mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 00:48:01 +01:00
197 lines
5.4 KiB
Plaintext
197 lines
5.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="cert-manager-configure-cpu-memory_{context}"]
|
|
= Overriding CPU and memory limits for the cert-manager components
|
|
|
|
After installing the {cert-manager-operator}, you can configure the CPU and memory limits from the {cert-manager-operator} API for the cert-manager components such as cert-manager controller, CA injector, and Webhook.
|
|
|
|
.Prerequisites
|
|
|
|
* You have access to the {product-title} cluster as a user with the `cluster-admin` role.
|
|
* You have installed the {cert-manager-operator} 1.12.0 or later.
|
|
|
|
.Procedure
|
|
|
|
. Check that the deployments of the cert-manager controller, CA injector, and Webhook are available by entering the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get deployment -n cert-manager
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
NAME READY UP-TO-DATE AVAILABLE AGE
|
|
cert-manager 1/1 1 1 53m
|
|
cert-manager-cainjector 1/1 1 1 53m
|
|
cert-manager-webhook 1/1 1 1 53m
|
|
----
|
|
|
|
. Before setting the CPU and memory limit, check the existing configuration for the cert-manager controller, CA injector, and Webhook by entering the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get deployment -n cert-manager -o yaml
|
|
----
|
|
+
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
# ...
|
|
metadata:
|
|
name: cert-manager
|
|
namespace: cert-manager
|
|
# ...
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: cert-manager-controller
|
|
resources: {} <1>
|
|
# ...
|
|
metadata:
|
|
name: cert-manager-cainjector
|
|
namespace: cert-manager
|
|
# ...
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: cert-manager-cainjector
|
|
resources: {} <1>
|
|
# ...
|
|
metadata:
|
|
name: cert-manager-webhook
|
|
namespace: cert-manager
|
|
# ...
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: cert-manager-webhook
|
|
resources: {} <1>
|
|
# ...
|
|
----
|
|
<1> The `spec.resources` field is empty by default. The cert-manager components do not have CPU and memory limits.
|
|
|
|
. To configure the CPU and memory limits for the cert-manager controller, CA injector, and Webhook, enter the following command:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
$ oc patch certmanager.operator cluster --type=merge -p="
|
|
spec:
|
|
controllerConfig:
|
|
overrideResources:
|
|
limits: <1>
|
|
cpu: 200m <2>
|
|
memory: 64Mi <3>
|
|
requests: <4>
|
|
cpu: 10m <2>
|
|
memory: 16Mi <3>
|
|
webhookConfig:
|
|
overrideResources:
|
|
limits: <5>
|
|
cpu: 200m <6>
|
|
memory: 64Mi <7>
|
|
requests: <8>
|
|
cpu: 10m <6>
|
|
memory: 16Mi <7>
|
|
cainjectorConfig:
|
|
overrideResources:
|
|
limits: <9>
|
|
cpu: 200m <10>
|
|
memory: 64Mi <11>
|
|
requests: <12>
|
|
cpu: 10m <10>
|
|
memory: 16Mi <11>
|
|
"
|
|
----
|
|
<1> Defines the maximum amount of CPU and memory that a single container in a cert-manager controller pod can request.
|
|
<2> You can specify the CPU limit that a cert-manager controller pod can request. The default value is `10m`.
|
|
<3> You can specify the memory limit that a cert-manager controller pod can request. The default value is `32Mi`.
|
|
<4> Defines the amount of CPU and memory set by scheduler for the cert-manager controller pod.
|
|
<5> Defines the maximum amount of CPU and memory that a single container in a CA injector pod can request.
|
|
<6> You can specify the CPU limit that a CA injector pod can request. The default value is `10m`.
|
|
<7> You can specify the memory limit that a CA injector pod can request. The default value is `32Mi`.
|
|
<8> Defines the amount of CPU and memory set by scheduler for the CA injector pod.
|
|
<9> Defines the maximum amount of CPU and memory Defines the maximum amount of CPU and memory that a single container in a Webhook pod can request.
|
|
<10> You can specify the CPU limit that a Webhook pod can request. The default value is `10m`.
|
|
<11> You can specify the memory limit that a Webhook pod can request. The default value is `32Mi`.
|
|
<12> Defines the amount of CPU and memory set by scheduler for the Webhook pod.
|
|
+
|
|
.Example output
|
|
[source,termnal]
|
|
----
|
|
certmanager.operator.openshift.io/cluster patched
|
|
----
|
|
|
|
.Verification
|
|
|
|
. Verify that the CPU and memory limits are updated for the cert-manager components:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get deployment -n cert-manager -o yaml
|
|
----
|
|
+
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
# ...
|
|
metadata:
|
|
name: cert-manager
|
|
namespace: cert-manager
|
|
# ...
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: cert-manager-controller
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 64Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 16Mi
|
|
# ...
|
|
metadata:
|
|
name: cert-manager-cainjector
|
|
namespace: cert-manager
|
|
# ...
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: cert-manager-cainjector
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 64Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 16Mi
|
|
# ...
|
|
metadata:
|
|
name: cert-manager-webhook
|
|
namespace: cert-manager
|
|
# ...
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: cert-manager-webhook
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 64Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 16Mi
|
|
# ...
|
|
----
|