🌱 Add soft mem limit to controller k8s spec (ossf#2362)

* Bump golang docker to 1.19

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add soft memory limit for controller to address OOMKilled.

Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: nathaniel.wert <nathaniel.wert@kudelskisecurity.com>

Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
+# golang:1.19
+FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/bq/Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
+# golang:1.19
+FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/cii/Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
+# golang:1.19
+FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/controller/Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
+# golang:1.19
+FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/webhook/Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
+# golang:1.19
+FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/worker/Dockerfile

@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
+# golang:1.19
+FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/k8s/controller.release.yaml

@@ -55,6 +55,8 @@ spec:
               args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.release.csv"]
               imagePullPolicy: Always
               env:
+                - name: GOMEMLIMIT
+                  value: "950MiB"
                 - name: SCORECARD_REQUEST_TOPIC_URL
                   value: "gcppubsub://projects/openssf/topics/scorecard-batch-requests-releasetest"
                 - name: SCORECARD_DATA_BUCKET_URL

cron/k8s/controller.yaml

@@ -54,6 +54,9 @@ spec:
               image: gcr.io/openssf/scorecard-batch-controller:stable
               args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.csv"]
               imagePullPolicy: Always
+              env:
+                - name: GOMEMLIMIT
+                  value: "950MiB"
               resources:
                 limits:
                   memory: 1Gi