From e26298c03f6868de5c40a751cf7eb1f5b3618666 Mon Sep 17 00:00:00 2001 From: Ruben Vargas Date: Thu, 30 Jan 2025 00:48:43 -0600 Subject: [PATCH 1/2] Set default limits to oauth proxy Signed-off-by: Ruben Vargas --- .chloggen/set_recources_tempo_frontend.yaml | 16 ++++++++++++++++ internal/manifests/manifestutils/resources.go | 15 ++++++++------- internal/manifests/monolithic/build.go | 4 +++- internal/manifests/oauthproxy/oauth_proxy.go | 18 +++++++++++++----- .../manifests/oauthproxy/oauth_proxy_test.go | 9 +++++++-- .../manifests/queryfrontend/query_frontend.go | 5 ++++- 6 files changed, 51 insertions(+), 16 deletions(-) create mode 100755 .chloggen/set_recources_tempo_frontend.yaml diff --git a/.chloggen/set_recources_tempo_frontend.yaml b/.chloggen/set_recources_tempo_frontend.yaml new file mode 100755 index 000000000..62a3041d7 --- /dev/null +++ b/.chloggen/set_recources_tempo_frontend.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: bug_fix + +# The name of the component, or a single word describing the area of concern, (e.g. tempostack, tempomonolithic, github action) +component: tempostack, tempomonolithic + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Assign a percentage of the resources to oauth-proxy if resources are not specified + +# One or more tracking issues related to the change +issues: [1107] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/internal/manifests/manifestutils/resources.go b/internal/manifests/manifestutils/resources.go index f71c64a4b..807f41ede 100644 --- a/internal/manifests/manifestutils/resources.go +++ b/internal/manifests/manifestutils/resources.go @@ -24,13 +24,14 @@ var ( "jaeger-frontend": {cpu: 0.045, memory: 0.025}, } resourcesMapWithGateway = map[string]componentResource{ - "distributor": {cpu: 0.26, memory: 0.11}, - "ingester": {cpu: 0.36, memory: 0.49}, - "compactor": {cpu: 0.15, memory: 0.17}, - "querier": {cpu: 0.09, memory: 0.14}, - "query-frontend": {cpu: 0.04, memory: 0.02}, - "jaeger-frontend": {cpu: 0.04, memory: 0.02}, - "gateway": {cpu: 0.06, memory: 0.05}, + "distributor": {cpu: 0.26, memory: 0.11}, + "ingester": {cpu: 0.36, memory: 0.49}, + "compactor": {cpu: 0.15, memory: 0.17}, + "querier": {cpu: 0.09, memory: 0.14}, + "query-frontend": {cpu: 0.04, memory: 0.02}, + "jaeger-frontend": {cpu: 0.03, memory: 0.01}, + "jaeger-frontend-proxy": {cpu: 0.01, memory: 0.01}, + "gateway": {cpu: 0.06, memory: 0.05}, } ) diff --git a/internal/manifests/monolithic/build.go b/internal/manifests/monolithic/build.go index 5f3245def..6576d1894 100644 --- a/internal/manifests/monolithic/build.go +++ b/internal/manifests/monolithic/build.go @@ -98,7 +98,9 @@ func BuildAll(opts Options) ([]client.Object, error) { tempo.Spec.JaegerUI.Authentication, tempo.Spec.Timeout.Duration, opts.CtrlConfig, - statefulSet) + statefulSet, + tempo.Spec.Resources, + ) oauthproxy.PatchQueryFrontEndService(getJaegerUIService(services, tempo), tempo.Name) if serviceAccount != nil { oauthproxy.AddServiceAccountAnnotations(serviceAccount, route.Name) diff --git a/internal/manifests/oauthproxy/oauth_proxy.go b/internal/manifests/oauthproxy/oauth_proxy.go index 267647f5b..5637451fe 100644 --- a/internal/manifests/oauthproxy/oauth_proxy.go +++ b/internal/manifests/oauthproxy/oauth_proxy.go @@ -75,7 +75,9 @@ func PatchStatefulSetForOauthProxy( authSpec *v1alpha1.JaegerQueryAuthenticationSpec, timeout time.Duration, config configv1alpha1.ProjectConfig, - statefulSet *v1.StatefulSet) { + statefulSet *v1.StatefulSet, + defaultResources *corev1.ResourceRequirements, +) { statefulSet.Spec.Template.Spec.Volumes = append(statefulSet.Spec.Template.Spec.Volumes, corev1.Volume{ Name: getTLSSecretNameForFrontendService(tempo.Name), VolumeSource: corev1.VolumeSource{ @@ -86,7 +88,8 @@ func PatchStatefulSetForOauthProxy( }) statefulSet.Spec.Template.Spec.Containers = append(statefulSet.Spec.Template.Spec.Containers, - oAuthProxyContainer(tempo.Name, statefulSet.Spec.Template.Spec.ServiceAccountName, authSpec, timeout, config.DefaultImages.OauthProxy)) + oAuthProxyContainer(tempo.Name, statefulSet.Spec.Template.Spec.ServiceAccountName, authSpec, timeout, + config.DefaultImages.OauthProxy, defaultResources)) } // PatchDeploymentForOauthProxy returns a modified deployment with the oauth sidecar container and the right service account. @@ -96,7 +99,9 @@ func PatchDeploymentForOauthProxy( authSpec *v1alpha1.JaegerQueryAuthenticationSpec, timeout time.Duration, imageSpec configv1alpha1.ImagesSpec, - dep *v1.Deployment) { + dep *v1.Deployment, + defaultResources *corev1.ResourceRequirements, +) { dep.Spec.Template.Spec.Volumes = append(dep.Spec.Template.Spec.Volumes, corev1.Volume{ Name: getTLSSecretNameForFrontendService(tempo.Name), VolumeSource: corev1.VolumeSource{ @@ -118,7 +123,9 @@ func PatchDeploymentForOauthProxy( naming.Name(manifestutils.QueryFrontendComponentName, tempo.Name), authSpec, timeout, - oauthProxyImage)) + oauthProxyImage, + defaultResources, + )) } func getTLSSecretNameForFrontendService(tempoName string) string { @@ -154,6 +161,7 @@ func oAuthProxyContainer( authSpec *v1alpha1.JaegerQueryAuthenticationSpec, timeout time.Duration, oauthProxyImage string, + defaultResources *corev1.ResourceRequirements, ) corev1.Container { args := proxyInitArguments(serviceAccountName, timeout) @@ -163,7 +171,7 @@ func oAuthProxyContainer( resources := authSpec.Resources if resources == nil { - resources = &corev1.ResourceRequirements{} + resources = defaultResources } return corev1.Container{ diff --git a/internal/manifests/oauthproxy/oauth_proxy_test.go b/internal/manifests/oauthproxy/oauth_proxy_test.go index 12b3b0bda..e8f0319d9 100644 --- a/internal/manifests/oauthproxy/oauth_proxy_test.go +++ b/internal/manifests/oauthproxy/oauth_proxy_test.go @@ -117,6 +117,7 @@ func TestOauthProxyContainer(t *testing.T) { params.Tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication, time.Second*5, customImage, + &corev1.ResourceRequirements{}, ) expected := corev1.Container{ Image: test.expectedImage, @@ -346,7 +347,9 @@ func TestPatchDeploymentForOauthProxy(t *testing.T) { params.Tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication, time.Second*5, params.Tempo.Spec.Images, - dep) + dep, + &corev1.ResourceRequirements{}, + ) assert.Equal(t, 2, len(dep.Spec.Template.Spec.Containers)) assert.Equal(t, "oauth-proxy", dep.Spec.Template.Spec.Containers[1].Name) @@ -485,7 +488,9 @@ func TestPatchStatefulSetForOauthProxy(t *testing.T) { params.Tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication, time.Second*5, params.CtrlConfig, - statefulSet) + statefulSet, + &corev1.ResourceRequirements{}, + ) assert.Equal(t, 2, len(statefulSet.Spec.Template.Spec.Containers)) assert.Equal(t, "oauth-proxy", statefulSet.Spec.Template.Spec.Containers[1].Name) diff --git a/internal/manifests/queryfrontend/query_frontend.go b/internal/manifests/queryfrontend/query_frontend.go index 35334d57d..57726e387 100644 --- a/internal/manifests/queryfrontend/query_frontend.go +++ b/internal/manifests/queryfrontend/query_frontend.go @@ -90,13 +90,16 @@ func BuildQueryFrontend(params manifestutils.Params) ([]client.Object, error) { jaegerUIAuthentication := tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication if jaegerUIAuthentication != nil && jaegerUIAuthentication.Enabled { + defaultOauthProxyResources := manifestutils.Resources(tempo, manifestutils.QueryFrontendComponentName, tempo.Spec.Template.QueryFrontend.Replicas) oauthproxy.PatchDeploymentForOauthProxy( tempo.ObjectMeta, params.CtrlConfig, tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication, tempo.Spec.Timeout.Duration, tempo.Spec.Images, - d) + d, + &defaultOauthProxyResources, + ) oauthproxy.PatchQueryFrontEndService(getQueryFrontendService(tempo, svcs), tempo.Name) manifests = append(manifests, oauthproxy.OAuthServiceAccount(params)) From f177f63b71cc37c0f73dc14daad9795465d089be Mon Sep 17 00:00:00 2001 From: Ruben Vargas Date: Fri, 7 Feb 2025 07:10:15 -0600 Subject: [PATCH 2/2] fix component name Signed-off-by: Ruben Vargas --- internal/manifests/queryfrontend/query_frontend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/manifests/queryfrontend/query_frontend.go b/internal/manifests/queryfrontend/query_frontend.go index 57726e387..a344353c2 100644 --- a/internal/manifests/queryfrontend/query_frontend.go +++ b/internal/manifests/queryfrontend/query_frontend.go @@ -90,7 +90,7 @@ func BuildQueryFrontend(params manifestutils.Params) ([]client.Object, error) { jaegerUIAuthentication := tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication if jaegerUIAuthentication != nil && jaegerUIAuthentication.Enabled { - defaultOauthProxyResources := manifestutils.Resources(tempo, manifestutils.QueryFrontendComponentName, tempo.Spec.Template.QueryFrontend.Replicas) + defaultOauthProxyResources := manifestutils.Resources(tempo, manifestutils.QueryFrontendOauthProxyComponentName, tempo.Spec.Template.QueryFrontend.Replicas) oauthproxy.PatchDeploymentForOauthProxy( tempo.ObjectMeta, params.CtrlConfig,