Support ephemeral storage resources on VMagent's config reloader container #1711
Description
Is your feature request related to a problem? Please describe
Strict Kubernetes admission controllers like Kyverno block VictoriaMetrics Pods because the injected config-reloader sidecar lacks ephemeral-storage resource requests/limits, which cannot be configured currently.
Describe the solution you'd like
I would like to be able to configure ephemeral-storage requests and limits for the config-reloader container, similar to how CPU and Memory are currently handled.
Ideally, this would follow the existing pattern using environment variables in the Operator deployment:
VM_CONFIG_RELOADER_REQUEST_EPHEMERAL_STORAGE
VM_CONFIG_RELOADER_LIMIT_EPHEMERAL_STORAGE
Or, preferably, allow a full resources struct override for the sidecar within the Custom Resource specs (e.g., VMAgent.spec.configReloader.resources), which would allow more granular control per instance.
Describe alternatives you've considered
Kyverno Policy Exceptions: I currently have to apply a PolicyException to exempt the entire VMAgent/VMCluster Pod from the policy. This is suboptimal as it creates a blind spot in our compliance posture just for one sidecar.
emptyDir sizeLimit workaround: I attempted to force a sizeLimit on the shared volumes (config-out) via the volumes spec in the CRD to satisfy the policy exception logic. However, this results in a controller error: Deployment.apps ... is invalid: [spec.template.spec.volumes... Duplicate value: "config-out"].
Additional information
The current configuration struct in internal/config/config.go supports CPU and Memory but ignores storage:
go
// Current implementation
ConfigReloaderLimitCPU string envconfig:"VM_CONFIG_RELOADER_LIMIT_CPU"
ConfigReloaderLimitMemory string envconfig:"VM_CONFIG_RELOADER_LIMIT_MEMORY"
// Missing: ConfigReloaderLimitEphemeralStorage
This prevents the operator from generating a compliant container spec for environments enforcing the standard "Require Requests and Limits" best practice.