operator icon indicating copy to clipboard operation
operator copied to clipboard
verified publisher icon konveyor

Set resource limits and requests for all pods

Open tmstff opened this issue 10 months ago • 5 comments

It would be great if all pods created by the mta-operator - and the operator itself as well - had resource limits and requests set.

This way they will also work in an environment where resource limits and requests are required, e.g. when a project has resource quotas defined.

Currently, there are some places where such definitions are not present and may prevent pods from starting in such a scenario (tested with mta-operator 7.2.2):

  • the mta-operator subscription (when installed via the OCP web console)
  • the rhsso-operator subscription
  • the Keycloak custom resource
  • the mta-hub deployment (initContainer "updatePerms")

Thanks for the effort!

tmstff avatar Jun 02 '25 20:06 tmstff

This issue is currently awaiting triage. If contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance. The triage/accepted label can be added by org members.

konveyor-ci-bot[bot] avatar Jun 02 '25 20:06 konveyor-ci-bot[bot]

btw: with mta-operator 7.3.0 & RHBK , there seem to be less issues already.

tmstff avatar Jun 03 '25 12:06 tmstff

Good to hear! For the operators themselves, if I am not mistaken, the limits/requests can be set through the subscription via subscription.spec.config.resources. I have not tried this yet and was just reading up to learn how to apply resource limits/requests to these pods.

jmontleon avatar Jun 03 '25 12:06 jmontleon

@jmontleon I think that the missing resource definitions for subscriptions where only a problem in a specific customer setup where there are kyverno policies in place that check for those. Still I think it would be great if it was possible to define resource requirements for the rhsso/rhbk subscription in the mta-subscription, which will then be set by the mta-operator, because the rhsso/rhbk subscription is created by the mta-operator and I see no way to alter it otherwise. What do you think?

tmstff avatar Jun 04 '25 07:06 tmstff

Our operator does not actually create the RHBK subscription. Upstream we create the keycloak deployment ourselves. One of the changes applied downstream is that a dependencies.yaml is added with the package name (rhbk-operator) with a version range. OLM is doing the rest aside from creating the keycloak CR, which we do.

jmontleon avatar Jun 04 '25 12:06 jmontleon