-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
None
Background
There are 4 controller flags available to set the ACME solver pod's resources requests/limits: https://cert-manager.io/docs/cli/controller/
--acme-http01-solver-resource-limits-cpu string Defines the resource limits CPU size when spawning new ACME HTTP01 challenge solver pods. (default "100m") --acme-http01-solver-resource-limits-memory string Defines the resource limits Memory size when spawning new ACME HTTP01 challenge solver pods. (default "64Mi") --acme-http01-solver-resource-request-cpu string Defines the resource request CPU size when spawning new ACME HTTP01 challenge solver pods. (default "10m") --acme-http01-solver-resource-request-memory string Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods. (default "64Mi")
Upstream relevant code: https://github.com/cert-manager/cert-manager/blob/63b4706a2e27696bf580e346e47db7d502308c91/cmd/controller/app/options/options.go#L115-L125
In the downstream they are not being listed as "supportedCertManagerArgs": https://github.com/openshift/cert-manager-operator/blob/e426926ebd46ec9db42d40bd615734fe0d7a596f/pkg/controller/deployment/deployment_overrides_validation.go#L26 That means users can not set these flags unless using "spec.unsupportedConfigOverrides" of the certmanager.operator object.
Downstream turnon PR: https://github.com/openshift/cert-manager-operator/pull/240
Acceptance criteria
- Validate the values set via those flags can be correctly propagated into ACME solver pods, in the downstream supported approach.
- Document one test case into the Polarion.
- Ensure we have e2e test code to cover this scenario.
- Ensure existing e2es not being broken.
- relates to
-
CM-588 Review of cert-manager default ACME http01 solver pod resource requests and limits
-
- Closed
-
- links to