Allow to configure limits and requests for kube-rbac-proxy container in devworkspace-webhook-server pod

karatkep commented 4 months ago

Description

Current implementation does not allow to configure limits and requests for kube-rbac-proxy container in devworkspace-webhook-server pod. It leads to violation to security best practices, for example: container CPU and memory limits should be enforced.

Additional context

The similar issue is already solved for another container in this pod via envvars:

        - name: WEBHOOKS_SERVER_MEMORY_LIMIT
          value: 300Mi
        - name: WEBHOOKS_SERVER_MEMORY_REQUEST
          value: 20Mi
        - name: WEBHOOKS_SERVER_CPU_LIMIT
          value: 200m
        - name: WEBHOOKS_SERVER_CPU_REQUEST
          value: 100m

Is it possible to have something like above but for kube-rbac-proxy container?

karatkep commented 1 month ago

Please disregard this request. It has been resolved by using a limit range.

AObuchow commented 1 month ago

@karatkep glad to hear you found a workaround :)

devfile / devworkspace-operator

Allow to configure limits and requests for kube-rbac-proxy container in devworkspace-webhook-server pod #1285

Description

Additional context