From 3b08a9074d72672fd31e7695744cf7b3daf003e3 Mon Sep 17 00:00:00 2001 From: Hyeongju Johannes Lee Date: Wed, 28 Aug 2024 14:08:35 +0300 Subject: [PATCH] Add cpu/memory requests and limits Operator maturity level 3 requires cpu/memory requests and limits for operands. Add them to all plugins deployed by operator Signed-off-by: Hyeongju Johannes Lee --- deployments/dlb_plugin/base/intel-dlb-plugin.yaml | 7 +++++++ deployments/dsa_plugin/base/intel-dsa-plugin.yaml | 7 +++++++ .../fpga_plugin/base/intel-fpga-plugin-daemonset.yaml | 7 +++++++ deployments/gpu_plugin/base/intel-gpu-plugin.yaml | 7 +++++++ deployments/iaa_plugin/base/intel-iaa-plugin.yaml | 7 +++++++ deployments/qat_plugin/base/intel-qat-plugin.yaml | 7 +++++++ deployments/sgx_plugin/base/intel-sgx-plugin.yaml | 7 +++++++ pkg/controllers/dlb/controller_test.go | 11 +++++++++++ pkg/controllers/dsa/controller_test.go | 11 +++++++++++ pkg/controllers/fpga/controller_test.go | 11 +++++++++++ pkg/controllers/gpu/controller_test.go | 11 +++++++++++ pkg/controllers/iaa/controller_test.go | 11 +++++++++++ pkg/controllers/qat/controller_test.go | 11 +++++++++++ pkg/controllers/sgx/controller_test.go | 11 +++++++++++ 14 files changed, 126 insertions(+) diff --git a/deployments/dlb_plugin/base/intel-dlb-plugin.yaml b/deployments/dlb_plugin/base/intel-dlb-plugin.yaml index 79d3ecf1e..14b903df8 100644 --- a/deployments/dlb_plugin/base/intel-dlb-plugin.yaml +++ b/deployments/dlb_plugin/base/intel-dlb-plugin.yaml @@ -32,6 +32,13 @@ spec: readOnlyRootFilesystem: true allowPrivilegeEscalation: false terminationMessagePath: /tmp/termination-log + resources: + requests: + memory: "15Mi" + cpu: 40m + limits: + memory: "30Mi" + cpu: 100m volumeMounts: - name: devfs mountPath: /dev diff --git a/deployments/dsa_plugin/base/intel-dsa-plugin.yaml b/deployments/dsa_plugin/base/intel-dsa-plugin.yaml index 4e3acf780..4a2a7daea 100644 --- a/deployments/dsa_plugin/base/intel-dsa-plugin.yaml +++ b/deployments/dsa_plugin/base/intel-dsa-plugin.yaml @@ -33,6 +33,13 @@ spec: type: "container_device_plugin_t" readOnlyRootFilesystem: true allowPrivilegeEscalation: false + resources: + requests: + memory: "25Mi" + cpu: 50m + limits: + memory: "50Mi" + cpu: 100m volumeMounts: - name: devfs mountPath: /dev/dsa diff --git a/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml b/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml index 787d4add5..2e9462453 100644 --- a/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml +++ b/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml @@ -44,6 +44,13 @@ spec: securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false + resources: + requests: + memory: "30Mi" + cpu: 80m + limits: + memory: "60Mi" + cpu: 160m volumeMounts: - name: devfs mountPath: /dev diff --git a/deployments/gpu_plugin/base/intel-gpu-plugin.yaml b/deployments/gpu_plugin/base/intel-gpu-plugin.yaml index b64b5f10a..5ea86975d 100644 --- a/deployments/gpu_plugin/base/intel-gpu-plugin.yaml +++ b/deployments/gpu_plugin/base/intel-gpu-plugin.yaml @@ -36,6 +36,13 @@ spec: type: "container_device_plugin_t" readOnlyRootFilesystem: true allowPrivilegeEscalation: false + resources: + requests: + memory: "45Mi" + cpu: 40m + limits: + memory: "90Mi" + cpu: 100m volumeMounts: - name: devfs mountPath: /dev/dri diff --git a/deployments/iaa_plugin/base/intel-iaa-plugin.yaml b/deployments/iaa_plugin/base/intel-iaa-plugin.yaml index 3821a81a0..037179a94 100644 --- a/deployments/iaa_plugin/base/intel-iaa-plugin.yaml +++ b/deployments/iaa_plugin/base/intel-iaa-plugin.yaml @@ -33,6 +33,13 @@ spec: type: "container_device_plugin_t" readOnlyRootFilesystem: true allowPrivilegeEscalation: false + resources: + requests: + memory: "25Mi" + cpu: 60m + limits: + memory: "50Mi" + cpu: 120m volumeMounts: - name: devfs mountPath: /dev/iax diff --git a/deployments/qat_plugin/base/intel-qat-plugin.yaml b/deployments/qat_plugin/base/intel-qat-plugin.yaml index 4f4dbf74f..fd0075107 100644 --- a/deployments/qat_plugin/base/intel-qat-plugin.yaml +++ b/deployments/qat_plugin/base/intel-qat-plugin.yaml @@ -37,6 +37,13 @@ spec: readOnlyRootFilesystem: true allowPrivilegeEscalation: false imagePullPolicy: IfNotPresent + resources: + requests: + memory: "15Mi" + cpu: 70m + limits: + memory: "30Mi" + cpu: 140m volumeMounts: - name: devdir mountPath: /dev/vfio diff --git a/deployments/sgx_plugin/base/intel-sgx-plugin.yaml b/deployments/sgx_plugin/base/intel-sgx-plugin.yaml index 078cbf3de..3ce4073e1 100644 --- a/deployments/sgx_plugin/base/intel-sgx-plugin.yaml +++ b/deployments/sgx_plugin/base/intel-sgx-plugin.yaml @@ -28,6 +28,13 @@ spec: readOnlyRootFilesystem: true allowPrivilegeEscalation: false imagePullPolicy: IfNotPresent + resources: + requests: + memory: "15Mi" + cpu: 40m + limits: + memory: "30Mi" + cpu: 100m volumeMounts: - name: kubeletsockets mountPath: /var/lib/kubelet/device-plugins diff --git a/pkg/controllers/dlb/controller_test.go b/pkg/controllers/dlb/controller_test.go index 7a4ed7966..1d318ed15 100644 --- a/pkg/controllers/dlb/controller_test.go +++ b/pkg/controllers/dlb/controller_test.go @@ -21,6 +21,7 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/intstr" @@ -92,6 +93,16 @@ func (c *controller) newDaemonSetExpected(rawObj client.Object) *apps.DaemonSet ReadOnlyRootFilesystem: &yes, AllowPrivilegeEscalation: &no, }, + Resources: v1.ResourceRequirements{ + Limits: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("100m"), + v1.ResourceMemory: resource.MustParse("30Mi"), + }, + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("40m"), + v1.ResourceMemory: resource.MustParse("15Mi"), + }, + }, VolumeMounts: []v1.VolumeMount{ { Name: "devfs", diff --git a/pkg/controllers/dsa/controller_test.go b/pkg/controllers/dsa/controller_test.go index 370107a80..3d8458d3b 100644 --- a/pkg/controllers/dsa/controller_test.go +++ b/pkg/controllers/dsa/controller_test.go @@ -20,6 +20,7 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/intstr" @@ -96,6 +97,16 @@ func (c *controller) newDaemonSetExpected(rawObj client.Object) *apps.DaemonSet ReadOnlyRootFilesystem: &yes, AllowPrivilegeEscalation: &no, }, + Resources: v1.ResourceRequirements{ + Limits: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("100m"), + v1.ResourceMemory: resource.MustParse("50Mi"), + }, + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("50m"), + v1.ResourceMemory: resource.MustParse("25Mi"), + }, + }, VolumeMounts: []v1.VolumeMount{ { Name: "devfs", diff --git a/pkg/controllers/fpga/controller_test.go b/pkg/controllers/fpga/controller_test.go index 1471477bd..a16ef0a97 100644 --- a/pkg/controllers/fpga/controller_test.go +++ b/pkg/controllers/fpga/controller_test.go @@ -21,6 +21,7 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/intstr" @@ -94,6 +95,16 @@ func (c *controller) newDaemonSetExpected(rawObj client.Object) *apps.DaemonSet AllowPrivilegeEscalation: &no, }, TerminationMessagePath: "/tmp/termination-log", + Resources: v1.ResourceRequirements{ + Limits: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("160m"), + v1.ResourceMemory: resource.MustParse("60Mi"), + }, + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("80m"), + v1.ResourceMemory: resource.MustParse("30Mi"), + }, + }, VolumeMounts: []v1.VolumeMount{ { MountPath: "/dev", diff --git a/pkg/controllers/gpu/controller_test.go b/pkg/controllers/gpu/controller_test.go index 9edda978f..b06f707a6 100644 --- a/pkg/controllers/gpu/controller_test.go +++ b/pkg/controllers/gpu/controller_test.go @@ -22,6 +22,7 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/intstr" @@ -106,6 +107,16 @@ func (c *controller) newDaemonSetExpected(rawObj client.Object) *apps.DaemonSet ReadOnlyRootFilesystem: &yes, AllowPrivilegeEscalation: &no, }, + Resources: v1.ResourceRequirements{ + Limits: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("100m"), + v1.ResourceMemory: resource.MustParse("90Mi"), + }, + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("40m"), + v1.ResourceMemory: resource.MustParse("45Mi"), + }, + }, VolumeMounts: []v1.VolumeMount{ { Name: "devfs", diff --git a/pkg/controllers/iaa/controller_test.go b/pkg/controllers/iaa/controller_test.go index fd4c91834..5d451d9ec 100644 --- a/pkg/controllers/iaa/controller_test.go +++ b/pkg/controllers/iaa/controller_test.go @@ -20,6 +20,7 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/intstr" @@ -96,6 +97,16 @@ func (c *controller) newDaemonSetExpected(rawObj client.Object) *apps.DaemonSet ReadOnlyRootFilesystem: &yes, AllowPrivilegeEscalation: &no, }, + Resources: v1.ResourceRequirements{ + Limits: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("120m"), + v1.ResourceMemory: resource.MustParse("50Mi"), + }, + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("60m"), + v1.ResourceMemory: resource.MustParse("25Mi"), + }, + }, VolumeMounts: []v1.VolumeMount{ { Name: "devfs", diff --git a/pkg/controllers/qat/controller_test.go b/pkg/controllers/qat/controller_test.go index fed489d3a..d94323402 100644 --- a/pkg/controllers/qat/controller_test.go +++ b/pkg/controllers/qat/controller_test.go @@ -21,6 +21,7 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/intstr" @@ -100,6 +101,16 @@ func (c *controller) newDaemonSetExpected(rawObj client.Object) *apps.DaemonSet ReadOnlyRootFilesystem: &yes, AllowPrivilegeEscalation: &no, }, + Resources: v1.ResourceRequirements{ + Limits: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("140m"), + v1.ResourceMemory: resource.MustParse("30Mi"), + }, + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("70m"), + v1.ResourceMemory: resource.MustParse("15Mi"), + }, + }, VolumeMounts: []v1.VolumeMount{ { Name: "devdir", diff --git a/pkg/controllers/sgx/controller_test.go b/pkg/controllers/sgx/controller_test.go index 971b5be86..97fcfbfc7 100644 --- a/pkg/controllers/sgx/controller_test.go +++ b/pkg/controllers/sgx/controller_test.go @@ -21,6 +21,7 @@ import ( apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/intstr" @@ -88,6 +89,16 @@ func (c *controller) newDaemonSetExpected(rawObj client.Object) *apps.DaemonSet ReadOnlyRootFilesystem: &yes, AllowPrivilegeEscalation: &no, }, + Resources: v1.ResourceRequirements{ + Limits: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("100m"), + v1.ResourceMemory: resource.MustParse("30Mi"), + }, + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("40m"), + v1.ResourceMemory: resource.MustParse("15Mi"), + }, + }, VolumeMounts: []v1.VolumeMount{ { Name: "kubeletsockets",