Assign correct resources to oauth proxy, empty as default

Signed-off-by: Ruben Vargas <[email protected]>
grafana · Feb 11, 2025 · f5ef119 · f5ef119
1 parent 1adba61
commit f5ef119
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 12 deletions.
diff --git a/api/tempo/v1alpha1/tempomonolithic_defaults.go b/api/tempo/v1alpha1/tempomonolithic_defaults.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 	"time"
 
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
@@ -84,6 +85,10 @@ func (r *TempoMonolithic) Default(ctrlConfig configv1alpha1.ProjectConfig) {
 				defaultSAR := fmt.Sprintf("{\"namespace\": \"%s\", \"resource\": \"pods\", \"verb\": \"get\"}", r.Namespace)
 				r.Spec.JaegerUI.Authentication.SAR = defaultSAR
 			}
+
+			if r.Spec.JaegerUI.Authentication.Resources == nil {
+				r.Spec.JaegerUI.Authentication.Resources = &corev1.ResourceRequirements{}
+			}
 		}
 
 		if r.Spec.JaegerUI.ServicesQueryDuration == nil {

diff --git a/api/tempo/v1alpha1/tempomonolithic_defaults_test.go b/api/tempo/v1alpha1/tempomonolithic_defaults_test.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -193,8 +194,9 @@ func TestMonolithicDefault(t *testing.T) {
 							Termination: TLSRouteTerminationTypeEdge,
 						},
 						Authentication: &JaegerQueryAuthenticationSpec{
-							Enabled: true,
-							SAR:     "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Enabled:   true,
+							SAR:       "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Resources: &corev1.ResourceRequirements{},
 						},
 						ServicesQueryDuration:        &defaultServicesDuration,
 						FindTracesConcurrentRequests: 2,
@@ -267,8 +269,9 @@ func TestMonolithicDefault(t *testing.T) {
 							Termination: TLSRouteTerminationTypeEdge,
 						},
 						Authentication: &JaegerQueryAuthenticationSpec{
-							Enabled: false,
-							SAR:     "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Enabled:   false,
+							SAR:       "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Resources: &corev1.ResourceRequirements{},
 						},
 						ServicesQueryDuration:        &defaultServicesDuration,
 						FindTracesConcurrentRequests: 2,
@@ -333,8 +336,9 @@ func TestMonolithicDefault(t *testing.T) {
 							Termination: TLSRouteTerminationTypeEdge,
 						},
 						Authentication: &JaegerQueryAuthenticationSpec{
-							Enabled: true,
-							SAR:     "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Enabled:   true,
+							SAR:       "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Resources: &corev1.ResourceRequirements{},
 						},
 						ServicesQueryDuration:        &defaultServicesDuration,
 						FindTracesConcurrentRequests: 2,
@@ -364,7 +368,8 @@ func TestMonolithicDefault(t *testing.T) {
 							Enabled: true,
 						},
 						Authentication: &JaegerQueryAuthenticationSpec{
-							Enabled: false,
+							Enabled:   false,
+							Resources: &corev1.ResourceRequirements{},
 						},
 					},
 				},
@@ -398,8 +403,9 @@ func TestMonolithicDefault(t *testing.T) {
 							Termination: TLSRouteTerminationTypeEdge,
 						},
 						Authentication: &JaegerQueryAuthenticationSpec{
-							Enabled: false,
-							SAR:     "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Enabled:   false,
+							SAR:       "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Resources: &corev1.ResourceRequirements{},
 						},
 						ServicesQueryDuration:        &defaultServicesDuration,
 						FindTracesConcurrentRequests: 2,
@@ -463,8 +469,9 @@ func TestMonolithicDefault(t *testing.T) {
 							Termination: TLSRouteTerminationTypeEdge,
 						},
 						Authentication: &JaegerQueryAuthenticationSpec{
-							Enabled: false,
-							SAR:     "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Enabled:   false,
+							SAR:       "{\"namespace\": \"testns\", \"resource\": \"pods\", \"verb\": \"get\"}",
+							Resources: &corev1.ResourceRequirements{},
 						},
 						ServicesQueryDuration:        &v1.Duration{Duration: time.Duration(100 * 100)},
 						FindTracesConcurrentRequests: 40,

diff --git a/internal/manifests/monolithic/build.go b/internal/manifests/monolithic/build.go
@@ -93,13 +93,14 @@ func BuildAll(opts Options) ([]client.Object, error) {
 			}
 			manifests = append(manifests, route)
 			if tempo.Spec.JaegerUI.Authentication.Enabled && !tempo.Spec.Multitenancy.IsGatewayEnabled() {
+
 				oauthproxy.PatchStatefulSetForOauthProxy(
 					tempo.ObjectMeta,
 					tempo.Spec.JaegerUI.Authentication,
 					tempo.Spec.Timeout.Duration,
 					opts.CtrlConfig,
 					statefulSet,
-					tempo.Spec.Resources,
+					tempo.Spec.JaegerUI.Authentication.Resources,
 				)
 				oauthproxy.PatchQueryFrontEndService(getJaegerUIService(services, tempo), tempo.Name)
 				if serviceAccount != nil {