResourceRequestMemory: HTTP01SolverResourceRequestMemory,
|
||||
HTTP01SolverResourceLimitsCPU: HTTP01SolverResourceLimitsCPU,
|
||||
HTTP01SolverResourceLimitsMemory: HTTP01SolverResourceLimitsMemory,
|
||||
DNS01Nameservers: nameservers,
|
||||
},
|
||||
IssuerOptions: controller.IssuerOptions{
|
||||
|
||||
@ -44,6 +44,10 @@ type ControllerOptions struct {
|
||||
EnabledControllers []string
|
||||
|
||||
ACMEHTTP01SolverImage string
|
||||
ACMEHTTP01SolverResourceRequestCPU string
|
||||
ACMEHTTP01SolverResourceRequestMemory string
|
||||
ACMEHTTP01SolverResourceLimitsCPU string
|
||||
ACMEHTTP01SolverResourceLimitsMemory string
|
||||
|
||||
ClusterIssuerAmbientCredentials bool
|
||||
IssuerAmbientCredentials bool
|
||||
@ -81,6 +85,10 @@ const (
|
||||
|
||||
var (
|
||||
defaultACMEHTTP01SolverImage = fmt.Sprintf("quay.io/jetstack/cert-manager-acmesolver:%s", util.AppVersion)
|
||||
defaultACMEHTTP01SolverResourceRequestCPU = "10m"
|
||||
defaultACMEHTTP01SolverResourceRequestMemory = "64Mi"
|
||||
defaultACMEHTTP01SolverResourceLimitsCPU = "10m"
|
||||
defaultACMEHTTP01SolverResourceLimitsMemory = "64Mi"
|
||||
|
||||
defaultEnabledControllers = []string{
|
||||
issuerscontroller.ControllerName,
|
||||
@ -144,6 +152,18 @@ func (s *ControllerOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
"The docker image to use to solve ACME HTTP01 challenges. You most likely will not "+
|
||||
"need to change this parameter unless you are testing a new feature or developing cert-manager.")
|
||||
|
||||
fs.StringVar(&s.ACMEHTTP01SolverResourceRequestCPU, "acme-http01-solver-resource-request-cpu", defaultACMEHTTP01SolverResourceRequestCPU, ""+
|
||||
"Defines the resource request CPU size when spawning new ACME HTTP01 challenge solver pods.")
|
||||
|
||||
fs.StringVar(&s.ACMEHTTP01SolverResourceRequestMemory, "acme-http01-solver-resource-request-memory", defaultACMEHTTP01SolverResourceRequestMemory, ""+
|
||||
"Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods.")
|
||||
|
||||
fs.StringVar(&s.ACMEHTTP01SolverResourceLimitsCPU, "acme-http01-solver-resource-limits-cpu", defaultACMEHTTP01SolverResourceLimitsCPU, ""+
|
||||
"Defines the resource limits CPU size when spawning new ACME HTTP01 challenge solver pods.")
|
||||
|
||||
fs.StringVar(&s.ACMEHTTP01SolverResourceLimitsMemory, "acme-http01-solver-resource-limits-memory", defaultACMEHTTP01SolverResourceLimitsMemory, ""+
|
||||
"Defines the resource limits Memory size when spawning new ACME HTTP01 challenge solver pods.")
|
||||
|
||||
fs.BoolVar(&s.ClusterIssuerAmbientCredentials, "cluster-issuer-ambient-credentials", defaultClusterIssuerAmbientCredentials, ""+
|
||||
"Whether a cluster-issuer may make use of ambient credentials for issuers. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the ClusterIssuer API object. "+
|
||||
"When this flag is enabled, the following sources for credentials are also used: "+
|
||||
|
||||
@ -17,6 +17,7 @@ go_library(
|
||||
"//pkg/client/informers/externalversions:go_default_library",
|
||||
"//pkg/client/listers/certmanager/v1alpha1:go_default_library",
|
||||
"//pkg/issuer:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
|
||||
"//vendor/k8s.io/client-go/informers:go_default_library",
|
||||
"//vendor/k8s.io/client-go/kubernetes:go_default_library",
|
||||
|
||||
@ -19,6 +19,7 @@ package controller
|
||||
import (
|
||||
"time"
|
||||
|
||||
"k8s.io/apimachinery/pkg/api/resource"
|
||||
kubeinformers "k8s.io/client-go/informers"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/tools/record"
|
||||
@ -80,6 +81,18 @@ type ACMEOptions struct {
|
||||
// challenges
|
||||
HTTP01SolverImage string
|
||||
|
||||
// HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size
|
||||
HTTP01SolverResourceRequestCPU resource.Quantity
|
||||
|
||||
// HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size
|
||||
HTTP01SolverResourceRequestMemory resource.Quantity
|
||||
|
||||
// HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size
|
||||
HTTP01SolverResourceLimitsCPU resource.Quantity
|
||||
|
||||
// HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size
|
||||
HTTP01SolverResourceLimitsMemory resource.Quantity
|
||||
|
||||
// DNS01Nameservers is a list of nameservers to use when performing self-checks
|
||||
// for ACME DNS01 validations.
|
||||
DNS01Nameservers []string
|
||||
|
||||
@ -18,7 +18,6 @@ go_library(
|
||||
"//vendor/k8s.io/api/core/v1:go_default_library",
|
||||
"//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/selection:go_default_library",
|
||||
|
||||
@ -22,7 +22,6 @@ import (
|
||||
|
||||
"github.com/golang/glog"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/api/resource"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/apimachinery/pkg/selection"
|
||||
@ -151,12 +150,12 @@ func (s *Solver) buildPod(crt *v1alpha1.Certificate, ch v1alpha1.ACMEOrderChalle
|
||||
},
|
||||
Resources: corev1.ResourceRequirements{
|
||||
Requests: corev1.ResourceList{
|
||||
corev1.ResourceCPU: resource.MustParse("10m"),
|
||||
corev1.ResourceMemory: resource.MustParse("64Mi"),
|
||||
corev1.ResourceCPU: s.ACMEOptions.HTTP01SolverResourceRequestCPU,
|
||||
corev1.ResourceMemory: s.ACMEOptions.HTTP01SolverResourceRequestMemory,
|
||||
},
|
||||
Limits: corev1.ResourceList{
|
||||
corev1.ResourceCPU: resource.MustParse("10m"),
|
||||
corev1.ResourceMemory: resource.MustParse("64Mi"),
|
||||
corev1.ResourceCPU: s.ACMEOptions.HTTP01SolverResourceLimitsCPU,
|
||||
corev1.ResourceMemory: s.ACMEOptions.HTTP01SolverResourceLimitsMemory,
|
||||
},
|
||||
},
|
||||
Ports: []corev1.ContainerPort{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user