Set resources limit for all containers

As a good practice we should set resource limits on each container sf-operator deploys. Without
them, containers are not constrained in CPU and MEM usage. Furthermore some cluster force
the use of a LimitRange resource for a namespace and this applies the same set of default values
on every container whatever it is.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
https://kubernetes.io/docs/concepts/policy/limit-range/

So with this change:
- All containers get a default Resources Limit which is (request.mem: 128Mi, request.cpu: 100m, limit.mem: 256Mi, limit.cpu: 500m)
- git-server - remove the nodepexporter container because the volume is not supposed to increase in size as we are (control plan) on control of the content stored into that storage
- git-server - Add probes
- Add a SetContainerLimitsLowProfile function used to set low limits for sidecar or init containers when it seems to make sense.
- Add a SetContainerLimitsHighProfile function used to set limits for containers that require more resources.
- Update CRD to add a LimitsSpec for MariaDB, Zookeeper, Nodepool launcher and builder, Zuul web, scheduler, executor, merger.
  This allows to customize the limits.

TODO: Add in documentation the constraints about the requests/and limits.

Change-Id: I743d38b09a0ba830511c56558f75d083272d3450

Author: morucci

api/v1/softwarefactory_types.go

@@ -257,6 +257,10 @@ type ZuulExecutorSpec struct {
 	// When set the Control plane is not deployed.
 	// The standalone executor must be able to connect to the control plane
 	Standalone *StandaloneZuulExecutorSpec `json:"standalone,omitempty"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
 }
 
 type ZuulWebSpec struct {
@@ -268,6 +272,10 @@ type ZuulWebSpec struct {
 	// Changing this value will restart the service.
 	// +optional
 	LogLevel LogLevel `json:"logLevel,omitempty"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
 }
 
 // Spec for the scheduler microservice
@@ -284,6 +292,10 @@ type ZuulSchedulerSpec struct {
 	// Changing this value will restart the service.
 	// +optional
 	LogLevel LogLevel `json:"logLevel,omitempty"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
 }
 
 // Zuul Merger Configuration, see [Zuul's documentation](https://zuul-ci.org/docs/zuul/latest/configuration.html#merger)
@@ -313,6 +325,10 @@ type ZuulMergerSpec struct {
 	// Changing this value will restart the service.
 	// +optional
 	LogLevel LogLevel `json:"logLevel,omitempty"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
 }
 
 // TODO: make sure to update the GetConnectionsName when adding new connection type.
@@ -435,6 +451,10 @@ type NodepoolLauncherSpec struct {
 	// Changing this value will restart the service.
 	// +optional
 	LogLevel LogLevel `json:"logLevel,omitempty"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
 }
 
 type NodepoolBuilderSpec struct {
@@ -446,6 +466,10 @@ type NodepoolBuilderSpec struct {
 	// "WARN",
 	// "DEBUG".
 	LogLevel LogLevel `json:"logLevel,omitempty"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
 }
 
 type NodepoolSpec struct {
@@ -459,13 +483,28 @@ type NodepoolSpec struct {
 
 type ZookeeperSpec struct {
 	Storage StorageSpec `json:"storage"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
+}
+
+type LimitsSpec struct {
+	// +kubebuilder:default:="2Gi"
+	Memory resource.Quantity `json:"memory"`
+	// +kubebuilder:default:="2000m"
+	CPU resource.Quantity `json:"cpu"`
 }
 
 type MariaDBSpec struct {
 	// Storage parameters related to mariaDB's data
 	DBStorage StorageSpec `json:"dbStorage"`
 	// Storage parameters related to the database's logging
 	LogStorage StorageSpec `json:"logStorage"`
+	// Memory/CPU Limit
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"memory": "2Gi", "cpu": "2000m"}
+	Limits *LimitsSpec `json:"limits"`
 }
 
 type GitServerSpec struct {

api/v1/zz_generated.deepcopy.go

@@ -37,6 +37,7 @@ import (
 	batchv1 "k8s.io/api/batch/v1"
 	apiv1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/resource"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -242,6 +243,8 @@ func configureGerritContainer(sts *appsv1.StatefulSet, volumeMounts []apiv1.Volu
 	sts.Spec.Template.Spec.Containers[0].Env = []apiv1.EnvVar{
 		base.MkEnvVar("HOME", "/gerrit"),
 		base.MkEnvVar("FQDN", fqdn),
+		base.MkEnvVar("JVM_XMS", "128m"),
+		base.MkEnvVar("JVM_XMX", "512m"),
 		base.MkSecretEnvVar("GERRIT_ADMIN_SSH", "admin-ssh-key", "priv"),
 	}
 	sts.Spec.Template.Spec.Containers[0].ReadinessProbe = base.MkReadinessCMDProbe([]string{"bash", "/gerrit/ready.sh"})
@@ -309,8 +312,16 @@ func createInitContainers(volumeMounts []apiv1.VolumeMount, fqdn string) []apiv1
 	container.Env = []apiv1.EnvVar{
 		base.MkSecretEnvVar("GERRIT_ADMIN_SSH_PUB", "admin-ssh-key", "pub"),
 		base.MkEnvVar("FQDN", fqdn),
+		base.MkEnvVar("JVM_XMS", "128m"),
+		base.MkEnvVar("JVM_XMX", "512m"),
 	}
 	container.VolumeMounts = volumeMounts
+	base.SetContainerLimits(
+		&container,
+		resource.MustParse("256Mi"),
+		resource.MustParse("512Mi"),
+		resource.MustParse("100m"),
+		resource.MustParse("1000m"))
 	return []apiv1.Container{
 		container,
 	}
@@ -342,6 +353,12 @@ func (g *GerritCMDContext) ensureStatefulSetOrDie() {
 	b, _ := g.getStatefulSetOrDie(name)
 	if !b {
 		container := base.MkContainer(name, gerritImage)
+		base.SetContainerLimits(
+			&container,
+			resource.MustParse("256Mi"),
+			resource.MustParse("512Mi"),
+			resource.MustParse("100m"),
+			resource.MustParse("1000m"))
 		storageConfig := controllers.BaseGetStorageConfOrDefault(v1.StorageSpec{}, "")
 		pvc := base.MkPVC(name, g.env.Ns, storageConfig, apiv1.ReadWriteOnce)
 		sts := base.MkStatefulset(

cli/cmd/dev/gerrit/gerrit.go

@@ -3,7 +3,7 @@
 set -ex
 
 # The /dev/./urandom is not a typo. https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for
-JAVA_OPTIONS="-Djava.security.egd=file:/dev/./urandom"
+JAVA_OPTIONS="-Djava.security.egd=file:/dev/./urandom -Xms${JVM_XMS} -Xmx${JVM_XMX}"
 
 echo "Set local git config for gerrit admin"
 cat << EOF > ~/.gitconfig

cli/cmd/dev/gerrit/static/entrypoint.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
 set -ex
-export HOME=/gerrit
 
+export HOME=/gerrit
 # The /dev/./urandom is not a typo. https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for
-JAVA_OPTIONS="-Djava.security.egd=file:/dev/./urandom"
+JAVA_OPTIONS="-Djava.security.egd=file:/dev/./urandom -Xms${JVM_XMS} -Xmx${JVM_XMX}"
 
 echo "Initializing Gerrit site ..."
 java ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war init -d ~/ --batch --no-auto-start --skip-plugins