Use resource config for container scanning when creating scanner pod (!949) · Merge requests · GitLab.org / cluster-integration / GitLab Agent for Kubernetes

Shao Ming Tan requested to merge 384238-allow-operational-container-scanning-maximum-memory-setting-to-be-configured-via-agent into master May 08, 2023

What does this MR do and why?

Currently, a user is unable to configure the Trivy Scanner Pod resources. When large images are scanned it causes the Pod to fail with OOMKilled errors.

This MR introduces new fields that the user can set in the agent config to specify the resource configuration of the Trivy Scanner Pod.

~~This MR introduces configurations defined from the helm chart to specify the resource configuration of the Trivy Scanner Pod.~~

This MR is related to this MR Add config for container scanning (gitlab-org/charts/gitlab-agent!49 - closed) to update the helm chart for a user to be able to configure the Trivy Scanner Pod resources.

Issue link: Allow Operational Container Scanning maximum me... (gitlab-org/gitlab#384238 - closed)

How to set up and validate locally

Configure agent config with resource requirements

Set resources to a low value to simulate a "large" image being scanned and observe that the Pod fails and is cleaned up properly.

container_scanning:
  cadence: '08 * * * *'
  vulnerability_report:
    namespaces:
      - kube-system
  resource_requirements:
    limits:
      cpu: 10m
      memory: 50Mi
    requests:
      cpu: 10m
      memory: 50Mi

observability:
  logging:
    level: debug

Repeat step 1 with larger values and observe that the scanner pod is created with the specified values.

Edited Jun 07, 2023 by Shao Ming Tan

Use resource config for container scanning when creating scanner pod

What does this MR do and why?

How to set up and validate locally

Merge request reports