feat: unify automigrate resources across charts (#681)

ory · May 16, 2024 · 5589b10 · 5589b10
1 parent d4dc83b
commit 5589b10
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 8 deletions.
diff --git a/hacks/values/hydra.yaml b/hacks/values/hydra.yaml
@@ -10,13 +10,6 @@ hydra:
     # type: initContainer
     customCommand:
       - hydra
-    resources:
-      limits:
-        cpu: 100m
-        memory: 128Mi
-      requests:
-        cpu: 100m
-        memory: 128Mi
 
   dev: true
   config:
@@ -127,6 +120,13 @@ job:
       ory.sh/pod_label: hydra_init
     annotations:
       ory.sh/pod_annotation: hydra_init
+  resources:
+    limits:
+      cpu: 100m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
 
 watcher:
   enabled: true

diff --git a/helm/charts/hydra/README.md b/helm/charts/hydra/README.md
@@ -143,6 +143,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 | job.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects |
 | job.podMetadata.annotations | object | `{}` | Extra pod level annotations |
 | job.podMetadata.labels | object | `{}` | Extra pod level labels |
+| job.resources | object | `{}` | resource requests and limits for the automigration job |
 | job.serviceAccount | object | `{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0"},"create":true,"name":""}` | Specify the serviceAccountName value. In some situations it is needed to provides specific permissions to Hydra deployments Like for example installing Hydra on a cluster with a PosSecurityPolicy and Istio. Uncoment if it is needed to provide a ServiceAccount for the Hydra deployment. |
 | job.serviceAccount.annotations | object | `{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0"}` | Annotations to add to the service account |
 | job.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |

diff --git a/helm/charts/hydra/templates/job-migration.yaml b/helm/charts/hydra/templates/job-migration.yaml
@@ -2,6 +2,7 @@
 {{- if and  ( .Values.hydra.automigration.enabled ) ( eq .Values.hydra.automigration.type "job" ) }}
 {{- $nodeSelector := ternary .Values.job.nodeSelector .Values.deployment.nodeSelector (not (empty .Values.job.nodeSelector )) -}}
 {{- $migrationExtraEnv := ternary .Values.job.extraEnv .Values.deployment.extraEnv (not (empty .Values.job.extraEnv )) -}}
+{{- $resources := ternary .Values.job.resources .Values.hydra.automigration.resources (not (empty .Values.job.resources)) -}}
 
 ---
 apiVersion: batch/v1
@@ -79,6 +80,10 @@ spec:
         securityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}
+        {{- with $resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
         volumeMounts:
           - name: {{ include "hydra.name" . }}-config-volume
             mountPath: /etc/config

diff --git a/helm/charts/hydra/values.yaml b/helm/charts/hydra/values.yaml
@@ -416,6 +416,9 @@ job:
   # lines, adjust them as necessary, and remove the curly braces after 'nodeSelector:'.
   #   foo: bar
 
+  # -- resource requests and limits for the automigration job
+  resources: {}
+
   # -- Configure node tolerations.
   tolerations: []
 

diff --git a/helm/charts/keto/README.md b/helm/charts/keto/README.md
@@ -102,7 +102,7 @@ Access Control Policies as a Server
 | job.shareProcessNamespace | bool | `false` | Set sharing process namespace |
 | job.spec.backoffLimit | int | `10` | Set job back off limit |
 | job.tolerations | list | `[]` | Configure node tolerations. |
-| keto.automigration | object | `{"customArgs":[],"customCommand":[],"enabled":false,"type":"job"}` | Enables database migration |
+| keto.automigration | object | `{"customArgs":[],"customCommand":[],"enabled":false,"resources":{},"type":"job"}` | Enables database migration |
 | keto.automigration.customArgs | list | `[]` | Ability to override arguments of the entrypoint. Can be used in-depended of customCommand eg: - sleep 5;   - keto |
 | keto.automigration.customCommand | list | `[]` | Ability to override the entrypoint of the automigration container (e.g. to source dynamic secrets or export environment dynamic variables) |
 | keto.automigration.resources | object | `{}` | resource requests and limits for the automigration initcontainer |

diff --git a/helm/charts/keto/templates/job-migration.yaml b/helm/charts/keto/templates/job-migration.yaml
@@ -85,6 +85,10 @@ spec:
           {{- with $migrationExtraEnv }}
             {{- toYaml . | nindent 10 }}
           {{- end }}
+        {{- with .Values.keto.automigration.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
         {{- if .Values.securityContext }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 10 }}