openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OCPBUGS#19055: cert-manager: Configure CPU and Memory

Browse Source
This commit is contained in:
xenolinux
2023-09-15 18:47:14 +05:30
committed by openshift-cherrypick-robot
parent 2df4b24b58
commit 6ba3d56ccb
2 changed files with 198 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
modules/cert-manager-configure-cpu-memory.adoc Normal file
View File

@@ -0,0 +1,196 @@
// Module included in the following assemblies:
//
// * security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
:_content-type: PROCEDURE
[id="cert-manager-configure-cpu-memory_{context}"]
= Overriding CPU and memory limits for the cert-manager components
After installing the {cert-manager-operator}, you can configure the CPU and memory limits from the {cert-manager-operator} API for the cert-manager components such as cert-manager controller, CA injector, and Webhook.
.Prerequisites
* You have access to the {product-title} cluster as a user with the `cluster-admin` role.
* You have installed the {cert-manager-operator} 1.12.0 or later.
.Procedure
. Check that the deployments of the cert-manager controller, CA injector, and Webhook are available by entering the following command:
+
[source,terminal]
----
$ oc get deployment -n cert-manager
----
+
.Example output
[source,terminal]
----
NAME READY UP-TO-DATE AVAILABLE AGE
cert-manager 1/1 1 1 53m
cert-manager-cainjector 1/1 1 1 53m
cert-manager-webhook 1/1 1 1 53m
----
. Before setting the CPU and memory limit, check the existing configuration for the cert-manager controller, CA injector, and Webhook by entering the following command:
+
[source,terminal]
----
$ oc get deployment -n cert-manager -o yaml
----
+
.Example output
[source,terminal]
----
# ...
metadata:
name: cert-manager
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-controller
resources: {} <1>
# ...
metadata:
name: cert-manager-cainjector
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-cainjector
resources: {} <1>
# ...
metadata:
name: cert-manager-webhook
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-webhook
resources: {} <1>
# ...
----
<1> The `spec.resources` field is empty by default. The cert-manager components do not have CPU and memory limits.
. To configure the CPU and memory limits for the cert-manager controller, CA injector, and Webhook, enter the following command:
+
[source,terminal]
----
$ oc patch certmanager.operator cluster --type=merge -p="
spec:
controllerConfig:
overrideResources:
limits: <1>
cpu: 200m <2>
memory: 64Mi <3>
requests: <4>
cpu: 200m <2>
memory: 64Mi <3>
webhookConfig:
overrideResources:
limits: <5>
cpu: 200m <6>
memory: 64Mi <7>
requests: <8>
cpu: 200m <6>
memory: 64Mi <7>
cainjectorConfig:
overrideResources:
limits: <9>
cpu: 200m <10>
memory: 64Mi <11>
requests: <12>
cpu: 200m <10>
memory: 64Mi <11>
"
----
<1> Defines the maximum amount of CPU and memory that a single container in a cert-manager controller pod can request.
<2> You can specify the CPU limit that a cert-manager controller pod can request. The default value is `10m`.
<3> You can specify the memory limit that a cert-manager controller pod can request. The default value is `32Mi`.
<4> Defines the amount of CPU and memory set by scheduler for the cert-manager controller pod.
<5> Defines the maximum amount of CPU and memory that a single container in a CA injector pod can request.
<6> You can specify the CPU limit that a CA injector pod can request. The default value is `10m`.
<7> You can specify the memory limit that a CA injector pod can request. The default value is `32Mi`.
<8> Defines the amount of CPU and memory set by scheduler for the CA injector pod.
<9> Defines the maximum amount of CPU and memory Defines the maximum amount of CPU and memory that a single container in a Webhook pod can request.
<10> You can specify the CPU limit that a Webhook pod can request. The default value is `10m`.
<11> You can specify the memory limit that a Webhook pod can request. The default value is `32Mi`.
<12> Defines the amount of CPU and memory set by scheduler for the Webhook pod.
+
.Example output
[source,termnal]
----
certmanager.operator.openshift.io/cluster patched
----
.Verification
. Verify that the CPU and memory limits are updated for the cert-manager components:
+
[source,terminal]
----
$ oc get deployment -n cert-manager -o yaml
----
+
.Example output
[source,terminal]
----
# ...
metadata:
name: cert-manager
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-controller
resources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
# ...
metadata:
name: cert-manager-cainjector
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-cainjector
resources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
# ...
metadata:
name: cert-manager-webhook
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-webhook
resources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
# ...
----

2
security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
View File

@@ -18,3 +18,5 @@ include::modules/cert-manager-override-environment-variables.adoc[leveloffset=+1
include::modules/cert-manager-override-arguments.adoc[leveloffset=+1]
include::modules/cert-manager-override-flag-controller.adoc[leveloffset=+1]
include::modules/cert-manager-configure-cpu-memory.adoc[leveloffset=+1]