mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-01 22:50:54 +00:00
Kata sizes VM CPU and memory from OCI limits, not Kubernetes resource requests. Requests are consumed by the Kubernetes control plane, but they do not drive Kata VM or sandbox sizing today. Convert the straightforward Kata workload manifests and kata-deploy examples from resource requests to limits so the declared resources match the values Kata uses for VM provisioning. Keep requests where the fixture intentionally validates Kubernetes request/limit behavior. Update fixture expectations affected by the conversion. The LimitRange fixture is limit-only at 500m. Raise the policy deployment limits to 500m and 800Mi. These tests boot CoCo/runtime-rs sandboxes with policy/initdata, and the former 100m/100Mi values became real runtime limits after the conversion, which is too constrained for the CI environments. Leave PVC storage requests, explicit request/limit validation fixtures, the env resourceFieldRef request, and non-Kata workload examples unchanged where requests are handled outside the Kata shim resource sizing path. If Kata later grows request-aware sandbox sizing, for example through Sandbox API based resource plumbing, these requests can be reintroduced where they carry the intended semantics. Signed-off-by: Manuel Huber <manuelh@nvidia.com> Assisted-by: OpenAI Codex <codex@openai.com>