Set default limits to oauth proxy

Signed-off-by: Ruben Vargas <[email protected]>

internal/manifests/manifestutils/resources.go

@@ -24,13 +24,14 @@ var (
 		"jaeger-frontend": {cpu: 0.045, memory: 0.025},
 	}
 	resourcesMapWithGateway = map[string]componentResource{
-		"distributor":     {cpu: 0.26, memory: 0.11},
-		"ingester":        {cpu: 0.36, memory: 0.49},
-		"compactor":       {cpu: 0.15, memory: 0.17},
-		"querier":         {cpu: 0.09, memory: 0.14},
-		"query-frontend":  {cpu: 0.04, memory: 0.02},
-		"jaeger-frontend": {cpu: 0.04, memory: 0.02},
-		"gateway":         {cpu: 0.06, memory: 0.05},
+		"distributor":           {cpu: 0.26, memory: 0.11},
+		"ingester":              {cpu: 0.36, memory: 0.49},
+		"compactor":             {cpu: 0.15, memory: 0.17},
+		"querier":               {cpu: 0.09, memory: 0.14},
+		"query-frontend":        {cpu: 0.04, memory: 0.02},
+		"jaeger-frontend":       {cpu: 0.03, memory: 0.01},
+		"jaeger-frontend-proxy": {cpu: 0.01, memory: 0.01},
+		"gateway":               {cpu: 0.06, memory: 0.05},
 	}
 )
 

internal/manifests/monolithic/build.go

@@ -98,7 +98,9 @@ func BuildAll(opts Options) ([]client.Object, error) {
 					tempo.Spec.JaegerUI.Authentication,
 					tempo.Spec.Timeout.Duration,
 					opts.CtrlConfig,
-					statefulSet)
+					statefulSet,
+					tempo.Spec.Resources,
+				)
 				oauthproxy.PatchQueryFrontEndService(getJaegerUIService(services, tempo), tempo.Name)
 				if serviceAccount != nil {
 					oauthproxy.AddServiceAccountAnnotations(serviceAccount, route.Name)

internal/manifests/oauthproxy/oauth_proxy.go

@@ -75,7 +75,9 @@ func PatchStatefulSetForOauthProxy(
 	authSpec *v1alpha1.JaegerQueryAuthenticationSpec,
 	timeout time.Duration,
 	config configv1alpha1.ProjectConfig,
-	statefulSet *v1.StatefulSet) {
+	statefulSet *v1.StatefulSet,
+	defaultResources *corev1.ResourceRequirements,
+) {
 	statefulSet.Spec.Template.Spec.Volumes = append(statefulSet.Spec.Template.Spec.Volumes, corev1.Volume{
 		Name: getTLSSecretNameForFrontendService(tempo.Name),
 		VolumeSource: corev1.VolumeSource{
@@ -86,7 +88,8 @@ func PatchStatefulSetForOauthProxy(
 	})
 
 	statefulSet.Spec.Template.Spec.Containers = append(statefulSet.Spec.Template.Spec.Containers,
-		oAuthProxyContainer(tempo.Name, statefulSet.Spec.Template.Spec.ServiceAccountName, authSpec, timeout, config.DefaultImages.OauthProxy))
+		oAuthProxyContainer(tempo.Name, statefulSet.Spec.Template.Spec.ServiceAccountName, authSpec, timeout,
+			config.DefaultImages.OauthProxy, defaultResources))
 }
 
 // PatchDeploymentForOauthProxy returns a modified deployment with the oauth sidecar container and the right service account.
@@ -96,7 +99,9 @@ func PatchDeploymentForOauthProxy(
 	authSpec *v1alpha1.JaegerQueryAuthenticationSpec,
 	timeout time.Duration,
 	imageSpec configv1alpha1.ImagesSpec,
-	dep *v1.Deployment) {
+	dep *v1.Deployment,
+	defaultResources *corev1.ResourceRequirements,
+) {
 	dep.Spec.Template.Spec.Volumes = append(dep.Spec.Template.Spec.Volumes, corev1.Volume{
 		Name: getTLSSecretNameForFrontendService(tempo.Name),
 		VolumeSource: corev1.VolumeSource{
@@ -118,7 +123,9 @@ func PatchDeploymentForOauthProxy(
 			naming.Name(manifestutils.QueryFrontendComponentName, tempo.Name),
 			authSpec,
 			timeout,
-			oauthProxyImage))
+			oauthProxyImage,
+			defaultResources,
+		))
 }
 
 func getTLSSecretNameForFrontendService(tempoName string) string {
@@ -154,6 +161,7 @@ func oAuthProxyContainer(
 	authSpec *v1alpha1.JaegerQueryAuthenticationSpec,
 	timeout time.Duration,
 	oauthProxyImage string,
+	defaultResources *corev1.ResourceRequirements,
 ) corev1.Container {
 	args := proxyInitArguments(serviceAccountName, timeout)
 
@@ -163,7 +171,7 @@ func oAuthProxyContainer(
 
 	resources := authSpec.Resources
 	if resources == nil {
-		resources = &corev1.ResourceRequirements{}
+		resources = defaultResources
 	}
 
 	return corev1.Container{

internal/manifests/oauthproxy/oauth_proxy_test.go

@@ -117,6 +117,7 @@ func TestOauthProxyContainer(t *testing.T) {
 				params.Tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication,
 				time.Second*5,
 				customImage,
+				&corev1.ResourceRequirements{},
 			)
 			expected := corev1.Container{
 				Image: test.expectedImage,
@@ -346,7 +347,9 @@ func TestPatchDeploymentForOauthProxy(t *testing.T) {
 		params.Tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication,
 		time.Second*5,
 		params.Tempo.Spec.Images,
-		dep)
+		dep,
+		&corev1.ResourceRequirements{},
+	)
 
 	assert.Equal(t, 2, len(dep.Spec.Template.Spec.Containers))
 	assert.Equal(t, "oauth-proxy", dep.Spec.Template.Spec.Containers[1].Name)
@@ -485,7 +488,9 @@ func TestPatchStatefulSetForOauthProxy(t *testing.T) {
 		params.Tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication,
 		time.Second*5,
 		params.CtrlConfig,
-		statefulSet)
+		statefulSet,
+		&corev1.ResourceRequirements{},
+	)
 
 	assert.Equal(t, 2, len(statefulSet.Spec.Template.Spec.Containers))
 	assert.Equal(t, "oauth-proxy", statefulSet.Spec.Template.Spec.Containers[1].Name)

internal/manifests/queryfrontend/query_frontend.go

@@ -90,13 +90,16 @@ func BuildQueryFrontend(params manifestutils.Params) ([]client.Object, error) {
 			jaegerUIAuthentication := tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication
 
 			if jaegerUIAuthentication != nil && jaegerUIAuthentication.Enabled {
+				defaultOauthProxyResources := manifestutils.Resources(tempo, manifestutils.QueryFrontendComponentName, tempo.Spec.Template.QueryFrontend.Replicas)
 				oauthproxy.PatchDeploymentForOauthProxy(
 					tempo.ObjectMeta,
 					params.CtrlConfig,
 					tempo.Spec.Template.QueryFrontend.JaegerQuery.Authentication,
 					tempo.Spec.Timeout.Duration,
 					tempo.Spec.Images,
-					d)
+					d,
+					&defaultOauthProxyResources,
+				)
 
 				oauthproxy.PatchQueryFrontEndService(getQueryFrontendService(tempo, svcs), tempo.Name)
 				manifests = append(manifests, oauthproxy.OAuthServiceAccount(params))