From aaab54a216a543e6aa25553009b8dd3e74abc7c7 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Mon, 1 Jun 2026 12:33:06 +0200 Subject: [PATCH] Bump memory resources for rpms-signature-scan Scanner-db* containers suffer the same OOMs as central-db and scanner-v4-db did and which got patched in https://github.com/stackrox/stackrox/pull/20655 Replicating the same to the Scanner repo. Saw OOMs in these pods in the last 7 days: - scanner-db-slim-on-push-598gl-rpms-signature-scan-pod - scanner-db-slim-on-push-m9v7z-rpms-signature-scan-pod --- .tekton/scanner-db-build.yaml | 11 +++++++++++ .tekton/scanner-db-slim-build.yaml | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/.tekton/scanner-db-build.yaml b/.tekton/scanner-db-build.yaml index 084c5fbdc..610104c14 100644 --- a/.tekton/scanner-db-build.yaml +++ b/.tekton/scanner-db-build.yaml @@ -61,6 +61,17 @@ spec: secret: secretName: '{{ git_auth_secret }}' + taskRunSpecs: + # The following are overrides to default step resources to prevent occasional or deterministic OOM kills. + - pipelineTaskName: rpms-signature-scan + stepSpecs: + - name: rpms-signature-scan + computeResources: + limits: + memory: 512Mi + requests: + memory: 512Mi + taskRunTemplate: serviceAccountName: build-pipeline-scanner-db diff --git a/.tekton/scanner-db-slim-build.yaml b/.tekton/scanner-db-slim-build.yaml index a75f8f36a..41db26b61 100644 --- a/.tekton/scanner-db-slim-build.yaml +++ b/.tekton/scanner-db-slim-build.yaml @@ -61,6 +61,17 @@ spec: secret: secretName: '{{ git_auth_secret }}' + taskRunSpecs: + # The following are overrides to default step resources to prevent occasional or deterministic OOM kills. + - pipelineTaskName: rpms-signature-scan + stepSpecs: + - name: rpms-signature-scan + computeResources: + limits: + memory: 512Mi + requests: + memory: 512Mi + taskRunTemplate: serviceAccountName: build-pipeline-scanner-db-slim