This is one of proposed set of solutions to high platform CPU usage
issues seen at multiple users. OIDC pods had configured the
Liveness initialDelaySeconds, periodSeconds and timeoutSeconds to
1, 10 and 1 respectively. The timeoutSeconds was very agressive, and
may cause issues on low spec CPUs.
+---------------------+-------------+-- ---------+
| Liveness | Old Values | New Values |
+---------------------+-------------+---- -------+
| initialDelaySeconds | 1 | 13 |
| periodSeconds | 10 | 13 |
| timeoutSeconds | 1 | 8 |
+---------------------+-------------+------------+
Was reported that there are a lot 5 seconds liveness probes configured
in the system, so we choose not 5 multiple values to avoid concurrency
Test Plan:
PASS: Deploy a SX using a stx.9.0 master ISO.
PASS: Configure the kubelet log verbocity to 4 and restart kubelet
service in order to show the Liveness probes logs on the
/var/log/daemon.log file.
PASS: Apply the oidc-auth-apps using the configuration guide.
PASS: Check if the Liveness probes parameters are configured like:
- periodSeconds: 10
- initialDelaySeconds: 1
- timeoutSeconds: 1
for the "stx-oidc-client" pod and for "oidc-dex" pod by using
the 'kubeclt get pod <mypod> -o yaml' command.
PASS: Check if the Liveness probe is logging at 10 seconds a time
watching the /var/log/daemon.log log file.
PASS: Build the new oidc-auth-app tarball with the changes.
PASS: Update test. Do the app update with the new built tarball by
using the 'system application-update <tarball>' command.
PASS: Check if the Liveness probes parameters are configured like:
- periodSeconds: 13
- initialDelaySeconds: 13
- timeoutSeconds: 8
for the "stx-oidc-client" pod and for "oidc-dex" pod by using
the 'kubeclt get pod <mypod> -o yaml' command.
PASS: Check if the Liveness probe is logging in 13 seconds instead of
10 seconds.
PASS: Restore to a snapshot before apply oidc-auth-apps from master
ISO, oidc-auth-apps status should be uploaded.
PASS: Delete the current version of oidc-auth-apps using the command
'system application-delete oidc-auth-apps'
PASS: Upload the new oidc-auth-apps tarball just built using the
command 'system application-upload <tarball>'.
PASS: Apply the new oidc-auth-apps using the configuration guide.
PASS: Recheck if the Liveness probes parameters are configured like:
- periodSeconds: 13
- initialDelaySeconds: 13
- timeoutSeconds: 8
for the "stx-oidc-client" pod and for "oidc-dex" pod by using
the 'kubeclt get pod <mypod> -o yaml' command.
PASS: Recheck if the Liveness probe is logging in 13 seconds instead
of 10 seconds.
PASS: Perform oidc-auth-apps test by creating a user, apply
rolebiding and authenticate it using oidc-auth command, check
if the new user can send k8s commands based on its roles.
Closes-Bug: 2077365
Change-Id: I7c547f3fef43c1d8d703a99746271c2333b2e1a6
Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com>
17bda2e4d9