From 85dee99e4496f1731d9361ffdb580cd84a8f7b8c Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Fri, 5 Jul 2024 08:33:18 +0200
Subject: [PATCH] feat(t8s-cluster/management-cluster): set a memory limit for
 the kube-apiserver, so things like kyverno won't take out the whole node
 (#1025)

---
 .../_kubeadmControlPlaneTemplateSpec.yaml                       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml
index f1b792d3d..28f897e22 100644
--- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml
+++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml
@@ -60,6 +60,8 @@ kubeadmConfigSpec:
     - content: |- {{- .Values.global.injectedCertificateAuthorities | nindent 8 }}
       path: /usr/local/share/ca-certificates/injected-ca-certs.crt
     {{- end }}
+    {{- $apiserverPatch := dict "spec" (dict "containers" (list (dict "name" "kube-apiserver" "resources" (dict "requests" (dict "memory" "2Gi") "limits" (dict "memory" "4Gi"))))) }}
+    {{- list (include "t8s-cluster.patches.patchFile" (dict "values" $apiserverPatch "target" "kube-apiserver" "component" "memory") | fromYaml) | toYaml | nindent 4 }}
   initConfiguration:
     nodeRegistration:
       kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 8 }}