Merge "Add service parameter to control pod pids limit"

sysinv/sysinv/sysinv/sysinv/common/constants.py

@@ -1122,6 +1122,14 @@ DEFAULT_REGISTRIES_INFO = {
 }
 
 # kubernetes parameters
+SERVICE_PARAM_SECTION_KUBERNETES_CONFIG = 'config'
+SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS = 'pod_max_pids'
+# Platform pods use under 20 in steady state, but allow extra room.
+SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MIN = 100
+# Some openstack pods reach ~450 in steady state, allow 2/3 extra to be safe.
+SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_DEFAULT = 750
+SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MAX = 65535
+
 SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES = 'certificates'
 SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST = 'apiserver_certsan'
 

sysinv/sysinv/sysinv/sysinv/common/service_parameter.py

@@ -389,6 +389,13 @@ def _validate_admission_plugins(name, value):
                 "Invalid admission plugin: '%s'" % plugin))
 
 
+def _validate_pod_max_pids(name, value):
+    """Check if specified value is supported"""
+    _validate_range(name, value,
+                    constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MIN,
+                    constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MAX)
+
+
 PLATFORM_CONFIG_PARAMETER_OPTIONAL = [
     constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL,
 ]
@@ -630,6 +637,19 @@ KUBERNETES_CERTIFICATES_PARAMETER_DATA_FORMAT = {
     constants.SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST: SERVICE_PARAMETER_DATA_FORMAT_ARRAY,
 }
 
+KUBERNETES_CONFIG_PARAMETER_OPTIONAL = [
+    constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS,
+]
+
+KUBERNETES_CONFIG_PARAMETER_VALIDATOR = {
+    constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS: _validate_pod_max_pids,
+}
+
+KUBERNETES_CONFIG_PARAMETER_RESOURCE = {
+    constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS:
+        'platform::kubernetes::params::k8s_pod_max_pids',
+}
+
 KUBERNETES_APISERVER_PARAMETER_OPTIONAL = [
     constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL,
     constants.SERVICE_PARAM_NAME_OIDC_CLIENT_ID,
@@ -805,6 +825,11 @@ SERVICE_PARAMETER_SCHEMA = {
             SERVICE_PARAM_VALIDATOR: KUBERNETES_APISERVER_PARAMETER_VALIDATOR,
             SERVICE_PARAM_RESOURCE: KUBERNETES_APISERVER_PARAMETER_RESOURCE,
         },
+        constants.SERVICE_PARAM_SECTION_KUBERNETES_CONFIG: {
+            SERVICE_PARAM_OPTIONAL: KUBERNETES_CONFIG_PARAMETER_OPTIONAL,
+            SERVICE_PARAM_VALIDATOR: KUBERNETES_CONFIG_PARAMETER_VALIDATOR,
+            SERVICE_PARAM_RESOURCE: KUBERNETES_CONFIG_PARAMETER_RESOURCE,
+        },
     },
     constants.SERVICE_TYPE_PTP: {
         constants.SERVICE_PARAM_SECTION_PTP_GLOBAL: {

sysinv/sysinv/sysinv/sysinv/conductor/manager.py

@@ -8583,6 +8583,14 @@ class ConductorManager(service.PeriodicService):
             config_uuid = self._config_update_hosts(context,
                                                     [constants.CONTROLLER],
                                                     reboot=True)
+        elif service == constants.SERVICE_TYPE_KUBERNETES:
+            # The KUBERNETES_POD_MAX_PIDS affects workers.
+            # A smarter way would be for update_service_config to receive the
+            # diff list or dict, to only target required personalities.
+            config_uuid = self._config_update_hosts(context,
+                                                    [constants.CONTROLLER,
+                                                     constants.WORKER],
+                                                    reboot=True)
         else:
             # All other services
             personalities = [constants.CONTROLLER]