Skip to content

Commit df97e40

Browse files
csatib02csatib02
committed
fix: vault-env oom killed
Signed-off-by: Bence Csati <bence.csati@axoflow.com>
1 parent 427420b commit df97e40

File tree

2 files changed

+15
-12
lines changed

2 files changed

+15
-12
lines changed

e2e/main_test.go

+11-8
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,10 @@ import (
4343
)
4444

4545
// Upgrade this when a new version is released
46-
const vaultOperatorVersion = "1.22.4"
46+
const (
47+
defaultTimeout = 2 * time.Minute
48+
vaultOperatorVersion = "1.22.4"
49+
)
4750

4851
var testenv env.Environment
4952

@@ -132,7 +135,7 @@ func installVaultOperator(ctx context.Context, cfg *envconf.Config) (context.Con
132135
helm.WithArgs("--create-namespace"),
133136
helm.WithVersion(vaultOperatorVersion),
134137
helm.WithWait(),
135-
helm.WithTimeout("2m"),
138+
helm.WithTimeout(defaultTimeout.String()),
136139
)
137140
if err != nil {
138141
return ctx, fmt.Errorf("installing vault-operator: %w", err)
@@ -148,7 +151,7 @@ func uninstallVaultOperator(ctx context.Context, cfg *envconf.Config) (context.C
148151
helm.WithName("vault-operator"),
149152
helm.WithNamespace("vault-operator"),
150153
helm.WithWait(),
151-
helm.WithTimeout("2m"),
154+
helm.WithTimeout(defaultTimeout.String()),
152155
)
153156
if err != nil {
154157
return ctx, fmt.Errorf("uninstalling vault-operator: %w", err)
@@ -176,7 +179,7 @@ func installVaultSecretsWebhook(ctx context.Context, cfg *envconf.Config) (conte
176179
helm.WithNamespace("vault-secrets-webhook"),
177180
helm.WithArgs("-f", "deploy/vault-secrets-webhook/values.yaml", "--set", "image.tag="+version),
178181
helm.WithWait(),
179-
helm.WithTimeout("2m"),
182+
helm.WithTimeout(defaultTimeout.String()),
180183
)
181184
if err != nil {
182185
return ctx, fmt.Errorf("installing vault-secrets-webhook: %w", err)
@@ -192,7 +195,7 @@ func uninstallVaultSecretsWebhook(ctx context.Context, cfg *envconf.Config) (con
192195
helm.WithName("vault-secrets-webhook"),
193196
helm.WithNamespace("vault-secrets-webhook"),
194197
helm.WithWait(),
195-
helm.WithTimeout("2m"),
198+
helm.WithTimeout(defaultTimeout.String()),
196199
)
197200
if err != nil {
198201
return ctx, fmt.Errorf("uninstalling vault-secrets-webhook: %w", err)
@@ -233,7 +236,7 @@ func installVault(ctx context.Context, cfg *envconf.Config) (context.Context, er
233236
}
234237

235238
// wait for the statefulSet to become available
236-
err = wait.For(conditions.New(r).ResourcesFound(statefulSets), wait.WithTimeout(1*time.Minute))
239+
err = wait.For(conditions.New(r).ResourcesFound(statefulSets), wait.WithTimeout(defaultTimeout))
237240
if err != nil {
238241
return ctx, err
239242
}
@@ -245,7 +248,7 @@ func installVault(ctx context.Context, cfg *envconf.Config) (context.Context, er
245248
}
246249

247250
// wait for the pod to become available
248-
err = wait.For(conditions.New(r).PodReady(&pod), wait.WithTimeout(1*time.Minute))
251+
err = wait.For(conditions.New(r).PodReady(&pod), wait.WithTimeout(defaultTimeout))
249252
if err != nil {
250253
return ctx, err
251254
}
@@ -263,7 +266,7 @@ func waitForVaultTLS(ctx context.Context, cfg *envconf.Config) (context.Context,
263266
}
264267

265268
// wait for the vault-tls secret to become available
266-
err := wait.For(conditions.New(cfg.Client().Resources()).ResourcesFound(vaultTLSSecrets), wait.WithTimeout(1*time.Minute))
269+
err := wait.For(conditions.New(cfg.Client().Resources()).ResourcesFound(vaultTLSSecrets), wait.WithTimeout(defaultTimeout))
267270
if err != nil {
268271
return ctx, err
269272
}

pkg/webhook/config.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -412,25 +412,25 @@ func parseVaultConfig(obj metav1.Object, ar *model.AdmissionReview) VaultConfig
412412
if val, err := resource.ParseQuantity(viper.GetString("VAULT_ENV_CPU_REQUEST")); err == nil {
413413
vaultConfig.EnvCPURequest = val
414414
} else {
415-
vaultConfig.EnvCPURequest = resource.MustParse("50m")
415+
vaultConfig.EnvCPURequest = resource.MustParse("100m")
416416
}
417417

418418
if val, err := resource.ParseQuantity(viper.GetString("VAULT_ENV_MEMORY_REQUEST")); err == nil {
419419
vaultConfig.EnvMemoryRequest = val
420420
} else {
421-
vaultConfig.EnvMemoryRequest = resource.MustParse("64Mi")
421+
vaultConfig.EnvMemoryRequest = resource.MustParse("128Mi")
422422
}
423423

424424
if val, err := resource.ParseQuantity(viper.GetString("VAULT_ENV_CPU_LIMIT")); err == nil {
425425
vaultConfig.EnvCPULimit = val
426426
} else {
427-
vaultConfig.EnvCPULimit = resource.MustParse("250m")
427+
vaultConfig.EnvCPULimit = resource.MustParse("500m")
428428
}
429429

430430
if val, err := resource.ParseQuantity(viper.GetString("VAULT_ENV_MEMORY_LIMIT")); err == nil {
431431
vaultConfig.EnvMemoryLimit = val
432432
} else {
433-
vaultConfig.EnvMemoryLimit = resource.MustParse("64Mi")
433+
vaultConfig.EnvMemoryLimit = resource.MustParse("256Mi")
434434
}
435435

436436
if val, ok := annotations[common.MutateProbesAnnotation]; ok {

0 commit comments

Comments
 (0)