c822593166
This change added --kube-api-qps=50 and --kube-api-burst=100 to
containers' args of cert-manager's deployment. This override the
default qps (reqests per second limit) and burst (request burst limit)
for cert-manager, which are too low (5 and 10 respectively) and causing
cert-manager to retry and requeue requests when cert-manager is
handling hundreds of certificate requests in burst in cases such as
large scale DC system deployment.
Test Plan:
PASS: In a DX system, update cert-manager application with the change,
verify cm-cert-manager deployment has the two args added:
containers:
- args:
- --kube-api-qps=50
- --kube-api-burst=100
PASS: Use a script to simulate subclouds creation in a batch of 250,
loop through the batch creation for multiple times (~27 times).
Verify cert-manager doesn't generate the following logs:
"Waited for 1.293433266s due to client-side throttling, not
priority and fairness."
"re-queuing item due to optimistic locking on resource"
PASS: Fresh install a DX system, verify deployment is successful, in
particular cert-manager behaves as expected with the change.
Closes-Bug: 2127880
Change-Id: Ie5687b729956e9ab1a56c91699b09c11f2011093
Signed-off-by: Andy Ning <andy.ning@windriver.com>
# StarlingX/Cert-Manager-Armada-App
## Introduction [Cert-Manager](https://cert-manager.io/) is Kubernetes native application that facilities certificate management. This repository deploys Cert-Manager as a platform-managed application using FluxCD Helm Charts for the StarlingX project.
## Build The build tools available as independent repositories under the StarlingX project are necessary to build this application.
See [StarlingX Build Guide](https://docs.starlingx.io/developer_resources/build_guide.html) for more details.
To build this app:
` ${MY_REPO_ROOT_DIR}/cgcs-root/build-tools/build-pkgs cert-manager-helm stx-cert-manager-helm The generated RPM is located in
$MY_BUILD_DIR/std/rpmbuild/RPMS`.
To extract the tarball without installing on build system, use
command:
` rpm2cpio stx-cert-manager-helm-1.0-0.tis.noarch.rpm | cpio -idmv`
## Usage Note that the Cert-Manager application is included on a StarlingX install system by default.
Following commands can be used to upload, apply, remove, delete, and view the application:
` system application-remove cert-manager system application-delete cert-manager system application-upload <.tgz file> system application-apply cert-manager system application-list`
Cert-Manager Kubernetes resources can be found in the cert-manager namespace.
` kubectl get namespaces | grep cert-manager kubectl get crd | grep cert-manager kubectl get pods --namespace cert-manager`