Closed suvl closed 3 years ago
Well, looking into the yamls, I noticed you already define memory limits for up to 1Gi. But cpu limits still triggered our OPA. Gonna set this to 1000m and check if it works.
Thanks Joao, this is very valuable feedback.
Keep us posted and I’ll have our eng. team investigate and follow-up as well with appropriate recommendations and changes to the yaml as necessary.
Rod…
Rod Bagg VP Engineering 408-636-6347 [cid:image001.png@01D5C783.8D029EA0]
From: João Trigo Soares notifications@github.com Sent: Friday, January 10, 2020 6:31 AM To: zebrium/ze-kubernetes-collector ze-kubernetes-collector@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: Re: [zebrium/ze-kubernetes-collector] container "zlog-collector" requires resource limits (#1)
Well, looking into the yamls, I noticed you already define memory limits for up to 1Gi. But cpu limits still triggered our OPA. Gonna set this to 1000m and check if it works.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/zebrium/ze-kubernetes-collector/issues/1?email_source=notifications&email_token=AMWZR2QU3XZPWGGPPVXJ3OTQ5CBBVA5CNFSM4KFISGS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIUCUBA#issuecomment-573057540, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AMWZR2QNVWDNATEN3DKSYWDQ5CBBVANCNFSM4KFISGSQ.
Joao, thanks for raising the issue.
We haven’t deployed OPA on our kubernetes clusters yet. I am curious about what kind of configuration you use. Do you use default resource policy or use your own policy? It is a little strange that OPA complains CPU resource request is too low.
As to CPU resource, it really depends on how much logs are generated. We should provide a recommendation to users.
Brady
@bradyzebrium @zebrium Hi Brady. We have custom policies on top that require every deployed container to have both cpu and memory limits in place. We believe that is a requirement for a healthy cluster, specially when all our clusters are multitenant at the moment. I understand you have stated the memory limits, is there a reason for requiring "unlimited" cpu?
We don’t require unlimited CPU. We have 20m in requested cpu resource, limit is not set. I think currently maximum CPU log collector is 1 CPU which is 1000m in kubernetes cpu resource. We can set CPU limit to that.
On Jan 13, 2020, at 3:37 AM, João Trigo Soares notifications@github.com<mailto:notifications@github.com> wrote:
@bradyzebriumhttps://github.com/bradyzebrium @zebriumhttps://github.com/zebrium Hi Brady. We have custom policies on top that require every deployed container to have both cpu and memory limits in place. We believe that is a requirement for a healthy cluster, specially when all our clusters are multitenant at the moment. I understand you have stated the memory limits, is there a reason for requiring "unlimited" cpu?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/zebrium/ze-kubernetes-collector/issues/1?email_source=notifications&email_token=AMWZR2T6XEWMUGWRYN2ZV2TQ5RG6BA5CNFSM4KFISGS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIYMRCI#issuecomment-573622409, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AMWZR2QYPEHNSO4F7EQTDPDQ5RG6BANCNFSM4KFISGSQ.
Hi Joao, I have set cpu limit to 1000m. Please let me know if you have any issues.
Brady
/close it now works like a charm
We have an OPA agent running and, as everyone should, we have a requirement that all containers must specify resource limits. This is more than necessary to keep a cluster healthy. While installing the log collector, I got denied:
You guys should really set this up. Any idea what good values would be for these limits?