Merge pull request #117 from weaveworks/memory-requirements

bigkevmcd · web-flow · commit 5b3b1d53807c · 2023-08-31T08:39:04.000+01:00
Increase memory and CPU limits.

Add docs on memory and CPU consumption.
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -58,13 +58,11 @@ spec:
       #               - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
         # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
         # Please uncomment the following code if your project does NOT have to work on old Kubernetes
         # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - command:
         - /manager
@@ -77,6 +75,8 @@ spec:
           capabilities:
             drop:
               - "ALL"
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz
@@ -89,14 +89,12 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
-        # TODO(user): Configure the resources accordingly based on the project requirements.
-        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
         resources:
           limits:
-            cpu: 500m
-            memory: 128Mi
+            cpu: 1000m
+            memory: 1Gi
           requests:
-            cpu: 10m
+            cpu: 100m
             memory: 64Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/docs/README.md b/docs/README.md
@@ -1409,6 +1409,28 @@ For example to enable only the `List` and `GitRepository` generators:
 
 When a GitOpsSet that uses disabled generators is created, the disabled generators will be silently ignored.
 
+## Kubernetes Process Limits
+
+GitOpsSets can be memory-hungry, for example, the Matrix generator will generate a cartesian result with multiple copies of data.
+
+The OCI and GitRepository generators will extract tarballs, the API Generator queries upstream APIs and parses the JSON, and the Config generators will load `Secret` and `ConfigMap` resources, all these can lead to using significant amounts of memory.
+
+Extracting tarballs can also prove to be CPU intensive, especially where there are lots of files, and you have a very frequent regeneration period.
+
+To this end, you will need to monitor the controller metrics, and maybe increase the limits available to the controller.
+
+For example, to increase the amount of memory available to the controller:
+
+```yaml
+resources:
+  limits:
+    cpu: 1000m
+    memory: 2Gi
+  requests:
+    cpu: 100m
+    memory: 64Mi
+```
+
 ## Notifications
 
 Events are enabled which will trigger Kubernetes events when successful reconciliation occurs with a `Normal` event or when reconciliation fails with an `Error` event. Fluxcd's [Events](https://pkg.go.dev/github.com/fluxcd/pkg/runtime/events) package is used including the `EventRecorder` to record these events.
