Skip to content

Enable configuration of agent pods ephemeral storage

Yasha Riserequested to merge
434448-operational-container-scanning-can-fail-for-k8s-clusters-that-have-low-default-ephemeral into master

Overview

This MR adds the ability to configure the ephemeral storage request and limit values for pods created by the GitLab k8s agent. This is done to enable increasing ephemeral storage when it may be insufficient and lead to failing pods.

Users will now be able to have ephemeral_storage as a value in their config to define ephemeral storage usage. For example:

container_scanning:
  cadence: '*/5 * * * *'
  vulnerability_report:
    namespaces:
      - default
  resource_requirements:
    requests:
      memory: 200Mi
      ephemeral_storage: 2Gi
    limits:
      memory: 1Gi
      ephemeral_storage: 4Gi

Note that limits may not be set on GKE.

Relates to Operational Container Scanning can fail for k8s... (gitlab-org/gitlab#434448 - closed).

  • Add usage of EphemeralStorage configuration to resources manager

  • Add ephemeral_storage to agent configuration

  • Add informative message when pod is evicted

Screenshots

Trivy pod run by GitLab agent on GKE Autopilot without configuration (default ephemeral storage is 1Gi).

image

New pod after adding ephemeral_storage: 2Gi under requests in the config (Note that limits may not be set on GKE):

image

Edited by Yasha Rise

Merge request reports