From 739dc8dd0cab9b9c7bd4a22cd81f0b7b1ed5b9aa Mon Sep 17 00:00:00 2001 From: Ben Rich Date: Mon, 24 Nov 2025 11:52:33 -0500 Subject: [PATCH 1/5] gremlin-integrations chart wasn't respecting or using gremlin.resources --- gremlin-integrations/templates/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gremlin-integrations/templates/deployment.yaml b/gremlin-integrations/templates/deployment.yaml index 5175232..ac26bf4 100644 --- a/gremlin-integrations/templates/deployment.yaml +++ b/gremlin-integrations/templates/deployment.yaml @@ -32,6 +32,10 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + + resources: +{{- toYaml .Values.gremlin.resources | nindent 12 }} + env: - name: GREMLIN_TEAM_ID {{- /* If we aren't managing this secret and a teamID was supplied, assume teamID is not in the external secret */}} From 363006bb55557559fef31d0cca7e3b01b39eadbc Mon Sep 17 00:00:00 2001 From: Ben Rich Date: Mon, 24 Nov 2025 12:44:19 -0500 Subject: [PATCH 2/5] Add helm unit test for gremlin.resources, includes if empty as well --- .../tests/resources_test.yaml | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 gremlin-integrations/tests/resources_test.yaml diff --git a/gremlin-integrations/tests/resources_test.yaml b/gremlin-integrations/tests/resources_test.yaml new file mode 100644 index 0000000..440be02 --- /dev/null +++ b/gremlin-integrations/tests/resources_test.yaml @@ -0,0 +1,33 @@ +suite: "Gremlin Resources Tests" +templates: + - "templates/deployment.yaml" + +tests: + - it: "should render resources when gremlin.resources is set" + set: + gremlin.resources.limits.cpu: "200m" + gremlin.resources.limits.memory: "256Mi" + gremlin.resources.requests.cpu: "100m" + gremlin.resources.requests.memory: "128Mi" + asserts: + - equal: + path: "spec.template.spec.containers[0].resources.limits.cpu" + value: "200m" + - equal: + path: "spec.template.spec.containers[0].resources.limits.memory" + value: "256Mi" + - equal: + path: "spec.template.spec.containers[0].resources.requests.cpu" + value: "100m" + - equal: + path: "spec.template.spec.containers[0].resources.requests.memory" + value: "128Mi" + + - it: "should set resources to empty map when gremlin.resources is empty" + set: + gremlin.resources: {} + asserts: + - equal: + path: "spec.template.spec.containers[0].resources" + value: {} + From 3e794ae838430e27a9438d37eb105d8264f28be3 Mon Sep 17 00:00:00 2001 From: Phil Gebhardt Date: Mon, 24 Nov 2025 09:55:00 -0800 Subject: [PATCH 3/5] values.yaml: add placeholder --- gremlin-integrations/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/gremlin-integrations/values.yaml b/gremlin-integrations/values.yaml index c1ebd2c..9ce7463 100644 --- a/gremlin-integrations/values.yaml +++ b/gremlin-integrations/values.yaml @@ -30,7 +30,6 @@ podSecurityContext: { } securityContext: { } -resources: { } nodeSelector: { } tolerations: [ ] @@ -49,6 +48,13 @@ ssl: certDir: gremlin: + # gremlin.resources - + # Set resource requests and limits + # See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers + # + # NOTE: This resource specification affects the Gremlin agent which is used for host attacks. This resource + # Attacks targeting other Kubernetes pods will use the resource specification of their target. + resources: {} secret: # Gremlin supports both `certificate` and `secret` types # To manage secrets with helm, set `managed=true` and fill in either the certificate auth or secret auth sections From 157b19cf0632013e8ff357c3385cf24d81969cfb Mon Sep 17 00:00:00 2001 From: Phil Gebhardt Date: Mon, 24 Nov 2025 09:56:37 -0800 Subject: [PATCH 4/5] bump chart patch --- gremlin-integrations/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gremlin-integrations/Chart.yaml b/gremlin-integrations/Chart.yaml index fb904ff..a3b0dac 100644 --- a/gremlin-integrations/Chart.yaml +++ b/gremlin-integrations/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From d0c438f51bba670860917aac97216e1f270372cf Mon Sep 17 00:00:00 2001 From: Phil Gebhardt Date: Mon, 24 Nov 2025 09:57:35 -0800 Subject: [PATCH 5/5] rm newlines --- gremlin-integrations/templates/deployment.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/gremlin-integrations/templates/deployment.yaml b/gremlin-integrations/templates/deployment.yaml index ac26bf4..79e2492 100644 --- a/gremlin-integrations/templates/deployment.yaml +++ b/gremlin-integrations/templates/deployment.yaml @@ -32,10 +32,8 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: {{- toYaml .Values.gremlin.resources | nindent 12 }} - env: - name: GREMLIN_TEAM_ID {{- /* If we aren't managing this secret and a teamID was supplied, assume teamID is not in the external secret */}}