openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/cert-manager-configure-cpu-memory.adoc
xenolinux 84120d60ea OSDOCS#17173: CQA 2.0 cert-manager Operator
2026-01-22 08:46:02 +00:00

189 lines
4.4 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
:_mod-docs-content-type: PROCEDURE
[id="cert-manager-configure-cpu-memory_{context}"]
= Overriding CPU and memory limits for the cert-manager components
[role="_abstract"]
To ensure stable resource allocation and operation, configure CPU and memory limits for {cert-manager-operator} components. You can set specific constraints for the cert-manager controller, CA injector, and Webhook to align with your specific cluster requirements.
.Prerequisites
* You have access to the {product-title} cluster as a user with the `cluster-admin` role.
* You have installed version 1.12.0 or later of the {cert-manager-operator}.
.Procedure
. Check that the deployments of the cert-manager controller, CA injector, and Webhook are available by entering the following command:
+
[source,terminal]
----
$ oc get deployment -n cert-manager
----
+
.Example output
[source,terminal]
----
NAME READY UP-TO-DATE AVAILABLE AGE
cert-manager 1/1 1 1 53m
cert-manager-cainjector 1/1 1 1 53m
cert-manager-webhook 1/1 1 1 53m
----
. Before setting the CPU and memory limit, check the existing configuration for the cert-manager controller, CA injector, and Webhook by entering the following command:
+
[source,terminal]
----
$ oc get deployment -n cert-manager -o yaml
----
+
.Example output
[source,yaml]
----
# ...
metadata:
name: cert-manager
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-controller
resources: {}
# ...
metadata:
name: cert-manager-cainjector
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-cainjector
resources: {}
# ...
metadata:
name: cert-manager-webhook
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-webhook
resources: {}
# ...
----
+
The `spec.resources` field is empty by default. The cert-manager components do not have CPU and memory limits.
. To configure the CPU and memory limits for the cert-manager controller, CA injector, and Webhook, enter the following command:
+
[source,terminal]
----
$ oc patch certmanager.operator cluster --type=merge -p="
spec:
controllerConfig:
overrideResources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
webhookConfig:
overrideResources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
cainjectorConfig:
overrideResources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
"
----
+
For information about the overridable resource parameters, see "Overridable resource parameters for the cert-manager components" in "Explanation of fields in the CertManager custom resource".
+
.Example output
[source,terminal]
----
certmanager.operator.openshift.io/cluster patched
----
.Verification
. Verify that the CPU and memory limits are updated for the cert-manager components:
+
[source,terminal]
----
$ oc get deployment -n cert-manager -o yaml
----
+
.Example output
[source,yaml]
----
# ...
metadata:
name: cert-manager
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-controller
resources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
# ...
metadata:
name: cert-manager-cainjector
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-cainjector
resources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
# ...
metadata:
name: cert-manager-webhook
namespace: cert-manager
# ...
spec:
template:
spec:
containers:
- name: cert-manager-webhook
resources:
limits:
cpu: 200m
memory: 64Mi
requests:
cpu: 10m
memory: 16Mi
# ...
----
View Git Blame Copy Permalink