Gateway API reduce default resource requests and allow override#25
Merged
Merged
Conversation
…e requests
Upstream Envoy Gateway ships with 100m/256Mi controller and
100m/512Mi data-plane proxy requests, which oversubscribe a
2GB-RAM appliance node and hurt single-user dev clusters
that never push the proxy past idle.
Two new config knobs under gateway.resources.{controller,proxy}:
each takes a Kubernetes-style CPU + Memory request string.
applyGatewayDefaults fills 10m/64Mi controller and 10m/128Mi
proxy when EG is enabled, so a fresh provision shrinks the
bundle without any operator action. Skip:true leaves
Resources zero so a rendered config still distinguishes
"operator opted out" from "defaults applied".
Mechanism per pod:
- Controller: a partial Deployment manifest (apps/v1,
name=envoy-gateway in envoy-gateway-system, container
name=envoy-gateway with resources.requests) applied via
server-side apply with field-manager=y-cluster. SSA owns
only requests; upstream limits (currently 1Gi memory,
no CPU cap), image, env, replicas stay with their
original owners.
- Proxy: an EnvoyProxy CR (gateway.envoyproxy.io/v1alpha1,
name=y-cluster in envoy-gateway-system) carrying
spec.provider.kubernetes.envoyDeployment.container.
resources.requests. The default GatewayClass gains a
parametersRef pointing at it so every Gateway under that
class inherits the shape with no per-Gateway boilerplate.
Limits are not modelled in the config: y-cluster's stance is
that bursty idle workloads stay healthier under upstream's
existing limits than under tighter ones we'd have to guess.
Operators who need limits can apply their own EnvoyProxy CR
on top -- EG honours the latest reconciled spec.
Wire-through: docker, qemu, multipass providers all pass
cfg.Gateway.Resources.{Controller,Proxy} to envoygateway.Install.
Schema files regenerated.
Contributor
Author
|
This patch was flawed and CI is flawed too because it passed. Followup PR is in the works. |
solsson
pushed a commit
that referenced
this pull request
May 12, 2026
…ranches TestEnvoyGateway_InstallAgainstKwok was calling Install with the four resource-request fields left zero, which short-circuited both the kubectl-patch branch (controller) and the EnvoyProxy CR branch (proxy). That's how PR #25's "kubectl rejects the partial Deployment manifest" regression slipped past PR CI: the named test for the package didn't grow when the package's surface did. Now the test calls Install with non-zero ControllerCPURequest / ControllerMemRequest / ProxyCPURequest / ProxyMemRequest and asserts five new things: - controller container resources.requests.cpu / .memory landed (proves the kubectl-patch step ran AND merged against the right container) - EnvoyProxy CR exists with the proxy resource values - GatewayClass.spec.parametersRef.{kind, name} points at the EnvoyProxy kwok runs a real apiserver, so a future regression where the patch step generates an invalid Deployment or the EnvoyProxy CR isn't applied will surface here without needing a full docker/qemu e2e. Refs the kubectl-patch fix b8ec43d.
solsson
pushed a commit
to Yolean/ystack
that referenced
this pull request
May 12, 2026
Bumps host bin (bin/y-bin.runner.yaml) and the in-cluster y-kustomize Deployment image across four consecutive y-cluster releases: - v0.4.2: `images load` accepts remote refs (Yolean/y-cluster#22) - v0.4.3: fix `images load` for digest-only refs (Yolean/y-cluster#23) - v0.4.4: `images list --context=<ctx>` subcommand (Yolean/y-cluster#24) and tunable Gateway API resource requests (Yolean/y-cluster#25) - v0.4.5: re-fix digest-only image tagging and gateway resource requests (Yolean/y-cluster#26) Image digest verified via `crane digest ghcr.io/yolean/y-cluster:v0.4.5`. sha256 sums copied from v0.4.5's checksums.txt.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.