fix: add resource requests/limits to init-sysctl containers (#220)

mwarkentin · web-flow · commit 9aec5753f18c · 2026-03-10T10:42:48.000-04:00
Fix for warnings from validating admission policies: ``` ❯ skd s4s2 frontend sentry-kube -C s4s2 -q diff frontend Rendering services: frontend Waiting on kubectl diff. Warning: Validation failed for ValidatingAdmissionPolicy 'cpu-resource-policy' with binding 'cpu-resource-policy-binding': frontend-default: all containers must have CPU requests set. Missing: init-sysctl Warning: Validation failed for ValidatingAdmissionPolicy 'memory-resource-policy' with binding 'memory-resource-policy-binding': frontend-default: memory request should equal memory limit (https://home.robusta.dev/blog/kubernetes-memory-limit). Offending: init-sysctl Warning: Validation failed for ValidatingAdmissionPolicy 'cpu-resource-policy' with binding 'cpu-resource-policy-binding': frontend-default-production-canary: all containers must have CPU requests set. Missing: init-sysctl Warning: Validation failed for ValidatingAdmissionPolicy 'memory-resource-policy' with binding 'memory-resource-policy-binding': frontend-default-production-canary: memory request should equal memory limit (https://home.robusta.dev/blog/kubernetes-memory-limit). Offending: init-sysctl ``` Resource usage for these containers is quite low: Max mem is 10% of limit set here: <img width="2552" height="324" alt="image" src="https://github.com/user-attachments/assets/f9fa3c1c-f047-4851-aaf4-cd598fc8afbf" /> Max CPU is well under 50m (note y-axis scale is **micro**cores, not millicores here), and it would be burstable anyways: <img width="2580" height="336" alt="image" src="https://github.com/user-attachments/assets/c5680716-3d37-4960-af71-7eec50d049e4" />
diff --git a/libsentrykube/ext.py b/libsentrykube/ext.py
@@ -809,6 +809,10 @@ def run(self, params: dict):
                 "image": "alpine:3.19",
                 "securityContext": {"privileged": True},
                 "command": ["sh", "-c", command],
+                "resources": {
+                    "requests": {"cpu": "50m", "memory": "64Mi"},
+                    "limits": {"memory": "64Mi"},
+                },
             }
         )
 

Original file line number	Diff line number	Diff line change
`@@ -809,6 +809,10 @@ def run(self, params: dict):`
`809`	`809`	`"image": "alpine:3.19",`
`810`	`810`	`"securityContext": {"privileged": True},`
`811`	`811`	`"command": ["sh", "-c", command],`
	`812`	`+ "resources": {`
	`813`	`+ "requests": {"cpu": "50m", "memory": "64Mi"},`
	`814`	`+ "limits": {"memory": "64Mi"},`
	`815`	`+ },`
`812`	`816`	`}`
`813`	`817`	`)`
`814`	`818`