From 11803892750ea19050dff597ea68860f27cb5a5a Mon Sep 17 00:00:00 2001
From: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Date: Tue, 23 Jul 2024 10:22:52 -0600
Subject: [PATCH] Backport of Net 10114 consul is under resourced when
 deploying to crc local version of open shift into release/1.4.x (#4199)

* backport of commit 2fecfa92ab3ab09f0bb61d9c6a4107984094d937

* backport of commit 640a7927606346e86f4836f3dcd9dba1006c1dfa

* backport of commit 8ef3b40d877a7ce529893e56fea6b7e4d805dffb

* backport of commit a083db04917ac697357c7582c9cf8b05911d8f86

* Net 10114 consul is under resourced when deploying to crc local version of open shift (#4184)

* cert managerkubectl get pods

* make resources for webhook cert manager configurable

* changelog entry

* Update charts/consul/values.yaml

* make gateway resources configurable

* update changelog

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
---
 .changelog/4184.txt                           |  4 ++
 .../templates/gateway-resources-job.yaml      |  9 +--
 .../webhook-cert-manager-deployment.yaml      |  9 +--
 charts/consul/values.yaml                     | 56 +++++++++++++++++++
 4 files changed, 66 insertions(+), 12 deletions(-)
 create mode 100644 .changelog/4184.txt

diff --git a/.changelog/4184.txt b/.changelog/4184.txt
new file mode 100644
index 0000000000..2e56047b49
--- /dev/null
+++ b/.changelog/4184.txt
@@ -0,0 +1,4 @@
+```release-note:improvement
+* helm: Adds `webhookCertManager.resources` field which can be configured to override the `resource` settings for the `webhook-cert-manager` deployment.
+* helm: Adds `connectInject.apiGateway.managedGatewayClass.resourceJob.resources` field which can be configured to override the `resource` settings for the `gateway-resources-job` job.
+```
\ No newline at end of file
diff --git a/charts/consul/templates/gateway-resources-job.yaml b/charts/consul/templates/gateway-resources-job.yaml
index ead22833e9..2a5905f304 100644
--- a/charts/consul/templates/gateway-resources-job.yaml
+++ b/charts/consul/templates/gateway-resources-job.yaml
@@ -111,13 +111,10 @@ spec:
             - -metrics-port={{ .Values.connectInject.apiGateway.managedGatewayClass.metrics.port }}
             {{- end }}
             {{- end }}
+          {{- with .Values.connectInject.apiGateway.managedGatewayClass.resourceJob.resources }}
           resources:
-            requests:
-              memory: "50Mi"
-              cpu: "50m"
-            limits:
-              memory: "50Mi"
-              cpu: "50m"
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - name: config
               mountPath: /consul/config
diff --git a/charts/consul/templates/webhook-cert-manager-deployment.yaml b/charts/consul/templates/webhook-cert-manager-deployment.yaml
index 45c87c9ceb..78bb50168e 100644
--- a/charts/consul/templates/webhook-cert-manager-deployment.yaml
+++ b/charts/consul/templates/webhook-cert-manager-deployment.yaml
@@ -53,13 +53,10 @@ spec:
         image: {{ .Values.global.imageK8S }}
         name: webhook-cert-manager
         {{- include "consul.restrictedSecurityContext" . | nindent 8 }}
+        {{- with .Values.webhookCertManager.resources }}
         resources:
-          limits:
-            cpu: 100m
-            memory: 50Mi
-          requests:
-            cpu: 100m
-            memory: 50Mi
+          {{- toYaml . | nindent 12 }}
+        {{- end }}
         volumeMounts:
         - name: config
           mountPath: /bootstrap/config
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
index 21cf3e1f9c..117108f2fd 100644
--- a/charts/consul/values.yaml
+++ b/charts/consul/values.yaml
@@ -2462,6 +2462,35 @@ connectInject:
       # will be the 80 + the number defined below.
       mapPrivilegedContainerPorts: 0
 
+      # This value contains settings related to the gateway_resources_job that runs on helm install
+      resourceJob:
+        # The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods.
+        # This should be a YAML map corresponding to a Kubernetes
+        # [`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core)
+        # object.
+        #
+        # Example:
+        #
+        # ```yaml
+        # resources:
+        #   requests:
+        #     memory: '200Mi'
+        #     cpu: '100m'
+        #   limits:
+        #     memory: '200Mi'
+        #     cpu: '100m'
+        # ```
+        #
+        # @recurse: false
+        # @type: map
+        resources:
+          requests:
+            memory: "50Mi"
+            cpu: "50m"
+          limits:
+            memory: "50Mi"
+            cpu: "50m"
+
     # Configuration for the ServiceAccount created for the api-gateway component
     serviceAccount:
       # This value defines additional annotations for the client service account. This should be formatted as a multi-line
@@ -3641,6 +3670,33 @@ webhookCertManager:
   # @type: string
   nodeSelector: null
 
+  # The resource requests (CPU, memory, etc.) for the server-acl-init and server-acl-init-cleanup pods.
+  # This should be a YAML map corresponding to a Kubernetes
+  # [`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core)
+  # object.
+  #
+  # Example:
+  #
+  # ```yaml
+  # resources:
+  #   requests:
+  #     memory: '200Mi'
+  #     cpu: '100m'
+  #   limits:
+  #     memory: '200Mi'
+  #     cpu: '100m'
+  # ```
+  #
+  # @recurse: false
+  # @type: map
+  resources:
+    requests:
+      memory: "50Mi"
+      cpu: "100m"
+    limits:
+      memory: "50Mi"
+      cpu: "100m"
+
 # Configures a demo Prometheus installation.
 prometheus:
   # When true, the Helm chart will install a demo Prometheus server instance