Use "requests" for CPU resources instead of limits

We now use a CPU request to ensure logging infrastructure pods are
not capped by default for CPU usage. It is still important to ensure
we have a minimum amount of CPU.

We keep the use of the variables *_cpu_limit so that the existing
behavior is maintained.

Note that we don't want to cap an infra pod's CPU usage by default,
since we want to be able to use the necessary resources to complete
it's tasks.

Bug 1501960 (https://bugzilla.redhat.com/show_bug.cgi?id=1501960)

docs/proposals/role_decomposition.md

@@ -158,13 +158,13 @@ providing the location of the generated certificates to the individual roles.
     openshift_logging_kibana_es_host: "{{ openshift_logging_es_ops_host }}"
     openshift_logging_kibana_es_port: "{{ openshift_logging_es_ops_port }}"
     openshift_logging_kibana_nodeselector: "{{ openshift_logging_kibana_ops_nodeselector }}"
-    openshift_logging_kibana_cpu_limit: "{{ openshift_logging_kibana_ops_cpu_limit }}"
     openshift_logging_kibana_memory_limit: "{{ openshift_logging_kibana_ops_memory_limit }}"
+    openshift_logging_kibana_cpu_request: "{{ openshift_logging_kibana_ops_cpu_request }}"
     openshift_logging_kibana_hostname: "{{ openshift_logging_kibana_ops_hostname }}"
     openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_ops_replica_count }}"
     openshift_logging_kibana_proxy_debug: "{{ openshift_logging_kibana_ops_proxy_debug }}"
-    openshift_logging_kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_ops_proxy_cpu_limit }}"
     openshift_logging_kibana_proxy_memory_limit: "{{ openshift_logging_kibana_ops_proxy_memory_limit }}"
+    openshift_logging_kibana_proxy_cpu_request: "{{ openshift_logging_kibana_ops_proxy_cpu_request }}"
     openshift_logging_kibana_cert: "{{ openshift_logging_kibana_ops_cert }}"
     openshift_logging_kibana_key: "{{ openshift_logging_kibana_ops_key }}"
     openshift_logging_kibana_ca: "{{ openshift_logging_kibana_ops_ca}}"
@@ -193,8 +193,8 @@ providing the location of the generated certificates to the individual roles.
     openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix }}"
     openshift_logging_curator_image_version: "{{ openshift_logging_image_version }}"
     openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}"
-    openshift_logging_curator_cpu_limit: "{{ openshift_logging_curator_ops_cpu_limit }}"
     openshift_logging_curator_memory_limit: "{{ openshift_logging_curator_ops_memory_limit }}"
+    openshift_logging_curator_cpu_request: "{{ openshift_logging_curator_ops_cpu_request }}"
     openshift_logging_curator_nodeselector: "{{ openshift_logging_curator_ops_nodeselector }}"
   when:
   - openshift_logging_use_ops | bool

roles/openshift_logging/README.md

@@ -44,23 +44,23 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin
 - `openshift_logging_curator_run_timezone`: The timezone that Curator uses for figuring out its run time. Defaults to 'UTC'.
 - `openshift_logging_curator_script_log_level`: The script log level for Curator. Defaults to 'INFO'.
 - `openshift_logging_curator_log_level`: The log level for the Curator process. Defaults to 'ERROR'.
-- `openshift_logging_curator_cpu_limit`: The amount of CPU to allocate to Curator. Default is '100m'.
+- `openshift_logging_curator_cpu_request`: The minimum amount of CPU to allocate to Curator. Default is '100m'.
 - `openshift_logging_curator_memory_limit`: The amount of memory to allocate to Curator. Unset if not specified.
 - `openshift_logging_curator_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the curator pod will land.
 - `openshift_logging_image_pull_secret`: The name of an existing pull secret to link to the logging service accounts
 
 - `openshift_logging_kibana_hostname`: The Kibana hostname. Defaults to 'kibana.example.com'.
-- `openshift_logging_kibana_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified.
+- `openshift_logging_kibana_cpu_request`: The minimum amount of CPU to allocate to Kibana or unset if not specified.
 - `openshift_logging_kibana_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified.
 - `openshift_logging_kibana_proxy_debug`: When "True", set the Kibana Proxy log level to DEBUG. Defaults to 'false'.
-- `openshift_logging_kibana_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified.
+- `openshift_logging_kibana_proxy_cpu_request`: The minimum amount of CPU to allocate to Kibana proxy or unset if not specified.
 - `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified.
 - `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1.
 - `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
 - `openshift_logging_kibana_edge_term_policy`: Insecure Edge Termination Policy. Defaults to Redirect.
 
 - `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'.
-- `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'.
+- `openshift_logging_fluentd_cpu_request`: The minimum amount of CPU to allocate for Fluentd collector pods. Defaults to '100m'.
 - `openshift_logging_fluentd_memory_limit`: The memory limit for Fluentd pods. Defaults to '512Mi'.
 - `openshift_logging_fluentd_use_journal`: *DEPRECATED - DO NOT USE* Fluentd will automatically detect whether or not Docker is using the journald log driver.
 - `openshift_logging_fluentd_journal_read_from_head`: If empty, Fluentd will use its internal default, which is false.
@@ -80,7 +80,7 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin
 - `openshift_logging_es_client_key`: The location of the client key Fluentd uses for openshift_logging_es_host. Defaults to '/etc/fluent/keys/key'.
 
 - `openshift_logging_es_cluster_size`: The number of ES cluster members. Defaults to '1'.
-- `openshift_logging_es_cpu_limit`:  The amount of CPU limit for the ES cluster.  Unused if not set
+- `openshift_logging_es_cpu_request`: The minimum amount of CPU to allocate for an ES pod cluster member. Defaults to 1 CPU.
 - `openshift_logging_es_memory_limit`: The amount of RAM that should be assigned to ES. Defaults to '8Gi'.
 - `openshift_logging_es_log_appenders`: The list of rootLogger appenders for ES logs which can be: 'file', 'console'. Defaults to 'file'.
 - `openshift_logging_es_pv_selector`: A key/value map added to a PVC in order to select specific PVs.  Defaults to 'None'.
@@ -107,7 +107,7 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta
 - `openshift_logging_es_ops_client_cert`: /etc/fluent/keys/cert
 - `openshift_logging_es_ops_client_key`: /etc/fluent/keys/key
 - `openshift_logging_es_ops_cluster_size`: 1
-- `openshift_logging_es_ops_cpu_limit`:  The amount of CPU limit for the ES cluster.  Unused if not set
+- `openshift_logging_es_ops_cpu_request`: The minimum amount of CPU to allocate for an ES ops pod cluster member. Defaults to 1 CPU.
 - `openshift_logging_es_ops_memory_limit`: 8Gi
 - `openshift_logging_es_ops_pvc_dynamic`: False
 - `openshift_logging_es_ops_pvc_size`: ""
@@ -115,9 +115,9 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta
 - `openshift_logging_es_ops_recover_after_time`: 5m
 - `openshift_logging_es_ops_storage_group`: 65534
 - `openshift_logging_kibana_ops_hostname`: The Operations Kibana hostname. Defaults to 'kibana-ops.example.com'.
-- `openshift_logging_kibana_ops_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified.
+- `openshift_logging_kibana_ops_cpu_request`: The minimum amount of CPU to allocate to Kibana or unset if not specified.
 - `openshift_logging_kibana_ops_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified.
-- `openshift_logging_kibana_ops_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified.
+- `openshift_logging_kibana_ops_proxy_cpu_request`: The minimum amount of CPU to allocate to Kibana proxy or unset if not specified.
 - `openshift_logging_kibana_ops_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified.
 - `openshift_logging_kibana_ops_replica_count`: The number of replicas Kibana ops should be scaled up to. Defaults to 1.
 
@@ -176,7 +176,7 @@ Elasticsearch OPS too, if using an OPS cluster:
   clients will use to connect to mux, and will be used in the TLS server cert
   subject.
 - `openshift_logging_mux_port`: 24284
-- `openshift_logging_mux_cpu_limit`: 100m
+- `openshift_logging_mux_cpu_request`: 100m
 - `openshift_logging_mux_memory_limit`: 512Mi
 - `openshift_logging_mux_default_namespaces`: Default `["mux-undefined"]` - the
  first value in the list is the namespace to use for undefined projects,

roles/openshift_logging/defaults/main.yml

@@ -18,20 +18,24 @@ openshift_logging_curator_run_minute: 0
 openshift_logging_curator_run_timezone: UTC
 openshift_logging_curator_script_log_level: INFO
 openshift_logging_curator_log_level: ERROR
-openshift_logging_curator_cpu_limit: 100m
-openshift_logging_curator_memory_limit: null
+openshift_logging_curator_cpu_limit: null
+openshift_logging_curator_memory_limit: 256Mi
+openshift_logging_curator_cpu_request: 100m
 openshift_logging_curator_nodeselector: {}
 
-openshift_logging_curator_ops_cpu_limit: 100m
-openshift_logging_curator_ops_memory_limit: null
+openshift_logging_curator_ops_cpu_limit: null
+openshift_logging_curator_ops_memory_limit: 256Mi
+openshift_logging_curator_ops_cpu_request: 100m
 openshift_logging_curator_ops_nodeselector: {}
 
 openshift_logging_kibana_hostname: "{{ 'kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
 openshift_logging_kibana_cpu_limit: null
 openshift_logging_kibana_memory_limit: 736Mi
+openshift_logging_kibana_cpu_request: 100m
 openshift_logging_kibana_proxy_debug: false
 openshift_logging_kibana_proxy_cpu_limit: null
 openshift_logging_kibana_proxy_memory_limit: 256Mi
+openshift_logging_kibana_proxy_cpu_request: 100m
 openshift_logging_kibana_replica_count: 1
 openshift_logging_kibana_edge_term_policy: Redirect
 
@@ -53,9 +57,11 @@ openshift_logging_kibana_ca: ""
 openshift_logging_kibana_ops_hostname: "{{ 'kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
 openshift_logging_kibana_ops_cpu_limit: null
 openshift_logging_kibana_ops_memory_limit: 736Mi
+openshift_logging_kibana_ops_cpu_request: 100m
 openshift_logging_kibana_ops_proxy_debug: false
 openshift_logging_kibana_ops_proxy_cpu_limit: null
 openshift_logging_kibana_ops_proxy_memory_limit: 256Mi
+openshift_logging_kibana_ops_proxy_cpu_request: 100m
 openshift_logging_kibana_ops_replica_count: 1
 
 #The absolute path on the control node to the cert file to use
@@ -71,13 +77,14 @@ openshift_logging_kibana_ops_key: ""
 openshift_logging_kibana_ops_ca: ""
 
 openshift_logging_fluentd_nodeselector: {'logging-infra-fluentd': 'true'}
-openshift_logging_fluentd_cpu_limit: 100m
+openshift_logging_fluentd_cpu_limit: null
 openshift_logging_fluentd_memory_limit: 512Mi
+openshift_logging_fluentd_cpu_request: 100m
 openshift_logging_fluentd_journal_source: ""
 openshift_logging_fluentd_journal_read_from_head: ""
 openshift_logging_fluentd_hosts: ['--all']
-openshift_logging_fluentd_buffer_queue_limit: 1024
-openshift_logging_fluentd_buffer_size_limit: 1m
+openshift_logging_fluentd_buffer_queue_limit: 32
+openshift_logging_fluentd_buffer_size_limit: 8m
 
 openshift_logging_es_host: logging-es
 openshift_logging_es_port: 9200
@@ -85,7 +92,8 @@ openshift_logging_es_ca: /etc/fluent/keys/ca
 openshift_logging_es_client_cert: /etc/fluent/keys/cert
 openshift_logging_es_client_key: /etc/fluent/keys/key
 openshift_logging_es_cluster_size: 1
-openshift_logging_es_cpu_limit: 1000m
+openshift_logging_es_cpu_limit: null
+openshift_logging_es_cpu_request: "1"
 # the logging appenders for the root loggers to write ES logs. Valid values: 'file', 'console'
 openshift_logging_es_log_appenders: ['file']
 openshift_logging_es_memory_limit: "8Gi"
@@ -126,8 +134,9 @@ openshift_logging_es_ops_ca: /etc/fluent/keys/ca
 openshift_logging_es_ops_client_cert: /etc/fluent/keys/cert
 openshift_logging_es_ops_client_key: /etc/fluent/keys/key
 openshift_logging_es_ops_cluster_size: "{{ openshift_logging_elasticsearch_ops_cluster_size | default(1) }}"
-openshift_logging_es_ops_cpu_limit: 1000m
-openshift_logging_es_ops_memory_limit: "8Gi"
+openshift_logging_es_ops_cpu_limit: null
+openshift_logging_es_ops_memory_limit: 8Gi
+openshift_logging_es_ops_cpu_request: "1"
 openshift_logging_es_ops_pv_selector: "{{ openshift_loggingops_storage_labels | default('') }}"
 openshift_logging_es_ops_pvc_dynamic: "{{ openshift_logging_elasticsearch_ops_pvc_dynamic | default(False) }}"
 openshift_logging_es_ops_pvc_size: "{{ openshift_logging_elasticsearch_ops_pvc_size | default('') }}"
@@ -160,8 +169,9 @@ openshift_logging_mux_allow_external: False
 openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}"
 openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
 openshift_logging_mux_port: 24284
-openshift_logging_mux_cpu_limit: 500m
-openshift_logging_mux_memory_limit: 1Gi
+openshift_logging_mux_cpu_limit: null
+openshift_logging_mux_memory_limit: 512Mi
+openshift_logging_mux_cpu_request: 100m
 # the namespace to use for undefined projects should come first, followed by any
 # additional namespaces to create by default - users will typically not need to set this
 openshift_logging_mux_default_namespaces: ["mux-undefined"]

roles/openshift_logging/tasks/install_logging.yaml

@@ -133,6 +133,7 @@
     openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}"
     openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}"
     openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}"
+    openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}"
     openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector if item.0.nodeSelector | default(None) is none else item.0.nodeSelector }}"
     openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_ops_storage_group] if item.0.storageGroups | default([]) | length == 0 else item.0.storageGroups }}"
     openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}"
@@ -167,6 +168,7 @@
     openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}"
     openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}"
     openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}"
+    openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}"
     openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector }}"
     openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}"
     openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}"
@@ -207,11 +209,13 @@
     openshift_logging_kibana_es_port: "{{ openshift_logging_es_ops_port }}"
     openshift_logging_kibana_nodeselector: "{{ openshift_logging_kibana_ops_nodeselector }}"
     openshift_logging_kibana_cpu_limit: "{{ openshift_logging_kibana_ops_cpu_limit }}"
+    openshift_logging_kibana_cpu_request: "{{ openshift_logging_kibana_ops_cpu_request }}"
     openshift_logging_kibana_memory_limit: "{{ openshift_logging_kibana_ops_memory_limit }}"
     openshift_logging_kibana_hostname: "{{ openshift_logging_kibana_ops_hostname }}"
     openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_ops_replica_count }}"
     openshift_logging_kibana_proxy_debug: "{{ openshift_logging_kibana_ops_proxy_debug }}"
     openshift_logging_kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_ops_proxy_cpu_limit }}"
+    openshift_logging_kibana_proxy_cpu_request: "{{ openshift_logging_kibana_ops_proxy_cpu_request }}"
     openshift_logging_kibana_proxy_memory_limit: "{{ openshift_logging_kibana_ops_proxy_memory_limit }}"
     openshift_logging_kibana_cert: "{{ openshift_logging_kibana_ops_cert }}"
     openshift_logging_kibana_key: "{{ openshift_logging_kibana_ops_key }}"
@@ -243,6 +247,7 @@
     openshift_logging_curator_master_url: "{{ openshift_logging_master_url }}"
     openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}"
     openshift_logging_curator_cpu_limit: "{{ openshift_logging_curator_ops_cpu_limit }}"
+    openshift_logging_curator_cpu_request: "{{ openshift_logging_curator_ops_cpu_request }}"
     openshift_logging_curator_memory_limit: "{{ openshift_logging_curator_ops_memory_limit }}"
     openshift_logging_curator_nodeselector: "{{ openshift_logging_curator_ops_nodeselector }}"
   when:

roles/openshift_logging_curator/defaults/main.yml

@@ -9,8 +9,9 @@ openshift_logging_curator_namespace: logging
 
 ### Common settings
 openshift_logging_curator_nodeselector: ""
-openshift_logging_curator_cpu_limit: 100m
-openshift_logging_curator_memory_limit: null
+openshift_logging_curator_cpu_limit: null
+openshift_logging_curator_cpu_request: 100m
+openshift_logging_curator_memory_limit: 256Mi
 
 openshift_logging_curator_es_host: "logging-es"
 openshift_logging_curator_es_port: 9200

roles/openshift_logging_curator/tasks/main.yaml

@@ -90,6 +90,7 @@
     es_host: "{{ openshift_logging_curator_es_host }}"
     es_port: "{{ openshift_logging_curator_es_port }}"
     curator_cpu_limit: "{{ openshift_logging_curator_cpu_limit }}"
+    curator_cpu_request: "{{ openshift_logging_curator_cpu_request }}"
     curator_memory_limit: "{{ openshift_logging_curator_memory_limit }}"
     curator_replicas: "{{ openshift_logging_curator_replicas | default (1) }}"
     curator_node_selector: "{{openshift_logging_curator_nodeselector | default({})}}"

roles/openshift_logging_curator/templates/curator.j2

@@ -39,13 +39,26 @@ spec:
           name: "curator"
           image: {{image}}
           imagePullPolicy: Always
+{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %}
           resources:
+{%   if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") %}
             limits:
+{%     if curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "" %}
               cpu: "{{curator_cpu_limit}}"
-{% if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %}
+{%     endif %}
+{%     if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %}
               memory: "{{curator_memory_limit}}"
+{%     endif %}
+{%   endif %}
+{%   if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %}
             requests:
+{%     if curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "" %}
+              cpu: "{{curator_cpu_request}}"
+{%     endif %}
+{%     if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %}
               memory: "{{curator_memory_limit}}"
+{%     endif %}
+{%   endif %}
 {% endif %}
           env:
             -

roles/openshift_logging_elasticsearch/defaults/main.yml

@@ -6,7 +6,8 @@ openshift_logging_elasticsearch_image_pull_secret: "{{ openshift_hosted_logging_
 openshift_logging_elasticsearch_namespace: logging
 
 openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector | default('') }}"
-openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_cpu_limit | default('1000m') }}"
+openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_cpu_limit | default('') }}"
+openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_cpu_request | default('1000m') }}"
 openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_memory_limit | default('1Gi') }}"
 openshift_logging_elasticsearch_recover_after_time: "{{ openshift_logging_es_recover_after_time | default('5m') }}"
 
@@ -40,7 +41,7 @@ openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_
 # config the es plugin to write kibana index based on the index mode
 openshift_logging_elasticsearch_kibana_index_mode: 'unique'
 
-openshift_logging_elasticsearch_proxy_cpu_limit: "100m"
+openshift_logging_elasticsearch_proxy_cpu_request: "100m"
 openshift_logging_elasticsearch_proxy_memory_limit: "64Mi"
 openshift_logging_elasticsearch_prometheus_sa: "system:serviceaccount:{{openshift_prometheus_namespace | default('prometheus')}}:prometheus"
 

roles/openshift_logging_elasticsearch/tasks/main.yaml

@@ -349,7 +349,8 @@
     deploy_name: "{{ es_deploy_name }}"
     image: "{{ openshift_logging_elasticsearch_image_prefix }}logging-elasticsearch:{{ openshift_logging_elasticsearch_image_version }}"
     proxy_image: "{{ openshift_logging_elasticsearch_proxy_image_prefix }}oauth-proxy:{{ openshift_logging_elasticsearch_proxy_image_version }}"
-    es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit }}"
+    es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit | default('') }}"
+    es_cpu_request: "{{ openshift_logging_elasticsearch_cpu_request }}"
     es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}"
     es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}"
     es_storage_groups: "{{ openshift_logging_elasticsearch_storage_group | default([]) }}"

roles/openshift_logging_elasticsearch/templates/es.j2

@@ -69,9 +69,9 @@ spec:
             readOnly: true
           resources:
             limits:
-              cpu: "{{openshift_logging_elasticsearch_proxy_cpu_limit }}"
               memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
             requests:
+              cpu: "{{openshift_logging_elasticsearch_proxy_cpu_request }}"
               memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
         -
           name: "elasticsearch"
@@ -79,11 +79,12 @@ spec:
           imagePullPolicy: Always
           resources:
             limits:
-              memory: "{{es_memory_limit}}"
-{% if es_cpu_limit is defined and es_cpu_limit is not none %}
+{% if es_cpu_limit is defined and es_cpu_limit is not none and es_cpu_limit != '' %}
               cpu: "{{es_cpu_limit}}"
 {% endif %}
+              memory: "{{es_memory_limit}}"
             requests:
+              cpu: "{{es_cpu_request}}"
               memory: "{{es_memory_limit}}"
 {% if es_container_security_context %}
           securityContext: {{ es_container_security_context | to_yaml }}

roles/openshift_logging_eventrouter/README.md

@@ -3,9 +3,9 @@ Event router
 
 A pod forwarding kubernetes events to EFK aggregated logging stack.
 
-- **eventrouter** is deployed to logging project, has a service account and its own role to read events
+- **eventrouter** is deployed to default project, has a service account and its own role to read events
 - **eventrouter** watches kubernetes events, marshalls them to JSON and outputs to its sink, currently only various formatting to STDOUT
-- **fluentd** picks them up and inserts to elasticsearch *.operations* index
+- **fluentd** ingests as logs from **eventrouter** container (as it would any other container), and writes them to the appropriate index for the **eventrouter**'s namespace (in the 'default' namespace, the *.operations* index is used)
 
 - `openshift_logging_install_eventrouter`: When 'True', eventrouter will be installed. When 'False', eventrouter will be uninstalled.
 
@@ -15,6 +15,6 @@ Configuration variables:
 - `openshift_logging_eventrouter_image_version`: The image version for the logging eventrouter. Defaults to 'latest'.
 - `openshift_logging_eventrouter_sink`: Select a sink for eventrouter, supported 'stdout' and 'glog'. Defaults to 'stdout'.
 - `openshift_logging_eventrouter_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
-- `openshift_logging_eventrouter_cpu_limit`: The amount of CPU to allocate to eventrouter. Defaults to '100m'.
+- `openshift_logging_eventrouter_cpu_request`: The minimum amount of CPU to allocate to eventrouter. Defaults to '100m'.
 - `openshift_logging_eventrouter_memory_limit`: The memory limit for eventrouter pods. Defaults to '128Mi'.
 - `openshift_logging_eventrouter_namespace`: The namespace where eventrouter is deployed. Defaults to 'default'.

roles/openshift_logging_eventrouter/defaults/main.yaml

@@ -4,6 +4,7 @@ openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version
 openshift_logging_eventrouter_replicas: 1
 openshift_logging_eventrouter_sink: stdout
 openshift_logging_eventrouter_nodeselector: ""
-openshift_logging_eventrouter_cpu_limit: 100m
+openshift_logging_eventrouter_cpu_limit: null
+openshift_logging_eventrouter_cpu_request: 100m
 openshift_logging_eventrouter_memory_limit: 128Mi
 openshift_logging_eventrouter_namespace: default

roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml

@@ -45,7 +45,7 @@
     params:
       IMAGE: "{{openshift_logging_eventrouter_image_prefix}}logging-eventrouter:{{openshift_logging_eventrouter_image_version}}"
       REPLICAS: "{{ openshift_logging_eventrouter_replicas }}"
-      CPU: "{{ openshift_logging_eventrouter_cpu_limit }}"
+      CPU: "{{ openshift_logging_eventrouter_cpu_request }}"
       MEMORY: "{{ openshift_logging_eventrouter_memory_limit }}"
       NAMESPACE: "{{ openshift_logging_eventrouter_namespace }}"
       SINK: "{{ openshift_logging_eventrouter_sink }}"

roles/openshift_logging_eventrouter/templates/eventrouter-template.j2

@@ -25,7 +25,7 @@ objects:
     metadata:
       name: logging-eventrouter
     data:
-      config.json: |- 
+      config.json: |-
         {
           "sink": "${SINK}"
         }
@@ -65,9 +65,9 @@ objects:
               imagePullPolicy: Always
               resources:
                 limits:
-                  memory: ${MEMORY} 
-                  cpu: ${CPU}
+                  memory: ${MEMORY}
                 requires:
+                  cpu: ${CPU}
                   memory: ${MEMORY}
               volumeMounts:
               - name: config-volume

roles/openshift_logging_fluentd/defaults/main.yml

@@ -8,7 +8,8 @@ openshift_logging_fluentd_namespace: logging
 
 ### Common settings
 openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}"
-openshift_logging_fluentd_cpu_limit: 100m
+openshift_logging_fluentd_cpu_limit: null
+openshift_logging_fluentd_cpu_request: 100m
 openshift_logging_fluentd_memory_limit: 512Mi
 openshift_logging_fluentd_hosts: ['--all']
 
@@ -55,7 +56,7 @@ openshift_logging_fluentd_aggregating_passphrase: none
 #fluentd_throttle_contents:
 #fluentd_secureforward_contents:
 
-openshift_logging_fluentd_file_buffer_limit: 1Gi
+openshift_logging_fluentd_file_buffer_limit: 256Mi
 
 # Configure fluentd to tail audit log file and filter out container engine's logs from there
 # These logs are then stored in ES operation index

roles/openshift_logging_fluentd/tasks/main.yaml

@@ -172,6 +172,9 @@
     ops_port: "{{ openshift_logging_fluentd_ops_port }}"
     fluentd_nodeselector_key: "{{ openshift_logging_fluentd_nodeselector.keys()[0] }}"
     fluentd_nodeselector_value: "{{ openshift_logging_fluentd_nodeselector.values()[0] }}"
+    fluentd_cpu_limit: "{{ openshift_logging_fluentd_cpu_limit }}"
+    fluentd_cpu_request: "{{ openshift_logging_fluentd_cpu_request }}"
+    fluentd_memory_limit: "{{ openshift_logging_fluentd_memory_limit }}"
     audit_container_engine: "{{ openshift_logging_fluentd_audit_container_engine | default(False) | bool }}"
     audit_log_file: "{{ openshift_logging_fluentd_audit_file | default() }}"
     audit_pos_log_file: "{{ openshift_logging_fluentd_audit_pos_file | default() }}"

roles/openshift_logging_fluentd/templates/fluentd.j2

@@ -32,12 +32,27 @@ spec:
         imagePullPolicy: Always
         securityContext:
           privileged: true
+{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %}
         resources:
+{%   if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) %}
           limits:
-            cpu: {{ openshift_logging_fluentd_cpu_limit }}
-            memory: {{ openshift_logging_fluentd_memory_limit }}
+{%     if fluentd_cpu_limit is not none %}
+            cpu: "{{fluentd_cpu_limit}}"
+{%     endif %}
+{%     if fluentd_memory_limit is not none %}
+            memory: "{{fluentd_memory_limit}}"
+{%     endif %}
+{%   endif %}
+{%   if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %}
           requests:
-            memory: {{ openshift_logging_fluentd_memory_limit }}
+{%     if fluentd_cpu_request is not none %}
+            cpu: "{{fluentd_cpu_request}}"
+{%     endif %}
+{%     if fluentd_memory_limit is not none %}
+            memory: "{{fluentd_memory_limit}}"
+{%     endif %}
+{%   endif %}
+{% endif %}
         volumeMounts:
         - name: runlogjournal
           mountPath: /run/log/journal
@@ -115,7 +130,7 @@ spec:
               containerName: "{{ daemonset_container_name }}"
               resource: limits.memory
         - name: "FILE_BUFFER_LIMIT"
-          value: "{{ openshift_logging_fluentd_file_buffer_limit | default('1Gi') }}"
+          value: "{{ openshift_logging_fluentd_file_buffer_limit | default('256i') }}"
 {% if openshift_logging_mux_client_mode is defined and
      ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or
       (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %}

roles/openshift_logging_kibana/defaults/main.yml

@@ -9,6 +9,7 @@ openshift_logging_kibana_namespace: logging
 
 openshift_logging_kibana_nodeselector: ""
 openshift_logging_kibana_cpu_limit: null
+openshift_logging_kibana_cpu_request: 100m
 openshift_logging_kibana_memory_limit: 736Mi
 
 openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
@@ -28,6 +29,7 @@ openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix
 openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default('latest') }}"
 openshift_logging_kibana_proxy_debug: false
 openshift_logging_kibana_proxy_cpu_limit: null
+openshift_logging_kibana_proxy_cpu_request: 100m
 openshift_logging_kibana_proxy_memory_limit: 256Mi
 
 #The absolute path on the control node to the cert file to use

roles/openshift_logging_kibana/tasks/main.yaml

@@ -230,8 +230,10 @@
     es_host: "{{ openshift_logging_kibana_es_host }}"
     es_port: "{{ openshift_logging_kibana_es_port }}"
     kibana_cpu_limit: "{{ openshift_logging_kibana_cpu_limit }}"
+    kibana_cpu_request: "{{ openshift_logging_kibana_cpu_request }}"
     kibana_memory_limit: "{{ openshift_logging_kibana_memory_limit }}"
     kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_proxy_cpu_limit }}"
+    kibana_proxy_cpu_request: "{{ openshift_logging_kibana_proxy_cpu_request }}"
     kibana_proxy_memory_limit: "{{ openshift_logging_kibana_proxy_memory_limit }}"
     kibana_replicas: "{{ openshift_logging_kibana_replicas | default (1) }}"
     kibana_node_selector: "{{ openshift_logging_kibana_nodeselector | default({}) }}"

roles/openshift_logging_kibana/templates/kibana.j2

@@ -38,17 +38,26 @@ spec:
           name: "kibana"
           image: {{ image }}
           imagePullPolicy: Always
-{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %}
+{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %}
           resources:
+{%   if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %}
             limits:
-{% if kibana_cpu_limit is not none and kibana_cpu_limit != "" %}
+{%     if kibana_cpu_limit is not none and kibana_cpu_limit != "" %}
               cpu: "{{ kibana_cpu_limit }}"
-{% endif %}
-{% if kibana_memory_limit is not none and kibana_memory_limit != "" %}
+{%     endif %}
+{%     if kibana_memory_limit is not none and kibana_memory_limit != "" %}
               memory: "{{ kibana_memory_limit }}"
+{%     endif %}
+{%   endif %}
+{%   if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %}
             requests:
+{%     if kibana_cpu_request is not none and kibana_cpu_request != "" %}
+              cpu: "{{ kibana_cpu_request }}"
+{%     endif %}
+{%     if kibana_memory_limit is not none and kibana_memory_limit != "" %}
               memory: "{{ kibana_memory_limit }}"
-{% endif %}
+{%     endif %}
+{%   endif %}
 {% endif %}
           env:
             - name: "ES_HOST"
@@ -76,17 +85,26 @@ spec:
           name: "kibana-proxy"
           image: {{ proxy_image }}
           imagePullPolicy: Always
-{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %}
+{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %}
           resources:
+{%   if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %}
             limits:
-{% if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %}
+{%     if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %}
               cpu: "{{ kibana_proxy_cpu_limit }}"
-{% endif %}
-{% if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %}
+{%     endif %}
+{%     if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %}
               memory: "{{ kibana_proxy_memory_limit }}"
+{%     endif %}
+{%   endif %}
+{%   if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %}
             requests:
+{%     if kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "" %}
+              cpu: "{{ kibana_proxy_cpu_request }}"
+{%     endif %}
+{%     if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %}
               memory: "{{ kibana_proxy_memory_limit }}"
-{% endif %}
+{%     endif %}
+{%   endif %}
 {% endif %}
           ports:
             -

roles/openshift_logging_mux/defaults/main.yml

@@ -9,10 +9,11 @@ openshift_logging_mux_namespace: logging
 
 ### Common settings
 openshift_logging_mux_nodeselector: "{{ openshift_hosted_logging_mux_nodeselector_label | default('') | map_from_pairs }}"
-openshift_logging_mux_cpu_limit: 500m
-openshift_logging_mux_memory_limit: 2Gi
-openshift_logging_mux_buffer_queue_limit: 1024
-openshift_logging_mux_buffer_size_limit: 1m
+openshift_logging_mux_cpu_limit: null
+openshift_logging_mux_cpu_request: 100m
+openshift_logging_mux_memory_limit: 512Mi
+openshift_logging_mux_buffer_queue_limit: 32
+openshift_logging_mux_buffer_size_limit: 8m
 
 openshift_logging_mux_replicas: 1
 
@@ -57,11 +58,11 @@ openshift_logging_mux_file_buffer_storage_type: "emptydir"
 openshift_logging_mux_file_buffer_pvc_name: "logging-mux-pvc"
 
 # required if the PVC does not already exist
-openshift_logging_mux_file_buffer_pvc_size: 4Gi
+openshift_logging_mux_file_buffer_pvc_size: 1Gi
 openshift_logging_mux_file_buffer_pvc_dynamic: false
 openshift_logging_mux_file_buffer_pvc_pv_selector: {}
 openshift_logging_mux_file_buffer_pvc_access_modes: ['ReadWriteOnce']
 openshift_logging_mux_file_buffer_storage_group: '65534'
 
 openshift_logging_mux_file_buffer_pvc_prefix: "logging-mux"
-openshift_logging_mux_file_buffer_limit: 2Gi
+openshift_logging_mux_file_buffer_limit: 256Mi

roles/openshift_logging_mux/tasks/main.yaml

@@ -171,6 +171,7 @@
     ops_host: "{{ openshift_logging_mux_ops_host }}"
     ops_port: "{{ openshift_logging_mux_ops_port }}"
     mux_cpu_limit: "{{ openshift_logging_mux_cpu_limit }}"
+    mux_cpu_request: "{{ openshift_logging_mux_cpu_request }}"
     mux_memory_limit: "{{ openshift_logging_mux_memory_limit }}"
     mux_replicas: "{{ openshift_logging_mux_replicas | default(1) }}"
     mux_node_selector: "{{ openshift_logging_mux_nodeselector | default({}) }}"

roles/openshift_logging_mux/templates/mux.j2

@@ -37,17 +37,26 @@ spec:
       - name: "mux"
         image: {{image}}
         imagePullPolicy: Always
-{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %}
+{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %}
         resources:
+{%   if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %}
           limits:
-{% if mux_cpu_limit is not none %}
+{%     if mux_cpu_limit is not none %}
             cpu: "{{mux_cpu_limit}}"
-{% endif %}
-{% if mux_memory_limit is not none %}
+{%     endif %}
+{%     if mux_memory_limit is not none %}
             memory: "{{mux_memory_limit}}"
+{%     endif %}
+{%   endif %}
+{%   if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %}
           requests:
+{%     if mux_cpu_request is not none %}
+            cpu: "{{mux_cpu_request}}"
+{%     endif %}
+{%     if mux_memory_limit is not none %}
             memory: "{{mux_memory_limit}}"
-{% endif %}
+{%     endif %}
+{%   endif %}
 {% endif %}
         ports:
         - containerPort: "{{ openshift_logging_mux_port }}"