diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx index 735a21ac13fa4..c048ce99bed82 100644 --- a/docs/pages/reference/helm-reference/teleport-cluster.mdx +++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx @@ -2322,6 +2322,29 @@ See [the GitHub PR](https://github.com/gravitational/teleport/pull/36251) for te cpu: 1 memory: 2Gi ``` + +## `jobResources` + +| Type | Default value | +|----------|---------------| +| `object` | `{}` | + +[Kubernetes reference](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) + +Resource requests/limits which should be configured for pre-deploy jobs. + +Jobs currently include config validation and potentially migration hooks. +The resource requirements are typically lower than for the main teleport deployment. +In most cases, you should leave these limits unset. + +`values.yaml` example: + +```yaml +jobResources: + requests: + cpu: 1 + memory: 2Gi +``` ## `goMemLimitRatio` | Type | Default | diff --git a/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml b/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml index 248513a4bb973..ebee79c3bd5c7 100644 --- a/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml +++ b/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml @@ -39,6 +39,10 @@ spec: - name: "teleport-config-check" image: '{{ if $auth.enterprise }}{{ $auth.enterpriseImage }}{{ else }}{{ $auth.image }}{{ end }}:{{ include "teleport-cluster.version" . }}' imagePullPolicy: {{ $auth.imagePullPolicy }} +{{- if $auth.jobResources }} + resources: + {{- toYaml $auth.jobResources | nindent 10 }} +{{- end }} {{- if or $auth.extraEnv $auth.tls.existingCASecretName }} env: {{- if (gt (len $auth.extraEnv) 0) }} diff --git a/examples/chart/teleport-cluster/templates/proxy/predeploy_job.yaml b/examples/chart/teleport-cluster/templates/proxy/predeploy_job.yaml index e059f84ea9741..be7f36b4c2bcd 100644 --- a/examples/chart/teleport-cluster/templates/proxy/predeploy_job.yaml +++ b/examples/chart/teleport-cluster/templates/proxy/predeploy_job.yaml @@ -39,6 +39,10 @@ spec: - name: "teleport" image: '{{ if $proxy.enterprise }}{{ $proxy.enterpriseImage }}{{ else }}{{ $proxy.image }}{{ end }}:{{ include "teleport-cluster.version" . }}' imagePullPolicy: {{ $proxy.imagePullPolicy }} +{{- if $proxy.jobResources }} + resources: + {{- toYaml $proxy.jobResources | nindent 10 }} +{{- end }} {{- if or $proxy.extraEnv $proxy.tls.existingCASecretName }} env: {{- if (gt (len $proxy.extraEnv) 0) }} diff --git a/examples/chart/teleport-cluster/tests/predeploy_test.yaml b/examples/chart/teleport-cluster/tests/predeploy_test.yaml index fd309244ca8f8..35590df582fe6 100644 --- a/examples/chart/teleport-cluster/tests/predeploy_test.yaml +++ b/examples/chart/teleport-cluster/tests/predeploy_test.yaml @@ -56,14 +56,15 @@ tests: - hasDocuments: count: 0 - - it: should not set resources on auth predeploy job when set in values + - it: should not set resources on auth predeploy job when resources set in values template: auth/predeploy_job.yaml values: - ../.lint/resources.yaml asserts: - isEmpty: path: spec.template.spec.containers[0].resources - - it: should not set resources on proxy predeploy job when set in values + + - it: should not set resources on proxy predeploy job when resources set in values template: proxy/predeploy_job.yaml values: - ../.lint/resources.yaml @@ -71,6 +72,50 @@ tests: - isEmpty: path: spec.template.spec.containers[0].resources + - it: should set resources on auth predeploy job when jobResources set in values + template: auth/predeploy_job.yaml + values: + - ../.lint/resources.yaml + set: + jobResources: + limits: + memory: 512Mi + requests: + memory: 512Mi + cpu: 1 + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 512Mi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 1 + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 512Mi + + - it: should set resources on proxy predeploy job when jobResources set in values + template: proxy/predeploy_job.yaml + values: + - ../.lint/resources.yaml + set: + jobResources: + limits: + memory: 512Mi + requests: + memory: 512Mi + cpu: 1 + asserts: + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 512Mi + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 1 + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 512Mi + - it: should set imagePullSecrets on proxy predeploy job when set in values template: proxy/predeploy_job.yaml values: diff --git a/examples/chart/teleport-cluster/values.yaml b/examples/chart/teleport-cluster/values.yaml index 650a9ea237d80..22ca1739ac4b3 100644 --- a/examples/chart/teleport-cluster/values.yaml +++ b/examples/chart/teleport-cluster/values.yaml @@ -826,6 +826,19 @@ resources: {} # limits: # memory: "2Gi" +# Resources to request for the teleport pre-deploy jobs. +# https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +# +# Jobs currently include config validation and potentially migration hooks. +# The resource requirements are typically lower than for the main teleport deployment. +# In most cases, you should leave these limits unset. +jobResources: {} +# requests: +# cpu: "20m" +# memory: "500Mi" +# limits: +# memory: "500Mi" + # goMemLimitRatio configures the GOMEMLIMIT env var set by the chart. # GOMEMLIMIT instructs the go garbage collector to try to keep allocated memory # below a given threshold. This is a best-effort attempt, but this helps