From f35ece83dcb13026dec5888e7485e893d53977f7 Mon Sep 17 00:00:00 2001 From: Alokzh Date: Sat, 5 Jul 2025 12:20:35 +0530 Subject: [PATCH] fix(): updated slice gateway OpenVPN containers with resources and security Signed-off-by: Alokzh --- controllers/slicegateway/slicegateway.go | 26 ++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/controllers/slicegateway/slicegateway.go b/controllers/slicegateway/slicegateway.go index cbe9a95f1..c05a2a42b 100644 --- a/controllers/slicegateway/slicegateway.go +++ b/controllers/slicegateway/slicegateway.go @@ -273,12 +273,25 @@ func (r *SliceGwReconciler) deploymentForGatewayServer(g *kubeslicev1beta1.Slice Add: []corev1.Capability{ "NET_ADMIN", }, + Drop: []corev1.Capability{ + "ALL", + }, }, }, VolumeMounts: []corev1.VolumeMount{{ Name: "shared-volume", MountPath: "/etc/openvpn", }}, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "memory": resource.MustParse("256Mi"), + "cpu": resource.MustParse("200m"), + }, + Requests: corev1.ResourceList{ + "memory": resource.MustParse("128Mi"), + "cpu": resource.MustParse("100m"), + }, + }, }}, Volumes: []corev1.Volume{ { @@ -558,12 +571,25 @@ func (r *SliceGwReconciler) deploymentForGatewayClient(g *kubeslicev1beta1.Slice Add: []corev1.Capability{ "NET_ADMIN", }, + Drop: []corev1.Capability{ + "ALL", + }, }, }, VolumeMounts: []corev1.VolumeMount{{ Name: "shared-volume", MountPath: "/vpnclient", }}, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + "memory": resource.MustParse("128Mi"), + "cpu": resource.MustParse("100m"), + }, + Requests: corev1.ResourceList{ + "memory": resource.MustParse("64Mi"), + "cpu": resource.MustParse("50m"), + }, + }, }}, Volumes: []corev1.Volume{{ Name: "shared-volume",