Recommended resource requirements for Red Hat Advanced Cluster Security Cloud Service
The recommended resource guidelines were developed by performing a focused test that created the following objects across a given number of namespaces:
-
10 deployments, with 3 pod replicas in a sleep state, mounting 4 secrets, 4 config maps
-
10 services, each one pointing to the TCP/8080 and TCP/8443 ports of one of the previous deployments
-
1 route pointing to the first of the previous services
-
10 secrets containing 2048 random string characters
-
10 config maps containing 2048 random string characters
During the analysis of results, the number of deployments was identified as a primary factor for increasing of used resources. The number of deployments was used for the estimation of required resources.
Secured cluster services
Secured cluster services contain the following components:
-
Sensor
-
Admission controller
-
Collector
Collector component is not included on this page. Required resource requirements are listed on the default resource requirements page.
Sensor
Sensor monitors your Kubernetes and OpenShift Container Platform clusters. These services currently deploy in a single deployment, which handles interactions with the Kubernetes API and coordinates with Collector.
Memory and CPU requirements
The following table lists the minimum memory and CPU values required to run Sensor on a secured cluster.
| Deployments | Pods per deployment | CPU | Memory |
|---|---|---|---|
< 25,000 |
3 |
2 cores |
8 GiB |
< 50,000 |
3 |
2 cores |
16 GiB |
Admission controller
The admission controller prevents users from creating workloads that violate policies that you configure.
Memory and CPU requirements
The following table lists the minimum memory and CPU values required to run the admission controller on a secured cluster.
| Deployments | Pods per deployment | CPU | Memory |
|---|---|---|---|
< 25,000 |
3 |
0.5 cores |
600 MiB |
< 50,000 |
3 |
0.5 cores |
1200 MiB |