Stay organized with collections
Save and categorize content based on your preferences.
Configure container resources and replicas
This pages describes how to configure container resources and replicas for
controllers in Config Connector.
Configure resource allocation for a Config Connector controller container
In Config Connector version 1.106 and later, you can configure the CPU and
memory (RAM) resources allocated to a container in a Config Connector controller
Pod. You can configure the following controllers:
cnrm-webhook-manager
cnrm-controller-manager
cnrm-deletiondefender
cnrm-resource-stats-recorder
cnrm-unmanaged-detector (Config Connector version 1.108 and later)
For example, you can configure the memory request and limit of the webhook
container of the cnrm-webhook-manager controller by creating and applying
the following example YAML file.
Create a file named configure-webhook-manager.yaml and copy the
following YAML into it:
Use kubectl apply
to apply the container resource configuration to your cluster:
kubectl apply -f configure-webhook-manager.yaml
Verify the successful configuration by running the following command:
kubectl get controllerresource cnrm-webhook-manager -o jsonpath='{.status.healthy}'
It should display status.healthy field set to true.
Verify that the new custom resource configuration has been applied to the
webhook container.
kubectl get deployment cnrm-webhook-manager -n cnrm-system -o jsonpath='{.spec.template.spec.containers[?(@.name=="webhook")].resources}'
Creating and recreating the Pods could take a few minutes.
If Config Connector is configured to run in
namespaced mode, you must
use the NamespacedControllerResource custom resource to configure container
resources for the cnrm-controller-manager controller within your designated
namespace. The configuration of container resources for a namespaced controller
is enabled in Config Connector version 1.108 and later. The following YAML file
shows an example configuration:
apiVersion:customize.core.cnrm.cloud.google.com/v1beta1kind:NamespacedControllerResourcemetadata:name:cnrm-controller-manager# name should not contain the namespace ID suffixnamespace:NAMESPACEspec:containers:-name:managerresources:limits:cpu:200mmemory:512Mirequests:cpu:100mmemory:256Mi
Replace NAMESPACE with the name of your namespace.
Configure replicas for a Config Connector controller Pod
In Config Connector version 1.107 and later, you can configure the number of
replicas for a Config Connector controller. You can only configure the
cnrm-webhook-manager.
For example, the following steps show how to configure the number of replicas
for the cnrm-webhook-manager controller to 3.
Create a file named configure-webhook-manager.yaml and copy the following
YAML into it:
Use kubectl apply
to apply the modified configuration to your cluster:
kubectl apply -f configure-webhook-manager.yaml
Verify the successful configuration by running the following command.
kubectl get controllerresource cnrm-webhook-manager -o jsonpath='{.status.healthy}'
It should display status.healthy field set to true.
Verify the presence of 3 webhook Pods within your cluster.
kubectl get pods -n cnrm-system -l cnrm.cloud.google.com/component=cnrm-webhook-manager
Creating and recreating the Pods could take a few minutes.
Revert configuration changes in container resources and replicas
Use kubectl
delete
to delete the ControllerResource custom resources that you configured. After
deletion, the Config Connector operator recreates the controllers with the
default container resources and replicas.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eConfig Connector allows the configuration of CPU and memory resources for containers within its controller Pods, including \u003ccode\u003ecnrm-webhook-manager\u003c/code\u003e, \u003ccode\u003ecnrm-controller-manager\u003c/code\u003e, \u003ccode\u003ecnrm-deletiondefender\u003c/code\u003e, \u003ccode\u003ecnrm-resource-stats-recorder\u003c/code\u003e, and \u003ccode\u003ecnrm-unmanaged-detector\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eContainer resources can be configured using \u003ccode\u003eControllerResource\u003c/code\u003e custom resources by defining resource \u003ccode\u003elimits\u003c/code\u003e and \u003ccode\u003erequests\u003c/code\u003e in a YAML file, which can be applied via \u003ccode\u003ekubectl apply\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eIn namespaced mode, the \u003ccode\u003eNamespacedControllerResource\u003c/code\u003e custom resource must be used to configure container resources for the \u003ccode\u003ecnrm-controller-manager\u003c/code\u003e within the specified namespace, with this functionality available from Config Connector version 1.108.\u003c/p\u003e\n"],["\u003cp\u003eConfig Connector enables adjusting the number of replicas for the \u003ccode\u003ecnrm-webhook-manager\u003c/code\u003e controller by setting the \u003ccode\u003ereplicas\u003c/code\u003e field in the \u003ccode\u003eControllerResource\u003c/code\u003e YAML file, which the operator will then enforce by managing the associated \u003ccode\u003eHorizontalPodAutoscaler\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eYou can revert to the default container resources and replicas by deleting the \u003ccode\u003eControllerResource\u003c/code\u003e configuration using \u003ccode\u003ekubectl delete\u003c/code\u003e, which will trigger the Config Connector operator to recreate the controllers.\u003c/p\u003e\n"]]],[],null,["# Configure container resources and replicas\n==========================================\n\n*** ** * ** ***\n\nThis pages describes how to configure container resources and replicas for\ncontrollers in Config Connector.\n\nConfigure resource allocation for a Config Connector controller container\n-------------------------------------------------------------------------\n\nIn Config Connector version 1.106 and later, you can configure the CPU and\nmemory (RAM) resources allocated to a container in a Config Connector controller\nPod. You can configure the following controllers:\n\n- `cnrm-webhook-manager`\n- `cnrm-controller-manager`\n- `cnrm-deletiondefender`\n- `cnrm-resource-stats-recorder`\n- `cnrm-unmanaged-detector` (Config Connector version 1.108 and later)\n\nFor example, you can configure the memory request and limit of the `webhook`\ncontainer of the `cnrm-webhook-manager` controller by creating and applying\nthe following example YAML file.\n\n1. Create a file named `configure-webhook-manager.yaml` and copy the\n following YAML into it:\n\n apiVersion: customize.core.cnrm.cloud.google.com/v1beta1\n kind: ControllerResource\n metadata:\n name: cnrm-webhook-manager\n spec:\n containers:\n - name: webhook\n resources:\n limits:\n memory: 512Mi\n requests:\n memory: 256Mi\n\n2. Use [`kubectl apply`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply)\n to apply the container resource configuration to your cluster:\n\n ```\n kubectl apply -f configure-webhook-manager.yaml\n ```\n3. Verify the successful configuration by running the following command:\n\n ```\n kubectl get controllerresource cnrm-webhook-manager -o jsonpath='{.status.healthy}'\n ```\n\n It should display `status.healthy` field set to `true`.\n4. Verify that the new custom resource configuration has been applied to the\n `webhook` container.\n\n ```\n kubectl get deployment cnrm-webhook-manager -n cnrm-system -o jsonpath='{.spec.template.spec.containers[?(@.name==\"webhook\")].resources}'\n ```\n\n Creating and recreating the Pods could take a few minutes.\n\n| **Note:** Some containers have a default value set for the container environment variable `GOMEMLIMIT`. If you configure the memory request value for these containers, the Config Connector operator automatically adjusts the `GOMEMLIMIT` value to 85% of the specified memory request.\n\nIf Config Connector is configured to run in\n[namespaced mode](/config-connector/docs/how-to/install-namespaced), you must\nuse the `NamespacedControllerResource` custom resource to configure container\nresources for the `cnrm-controller-manager` controller within your designated\nnamespace. The configuration of container resources for a namespaced controller\nis enabled in Config Connector version 1.108 and later. The following YAML file\nshows an example configuration: \n\n apiVersion: customize.core.cnrm.cloud.google.com/v1beta1\n kind: NamespacedControllerResource\n metadata:\n name: cnrm-controller-manager # name should not contain the namespace ID suffix\n namespace: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eNAMESPACE\u003c/span\u003e\u003c/var\u003e\n spec:\n containers:\n - name: manager\n resources:\n limits:\n cpu: 200m\n memory: 512Mi\n requests:\n cpu: 100m\n memory: 256Mi\n\nReplace \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e with the name of your namespace.\n\nConfigure replicas for a Config Connector controller Pod\n--------------------------------------------------------\n\nIn Config Connector version 1.107 and later, you can configure the number of\nreplicas for a Config Connector controller. You can only configure the\n`cnrm-webhook-manager`.\n\nFor example, the following steps show how to configure the number of replicas\nfor the `cnrm-webhook-manager` controller to `3`.\n\n1. Create a file named `configure-webhook-manager.yaml` and copy the following\n YAML into it:\n\n apiVersion: customize.core.cnrm.cloud.google.com/v1beta1\n kind: ControllerResource\n metadata:\n name: cnrm-webhook-manager\n spec:\n replicas: 3\n containers:\n - name: webhook\n resources:\n limits:\n memory: 512Mi\n requests:\n memory: 256Mi\n\n2. Use [`kubectl apply`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply)\n to apply the modified configuration to your cluster:\n\n ```\n kubectl apply -f configure-webhook-manager.yaml\n ```\n3. Verify the successful configuration by running the following command.\n\n ```\n kubectl get controllerresource cnrm-webhook-manager -o jsonpath='{.status.healthy}'\n ```\n\n It should display `status.healthy` field set to `true`.\n4. Verify the presence of 3 webhook Pods within your cluster.\n\n ```\n kubectl get pods -n cnrm-system -l cnrm.cloud.google.com/component=cnrm-webhook-manager\n ```\n\n Creating and recreating the Pods could take a few minutes.\n\n| **Note:** Config Connector includes a [`HorizontalPodAutoscaler`](/kubernetes-engine/docs/concepts/horizontalpodautoscaler) that periodically adjusts the appropriate replicas for the `cnrm-webhook-manager` controller. If you manually configure the replicas using the configuration YAML, the Config Connector operator automatically adjusts the `minReplicas` and `maxReplicas` of the `HorizontalPodAutoscaler` to ensure the cluster maintains at least the specified number of replicas in the configuration YAML.\n\nRevert configuration changes in container resources and replicas\n----------------------------------------------------------------\n\nUse [`kubectl\ndelete`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#delete)\nto delete the `ControllerResource` custom resources that you configured. After\ndeletion, the Config Connector operator recreates the controllers with the\ndefault container resources and replicas. \n\n```\nkubectl delete -f configure-webhook-manager.yaml\n```"]]
