Add new tiny resource profile

Author: Moritz Clasmeier

internal/clusterdefaults/clusterdefaults.go

@@ -30,7 +30,7 @@ func ApplyClusterDefaults(
 		return nil, fmt.Errorf("deep-copying cluster defaults: %w", err)
 	}
 
-	if err := mergo.Merge(config, defaultsCopy, mergo.WithoutDereference); err != nil {
+	if err := mergo.Merge(config, defaultsCopy, mergo.WithoutDereference, mergo.WithAppendSlice); err != nil {
 		return nil, fmt.Errorf("merging-in cluster defaults: %w", err)
 	}
 

internal/deployer/constants.go

@@ -6,8 +6,20 @@ var (
 	centralCrName        = "stackrox-central-services"
 	securedClusterCrName = "stackrox-secured-cluster-services"
 
+	centralDbPVCSizeTiny  = "10Gi"
 	centralDbPVCSizeSmall = "30Gi"
 
+	centralResourcesTiny = map[string]interface{}{
+		"requests": map[string]string{
+			"memory": "300Mi",
+			"cpu":    "90m",
+		},
+		"limits": map[string]string{
+			"memory": "2Gi",
+			"cpu":    "1",
+		},
+	}
+
 	centralResourcesSmall = map[string]interface{}{
 		"requests": map[string]string{
 			"memory": "1Gi",
@@ -19,6 +31,17 @@ var (
 		},
 	}
 
+	centralDbResourcesTiny = map[string]interface{}{
+		"requests": map[string]string{
+			"memory": "400Mi",
+			"cpu":    "80m",
+		},
+		"limits": map[string]string{
+			"memory": "2Gi",
+			"cpu":    "1",
+		},
+	}
+
 	centralDbResourcesSmall = map[string]interface{}{
 		"requests": map[string]string{
 			"memory": "1Gi",
@@ -52,6 +75,17 @@ var (
 		},
 	}
 
+	centralScannerV4DbResourcesTiny = map[string]interface{}{
+		"requests": map[string]string{
+			"memory": "400Mi",
+			"cpu":    "80m",
+		},
+		"limits": map[string]string{
+			"memory": "2000Mi",
+			"cpu":    "1000m",
+		},
+	}
+
 	centralScannerV4DbResourcesSmall = map[string]interface{}{
 		"requests": map[string]string{
 			"memory": "512Mi",
@@ -63,6 +97,17 @@ var (
 		},
 	}
 
+	centralScannerV4IndexerResourcesTiny = map[string]interface{}{
+		"requests": map[string]string{
+			"memory": "300Mi",
+			"cpu":    "80m",
+		},
+		"limits": map[string]string{
+			"memory": "2Gi",
+			"cpu":    "2000m",
+		},
+	}
+
 	centralScannerV4IndexerResourcesSmall = map[string]interface{}{
 		"requests": map[string]string{
 			"memory": "512Mi",
@@ -74,6 +119,17 @@ var (
 		},
 	}
 
+	centralScannerV4MatcherResourcesTiny = map[string]interface{}{
+		"requests": map[string]string{
+			"memory": "300Mi",
+			"cpu":    "80m",
+		},
+		"limits": map[string]string{
+			"memory": "2Gi",
+			"cpu":    "1000m",
+		},
+	}
+
 	centralScannerV4MatcherResourcesSmall = map[string]interface{}{
 		"requests": map[string]string{
 			"memory": "512Mi",
@@ -87,6 +143,17 @@ var (
 
 	// Secured Cluster
 
+	securedClusterSensorResourcesTiny = map[string]interface{}{
+		"requests": map[string]string{
+			"memory": "300Mi",
+			"cpu":    "80m",
+		},
+		"limits": map[string]string{
+			"memory": "2Gi",
+			"cpu":    "1000m",
+		},
+	}
+
 	securedClusterSensorResourcesSmall = map[string]interface{}{
 		"requests": map[string]string{
 			"memory": "500Mi",

internal/deployer/deploy_via_operator.go

@@ -259,6 +259,38 @@ func (d *Deployer) createAdminPasswordSecret(ctx context.Context) error {
 
 func getCentralResourcesOperator(resourcesProfile types.ResourceProfile) map[string]interface{} {
 	switch resourcesProfile {
+	case types.ResourceProfileTiny:
+		return map[string]interface{}{
+			"spec": map[string]interface{}{
+				"central": map[string]interface{}{
+					"resources": centralResourcesTiny,
+					"db": map[string]interface{}{
+						"resources": centralDbResourcesTiny,
+						"persistence": map[string]interface{}{
+							"persistentVolumeClaim": map[string]interface{}{
+								"size": centralDbPVCSizeTiny,
+							},
+						},
+					},
+				},
+				"scanner": map[string]interface{}{
+					"scannerComponent": "Disabled",
+				},
+				"scannerV4": map[string]interface{}{
+					"db": map[string]interface{}{
+						"resources": centralScannerV4DbResourcesTiny,
+					},
+					"indexer": map[string]interface{}{
+						"resources": centralScannerV4IndexerResourcesTiny,
+						"scaling":   noScaling,
+					},
+					"matcher": map[string]interface{}{
+						"resources": centralScannerV4MatcherResourcesTiny,
+						"scaling":   noScaling,
+					},
+				},
+			},
+		}
 	case types.ResourceProfileSmall:
 		return map[string]interface{}{
 			"spec": map[string]interface{}{
@@ -705,9 +737,44 @@ func (d *Deployer) deploySecuredClusterOperator(ctx context.Context) error {
 
 func getSecuredClusterResourcesOperator(resourceProfile types.ResourceProfile) map[string]interface{} {
 	switch resourceProfile {
+	case types.ResourceProfileTiny:
+		return map[string]interface{}{
+			"spec": map[string]interface{}{
+				"admissionControl": map[string]interface{}{
+					"replicas": 1,
+				},
+				"sensor": map[string]interface{}{
+					"resources": securedClusterSensorResourcesTiny,
+				},
+				"scanner": map[string]interface{}{
+					"scannerComponent": "Disabled",
+				},
+				"scannerV4": map[string]interface{}{
+					"scannerComponent": "Disabled",
+				},
+				// The "tiny" resource profile also patches the resources down for some containers, which do not
+				// have first-class configurability exposed in the CR.
+				"overlays": []map[string]interface{}{
+					{
+						"apiVersion": "apps/v1",
+						"kind":       "Deployment",
+						"name":       "sensor",
+						"patches": []map[string]interface{}{
+							{
+								"path":  "spec.template.spec.initContainers[name:crs].resources.requests",
+								"value": `{"cpu":"80m", "memory": "150m"}`,
+							},
+						},
+					},
+				},
+			},
+		}
 	case types.ResourceProfileSmall:
 		return map[string]interface{}{
 			"spec": map[string]interface{}{
+				"admissionControl": map[string]interface{}{
+					"replicas": 1,
+				},
 				"sensor": map[string]interface{}{
 					"resources": securedClusterSensorResourcesSmall,
 				},

internal/helpers/helpers.go

@@ -113,16 +113,16 @@ func deepCopySlice(s []interface{}) []interface{} {
 	return result
 }
 
-// deepMerge recursively merges overlay into base
+// DeepMerge recursively merges overlay into base.
 func DeepMerge(base, overlay map[string]interface{}) error {
 	for k, v := range overlay {
 		if IsNil(v) {
 			continue
 		}
 		if baseVal, ok := base[k]; ok {
-			// Both are maps - merge recursively
 			if baseMap, baseIsMap := baseVal.(map[string]interface{}); baseIsMap {
 				if overlayMap, overlayIsMap := v.(map[string]interface{}); overlayIsMap {
+					// Both are maps - merge recursively.
 					if err := DeepMerge(baseMap, overlayMap); err != nil {
 						return err
 					}
@@ -131,13 +131,41 @@ func DeepMerge(base, overlay map[string]interface{}) error {
 					return fmt.Errorf("incompatible types in maps to merge (map vs. %T)", v)
 				}
 			}
+			if _, ok := v.(map[string]interface{}); ok {
+				return fmt.Errorf("incompatible types for key %q: %T vs. map", k, baseVal)
+			}
+
+			if baseSlice, ok := toSlice(baseVal); ok {
+				if overlaySlice, ok := toSlice(v); ok {
+					base[k] = append(baseSlice, overlaySlice...)
+					continue
+				}
+				return fmt.Errorf("incompatible types for key %q: slice vs. %T", k, v)
+			}
+			if _, ok := toSlice(v); ok {
+				return fmt.Errorf("incompatible types for key %q: %T vs. slice", k, baseVal)
+			}
 		}
-		// Override with overlay value
+
 		base[k] = v
 	}
 	return nil
 }
 
+func toSlice(v interface{}) ([]interface{}, bool) {
+	if s, ok := v.([]interface{}); ok {
+		return s, true
+	}
+	if s, ok := v.([]map[string]interface{}); ok {
+		out := make([]interface{}, len(s))
+		for i, e := range s {
+			out[i] = e
+		}
+		return out, true
+	}
+	return nil, false
+}
+
 func MapToStruct(m map[string]interface{}, out interface{}) error {
 	bytes, err := yaml.Marshal(m)
 	if err != nil {

internal/helpers/helpers_test.go

@@ -147,6 +147,48 @@ func TestLoadYAMLFileInvalidYAML(t *testing.T) {
 	}
 }
 
+func TestDeepMergeAppendsSlices(t *testing.T) {
+	base := map[string]interface{}{
+		"spec": map[string]interface{}{
+			"imagePullSecrets": []interface{}{
+				map[string]interface{}{"name": "secret-a"},
+			},
+			"keep": "this",
+		},
+	}
+
+	overlay := map[string]interface{}{
+		"spec": map[string]interface{}{
+			"imagePullSecrets": []interface{}{
+				map[string]interface{}{"name": "secret-b"},
+			},
+		},
+	}
+
+	err := DeepMerge(base, overlay)
+	require.NoError(t, err)
+
+	spec := base["spec"].(map[string]interface{})
+	require.Equal(t, "this", spec["keep"])
+
+	secrets := spec["imagePullSecrets"].([]interface{})
+	require.Len(t, secrets, 2)
+	require.Equal(t, map[string]interface{}{"name": "secret-a"}, secrets[0])
+	require.Equal(t, map[string]interface{}{"name": "secret-b"}, secrets[1])
+}
+
+func TestDeepMergeSliceTypeMismatch(t *testing.T) {
+	base := map[string]interface{}{
+		"items": []interface{}{"a"},
+	}
+	overlay := map[string]interface{}{
+		"items": "not-a-slice",
+	}
+
+	err := DeepMerge(base, overlay)
+	require.ErrorContains(t, err, "incompatible types")
+}
+
 func TestDeepCopy(t *testing.T) {
 	original := map[string]interface{}{
 		"a": "value",

internal/types/resources.go

@@ -11,6 +11,7 @@ type ResourceProfile int
 const (
 	ResourceProfileAcsDefaults ResourceProfile = iota
 	ResourceProfileAuto
+	ResourceProfileTiny
 	ResourceProfileSmall
 	ResourceProfileMedium
 	ResourceProfileCI
@@ -20,6 +21,7 @@ var (
 	resourceProfileNames = map[ResourceProfile]string{
 		ResourceProfileAcsDefaults: "acs-defaults",
 		ResourceProfileAuto:        "auto",
+		ResourceProfileTiny:        "tiny",
 		ResourceProfileSmall:       "small",
 		ResourceProfileMedium:      "medium",
 		ResourceProfileCI:          "ci",

tests/e2e/helpers.go

@@ -39,7 +39,7 @@ func deployArgsFromEnv() []string {
 	if profile == "" {
 		profile = "small"
 	}
-	return []string{"--resources=" + profile}
+	return []string{"--verbose", "--resources=" + profile}
 }
 
 func teardownAllDeployments() error {