Twistlock Defender resources are not injected into the DaemonSet manifest

Bug

Description

The recently added resources block for the defender DaemonSet in the values.yaml is not injected into the actual manifest for the DS. So the custom requests/limits are not being applied. Looks like a script is actually deploying the DS instead of a template, so I'm not sure how to actually inject that.

BigBang Version

What version of BigBang were you running? 2.23.0

added teamSecurity & Compliance label

added community-contribution label

added triage-kind label

added triage-priority label

added kindbug priority3 labels and removed triage-kind triage-priority labels

changed iteration to Big Bang Iterations Apr 2, 2024 - Apr 15, 2024

added statusready-to-work twistlock labels

set weight to 2

assigned to @bkhamitov

changed milestone to %2.25.0

mentioned in merge request !149 (closed)

removed iteration Big Bang Iterations Apr 2, 2024 - Apr 15, 2024

changed iteration to Big Bang Iterations Apr 16, 2024 - Apr 29, 2024

added statusdoing label and removed statusready-to-work label

changed milestone to %2.26.0

removed iteration Big Bang Iterations Apr 16, 2024 - Apr 29, 2024

changed iteration to Big Bang Iterations Apr 30, 2024 - May 13, 2024

changed milestone to %2.27.0

removed iteration Big Bang Iterations Apr 30, 2024 - May 13, 2024

changed iteration to Big Bang Iterations May 14, 2024 - May 27, 2024

changed milestone to %2.28.0

unassigned @bkhamitov

removed statusdoing label

created branch 109-twistlock-defender-resources-are-not-injected-into-the-daemonset-manifest to address this issue

created branch 109-twistlock-defender-resources-are-not-injected-into-the-daemonset-manifest-2 to address this issue

mentioned in merge request !175 (merged)

assigned to @bimbola81

mentioned in merge request big-bang/bigbang!4396 (merged)

closed with merge request big-bang/bigbang!4396 (merged)

mentioned in commit big-bang/bigbang@895079a2

mentioned in merge request !199 (closed)

mentioned in merge request !200 (merged)

mentioned in merge request big-bang/bigbang!4582 (merged)

mentioned in commit big-bang/bigbang@c106abbd

reopened

I'm re-opening this issue. It seems the resource values are not set correctly when installed through bigbang. When installing the package directly at the package level, the values are ok.

To test, I tried passing/over-writing the console and defender limit. The console limits are ok, but the defender resources are not applied:

twistlock:
  values:
    resources:
      limits:
        cpu: 6
        memory: 6Gi
      requests:
        cpu: 6
        memory: 6Gi
    defender:
      resources:
        limits:
          cpu: 5
          memory: 5Gi
        requests:
          cpu: 5
          memory: 5Gi

twistlock-console-6f5df4964d-p9zst:{"limits":{"cpu":"6","memory":"6Gi"},"requests":{"cpu":"6","memory":"6Gi"}}
twistlock-defender-ds-2lnmt:{"limits":{"cpu":"900m","memory":"512Mi"},"requests":{"cpu":"256m","memory":"512Mi"}}
twistlock-defender-ds-kc5nc:{"limits":{"cpu":"900m","memory":"512Mi"},"requests":{"cpu":"256m","memory":"512Mi"}}
twistlock-defender-ds-kn6dn:{"limits":{"cpu":"900m","memory":"512Mi"},"requests":{"cpu":"256m","memory":"512Mi"}}
twistlock-init-20240626134932-r8hrh:{"limits":{"cpu":"500m","memory":"256Mi"},"requests":{"cpu":"500m","memory":"256Mi"}}

When i tested it it locally it applied. I have no idea why is not applying. I will look into it again.

Thanks! I think you fixed some issues at the package level, but we should be able to set/override these resource limits at the bigbang level too -- and strange that the package-level default values are ignored when installing through the Big Bang umbrella chart.

Good morning @michaelmartin. So Bulat and i looked at this issue again yesterday @ here and hereit worked on our end. I will continue looking into it

Hi @bimbola81 ! This is working for me today .. maybe my test cluster was in a strange state or didn't pull in the changes . Thanks for looking into it again!!

closed