Add service parameter to control pod pids limit

Create a config section for kubernetes service. Create a parameter named pod_max_pids to have similar name as the kubernetes parameter pod-max-pids. Store the value in the config section. This will create a system-wide entry in hieradata when unlocking: plattform::kubernetes::params::k8s_pod_max_pids This affects hosts with kubelet running, meaning controller and worker personalities. A config out of date will be raised for all hosts of both personalities, even for parameters that target only a specific personality. After modifying the parameter a host-lock then host-unlock is required. Platform pods use under 20 processes in steady state. Some openstack pods reach ~450 processes in steady state. Since StarlingX provides some optional apps we provide a default value that takes into account the most hungry app, that being openstack. The database entry will be populated considering openstack will be applied.(I707ddc4ca67595fbf809c6ffc15ecd4fb21f4661), but we shouldn't restrict the minimum based on optional apps, as this allows the user to set a lower minimum if there is no plan to use openstack. Tested on Standard+dedicated storage: - out of sync raised for controllers and workers when using service-parameter modify - alarm cleared after host-lock, host-unlock - new value correctly generated and used - add with system service-parameter-add - modify with system service-parameter-modify Tested on top of: I10c1684fe3145e0a46b011f8e87f7a23557ddd4a Partial-Bug: 1928353 Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com> Change-Id: I74fcf2bd405c2a3811a4f27a55b28c0d001430e1
2021-05-12 15:16:32 +03:00 · 2021-05-12 15:16:32 +03:00 · bf547186d1
parent ed967ad81c
commit bf547186d1
3 changed files with 41 additions and 0 deletions
--- a/sysinv/sysinv/sysinv/sysinv/common/constants.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py
@ -1122,6 +1122,14 @@ DEFAULT_REGISTRIES_INFO = {
 }

 # kubernetes parameters
+SERVICE_PARAM_SECTION_KUBERNETES_CONFIG = 'config'
+SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS = 'pod_max_pids'
+# Platform pods use under 20 in steady state, but allow extra room.
+SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MIN = 100
+# Some openstack pods reach ~450 in steady state, allow 2/3 extra to be safe.
+SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_DEFAULT = 750
+SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MAX = 65535
+
 SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES = 'certificates'
 SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST = 'apiserver_certsan'

--- a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
@ -389,6 +389,13 @@ def _validate_admission_plugins(name, value):
                "Invalid admission plugin: '%s'" % plugin))


+def _validate_pod_max_pids(name, value):
+    """Check if specified value is supported"""
+    _validate_range(name, value,
+                    constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MIN,
+                    constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MAX)
+
+
 PLATFORM_CONFIG_PARAMETER_OPTIONAL = [
    constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL,
 ]
@ -630,6 +637,19 @@ KUBERNETES_CERTIFICATES_PARAMETER_DATA_FORMAT = {
    constants.SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST: SERVICE_PARAMETER_DATA_FORMAT_ARRAY,
 }

+KUBERNETES_CONFIG_PARAMETER_OPTIONAL = [
+    constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS,
+]
+
+KUBERNETES_CONFIG_PARAMETER_VALIDATOR = {
+    constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS: _validate_pod_max_pids,
+}
+
+KUBERNETES_CONFIG_PARAMETER_RESOURCE = {
+    constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS:
+        'platform::kubernetes::params::k8s_pod_max_pids',
+}
+
 KUBERNETES_APISERVER_PARAMETER_OPTIONAL = [
    constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL,
    constants.SERVICE_PARAM_NAME_OIDC_CLIENT_ID,
@ -805,6 +825,11 @@ SERVICE_PARAMETER_SCHEMA = {
            SERVICE_PARAM_VALIDATOR: KUBERNETES_APISERVER_PARAMETER_VALIDATOR,
            SERVICE_PARAM_RESOURCE: KUBERNETES_APISERVER_PARAMETER_RESOURCE,
        },
+        constants.SERVICE_PARAM_SECTION_KUBERNETES_CONFIG: {
+            SERVICE_PARAM_OPTIONAL: KUBERNETES_CONFIG_PARAMETER_OPTIONAL,
+            SERVICE_PARAM_VALIDATOR: KUBERNETES_CONFIG_PARAMETER_VALIDATOR,
+            SERVICE_PARAM_RESOURCE: KUBERNETES_CONFIG_PARAMETER_RESOURCE,
+        },
    },
    constants.SERVICE_TYPE_PTP: {
        constants.SERVICE_PARAM_SECTION_PTP_GLOBAL: {
--- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
@ -8583,6 +8583,14 @@ class ConductorManager(service.PeriodicService):
            config_uuid = self._config_update_hosts(context,
                                                    [constants.CONTROLLER],
                                                    reboot=True)
+        elif service == constants.SERVICE_TYPE_KUBERNETES:
+            # The KUBERNETES_POD_MAX_PIDS affects workers.
+            # A smarter way would be for update_service_config to receive the
+            # diff list or dict, to only target required personalities.
+            config_uuid = self._config_update_hosts(context,
+                                                    [constants.CONTROLLER,
+                                                     constants.WORKER],
+                                                    reboot=True)
        else:
            # All other services
            personalities = [constants.CONTROLLER]