From 80eb8430839e7cd2599e3d93a7cf445c52d2014b Mon Sep 17 00:00:00 2001 From: Hector Fernandez Date: Tue, 11 Apr 2023 20:05:53 +0200 Subject: [PATCH] set new values for the system resources Signed-off-by: Hector Fernandez --- .github/workflows/kind-e2e-trustroot-crd.yaml | 1 + cmd/webhook/main.go | 6 ++++-- config/501-policy-webhook-configurations.yaml | 3 ++- config/webhook.yaml | 8 ++++---- .../kustomization.yaml | 2 +- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/kind-e2e-trustroot-crd.yaml b/.github/workflows/kind-e2e-trustroot-crd.yaml index 904f22c93..4f78e2bd1 100644 --- a/.github/workflows/kind-e2e-trustroot-crd.yaml +++ b/.github/workflows/kind-e2e-trustroot-crd.yaml @@ -84,6 +84,7 @@ jobs: # Wait for the webhook to come up and become Ready kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook + kubectl wait deployment -n cosign-system --for condition=Available=True --timeout=90s --all - name: Run TrustRoot CRD e2e tests diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index 6ac2b1823..5d484ccbb 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -206,7 +206,9 @@ var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{ batchv1.SchemeGroupVersion.WithKind("CronJob"): &crdNoStatusUpdatesOrDeletes{GenericCRD: &duckv1.CronJob{}}, batchv1beta1.SchemeGroupVersion.WithKind("CronJob"): &crdNoStatusUpdatesOrDeletes{GenericCRD: &duckv1.CronJob{}}, +} +var typesCIP = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{ // v1alpha1 v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicy"): &v1alpha1.ClusterImagePolicy{}, v1alpha1.SchemeGroupVersion.WithKind("TrustRoot"): &v1alpha1.TrustRoot{}, @@ -295,7 +297,7 @@ func NewPolicyValidatingAdmissionController(ctx context.Context, cmw configmap.W ctx, *validatingCIPWebhookName, "/validating", - types, + typesCIP, func(ctx context.Context) context.Context { ctx = policyControllerConfigStore.ToContext(ctx) return ctx @@ -309,7 +311,7 @@ func NewPolicyMutatingAdmissionController(ctx context.Context, cmw configmap.Wat ctx, *mutatingCIPWebhookName, "/defaulting", - types, + typesCIP, func(ctx context.Context) context.Context { return ctx }, diff --git a/config/501-policy-webhook-configurations.yaml b/config/501-policy-webhook-configurations.yaml index 12e45535e..97bd908e9 100644 --- a/config/501-policy-webhook-configurations.yaml +++ b/config/501-policy-webhook-configurations.yaml @@ -26,6 +26,7 @@ webhooks: matchPolicy: Equivalent name: defaulting.clusterimagepolicy.sigstore.dev sideEffects: None + timeoutSeconds: 25 --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -42,5 +43,5 @@ webhooks: matchPolicy: Equivalent name: validating.clusterimagepolicy.sigstore.dev sideEffects: None - + timeoutSeconds: 25 --- diff --git a/config/webhook.yaml b/config/webhook.yaml index 369a50543..2d46c407c 100644 --- a/config/webhook.yaml +++ b/config/webhook.yaml @@ -55,11 +55,11 @@ spec: ] resources: requests: - cpu: 20m - memory: 20Mi + cpu: 40m + memory: 40Mi limits: - cpu: 200m - memory: 200Mi + cpu: 400m + memory: 400Mi env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/test/kustomize-invalid-policy-resync-period/kustomization.yaml b/test/kustomize-invalid-policy-resync-period/kustomization.yaml index f17999cff..735110c5e 100644 --- a/test/kustomize-invalid-policy-resync-period/kustomization.yaml +++ b/test/kustomize-invalid-policy-resync-period/kustomization.yaml @@ -25,4 +25,4 @@ patches: target: kind: Deployment - name: policy-webhook + name: webhook