diff --git a/deploy/concierge/deployment.yaml b/deploy/concierge/deployment.yaml index 6aac1fd1e..0d5f0120c 100644 --- a/deploy/concierge/deployment.yaml +++ b/deploy/concierge/deployment.yaml @@ -192,6 +192,11 @@ spec: - name: NO_PROXY value: #@ data.values.no_proxy #@ end + #! reduce OOM likelihood + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory livenessProbe: httpGet: path: /healthz diff --git a/deploy/local-user-authenticator/deployment.yaml b/deploy/local-user-authenticator/deployment.yaml index fd92dda53..29b6f8c76 100644 --- a/deploy/local-user-authenticator/deployment.yaml +++ b/deploy/local-user-authenticator/deployment.yaml @@ -1,4 +1,4 @@ -#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +#! Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. #! SPDX-License-Identifier: Apache-2.0 #@ load("@ytt:data", "data") @@ -76,6 +76,12 @@ spec: #! `--validate=false` flag. Note that installing via `kapp` does not complain about this validation error. seccompProfile: type: "RuntimeDefault" + env: + #! reduce OOM likelihood + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory tolerations: - key: kubernetes.io/arch effect: NoSchedule diff --git a/deploy/supervisor/deployment.yaml b/deploy/supervisor/deployment.yaml index 909e424bf..d9e6383aa 100644 --- a/deploy/supervisor/deployment.yaml +++ b/deploy/supervisor/deployment.yaml @@ -1,4 +1,4 @@ -#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. +#! Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. #! SPDX-License-Identifier: Apache-2.0 #@ load("@ytt:data", "data") @@ -152,6 +152,11 @@ spec: - name: NO_PROXY value: #@ data.values.no_proxy #@ end + #! reduce OOM likelihood + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory livenessProbe: httpGet: path: /healthz