Allow container resource limits to be configured in the Operator Helm chart (#536)

Author: thegridman

Makefile

@@ -1485,7 +1485,7 @@ kind-single-worker:   ## Run a KinD cluster with a single worker node
 .PHONY: kind-calico
 kind-calico: export KIND_CONFIG=$(SCRIPTS_DIR)/kind-config-calico.yaml
 kind-calico:   ## Run a KinD cluster with Calico
-	kind create cluster --name $(KIND_CLUSTER) --wait 10m --config $(SCRIPTS_DIR)/kind-config-calico.yaml --image $(KIND_IMAGE)
+	kind create cluster --name $(KIND_CLUSTER) --config $(SCRIPTS_DIR)/kind-config-calico.yaml --image $(KIND_IMAGE)
 	$(SCRIPTS_DIR)/kind-label-node.sh
 	curl -sL https://docs.projectcalico.org/manifests/calico.yaml | kubectl apply -f -
 	kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true

config/manager/manager.yaml

@@ -38,10 +38,10 @@ spec:
           name: webhook-server
           protocol: TCP
         - containerPort: 8080
-          name: metrics-server
+          name: metrics
           protocol: TCP
         - containerPort: 8088
-          name: health-server
+          name: health
           protocol: TCP
         args:
           - --enable-leader-election
@@ -71,8 +71,16 @@ spec:
           name: cert
           readOnly: true
         readinessProbe:
-          tcpSocket:
-            port: metrics-server
+          httpGet:
+            port: health
+            path: /readyz
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            port: health
+            path: /healthz
           initialDelaySeconds: 10
           periodSeconds: 10
           failureThreshold: 3

config/manager/service.yaml

@@ -37,7 +37,7 @@ spec:
   ports:
     - name: http-rest
       port: 8000
-      targetPort: 8000
+      targetPort: operator
   selector:
     app.kubernetes.io/name: coherence-operator
     app.kubernetes.io/instance: coherence-operator-manager

helm-charts/coherence-operator/templates/deployment.yaml

@@ -137,21 +137,33 @@ spec:
           containerPort: 9443
           protocol: TCP
         - containerPort: 8080
-          name: metrics-server
+          name: metrics
           protocol: TCP
         - containerPort: 8088
-          name: health-server
+          name: health
           protocol: TCP
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
         readinessProbe:
-          tcpSocket:
-            port: metrics-server
+          httpGet:
+            port: health
+            path: /readyz
           initialDelaySeconds: {{ default 10 .Values.readinessProbe.initialDelaySeconds }}
           periodSeconds: {{ default 10 .Values.readinessProbe.periodSeconds }}
           failureThreshold: {{ default 3 .Values.readinessProbe.failureThreshold }}
+        livenessProbe:
+          httpGet:
+            port: health
+            path: /healthz
+          initialDelaySeconds: {{ default 10 .Values.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ default 10 .Values.livenessProbe.periodSeconds }}
+          failureThreshold: {{ default 3 .Values.livenessProbe.failureThreshold }}
+{{- if .Values.resources }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+{{- end }}
 {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}

helm-charts/coherence-operator/values.yaml

@@ -1,4 +1,4 @@
-# Copyright 2020, 2021 Oracle Corporation and/or its affiliates.
+# Copyright 2020, 2022, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at
 # http://oss.oracle.com/licenses/upl.
 
@@ -89,6 +89,18 @@ serviceAccountName: coherence-operator
 
 # The optional settings to adjust the readiness probe timings for the Operator
 readinessProbe:
+  # initialDelaySeconds is the number of seconds after the container has started before readiness probes are initiated.
+  # More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+  initialDelaySeconds: 10
+  # periodSeconds is how often (in seconds) to perform the probe.
+  # Default to 10 seconds. Minimum value is 1.
+  periodSeconds: 10
+  # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded.
+  # Defaults to 3. Minimum value is 1.
+  failureThreshold: 3
+
+# The optional settings to adjust the liveness probe timings for the Operator
+livenessProbe:
   # initialDelaySeconds is the number of seconds after the container has started before liveness probes are initiated.
   # More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
   initialDelaySeconds: 10
@@ -99,6 +111,28 @@ readinessProbe:
   # Defaults to 3. Minimum value is 1.
   failureThreshold: 3
 
+# resources will configure the Coherence Operator container's resource limits.
+# The resources can be specified in a values file, the same as they would be
+# for a container in a k8s Pod spec, for example:
+#
+#    resources:
+#      requests:
+#        memory: "64Mi"
+#        cpu: "250m"
+#      limits:
+#        memory: "128Mi"
+#        cpu: "500m"
+#
+# Or, alternatively they can be specified individually using the Helm install --set option, for example
+#
+# helm install --set resources.requests.memory="64Mi" \
+#     -- set resources.requests.cpu="250m"
+#     -- set resources.limits.memory="128Mi"
+#     -- set resources.limits.cpu="250m"
+#
+# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+resources:
+
 # clusterRoles controls whether the Helm chart will create RBAC ClusterRole and bindings for the Operator
 # These are required if the Operator will watch multiple namespaces.
 # If set to false then the Operator will only watch the namespace it is deployed into.

main.go

@@ -18,10 +18,12 @@ import (
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 	"k8s.io/apimachinery/pkg/util/version"
+	"net/http"
 	"os"
 	"runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"strings"
 
@@ -188,20 +190,25 @@ func execute() {
 	}
 
 	// Create the REST server
-	if err := rest.NewServer(cs).SetupWithManager(mgr); err != nil {
+	restServer := rest.NewServer(cs)
+	if err := restServer.SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, " unable to start REST server")
 		os.Exit(1)
 	}
 
-	//// ToDo: Make the ready check actually check stuff...
-	//if err := mgr.AddHealthzCheck("health", healthz.Ping); err != nil {
-	//	setupLog.Error(err, "unable to set up health check")
-	//	os.Exit(1)
-	//}
-	//if err := mgr.AddReadyzCheck("check", healthz.Ping); err != nil {
-	//	setupLog.Error(err, "unable to set up ready check")
-	//	os.Exit(1)
-	//}
+	var health healthz.Checker = func(_ *http.Request) error {
+		<-restServer.Running()
+		return nil
+	}
+
+	if err := mgr.AddHealthzCheck("health", health); err != nil {
+		setupLog.Error(err, "unable to set up health check")
+		os.Exit(1)
+	}
+	if err := mgr.AddReadyzCheck("ready", health); err != nil {
+		setupLog.Error(err, "unable to set up ready check")
+		os.Exit(1)
+	}
 
 	// +kubebuilder:scaffold:builder