17bda2e4d9
This is one of proposed set of solutions to high platform CPU usage issues seen at multiple users. OIDC pods had configured the Liveness initialDelaySeconds, periodSeconds and timeoutSeconds to 1, 10 and 1 respectively. The timeoutSeconds was very agressive, and may cause issues on low spec CPUs. +---------------------+-------------+-- ---------+ | Liveness | Old Values | New Values | +---------------------+-------------+---- -------+ | initialDelaySeconds | 1 | 13 | | periodSeconds | 10 | 13 | | timeoutSeconds | 1 | 8 | +---------------------+-------------+------------+ Was reported that there are a lot 5 seconds liveness probes configured in the system, so we choose not 5 multiple values to avoid concurrency Test Plan: PASS: Deploy a SX using a stx.9.0 master ISO. PASS: Configure the kubelet log verbocity to 4 and restart kubelet service in order to show the Liveness probes logs on the /var/log/daemon.log file. PASS: Apply the oidc-auth-apps using the configuration guide. PASS: Check if the Liveness probes parameters are configured like: - periodSeconds: 10 - initialDelaySeconds: 1 - timeoutSeconds: 1 for the "stx-oidc-client" pod and for "oidc-dex" pod by using the 'kubeclt get pod <mypod> -o yaml' command. PASS: Check if the Liveness probe is logging at 10 seconds a time watching the /var/log/daemon.log log file. PASS: Build the new oidc-auth-app tarball with the changes. PASS: Update test. Do the app update with the new built tarball by using the 'system application-update <tarball>' command. PASS: Check if the Liveness probes parameters are configured like: - periodSeconds: 13 - initialDelaySeconds: 13 - timeoutSeconds: 8 for the "stx-oidc-client" pod and for "oidc-dex" pod by using the 'kubeclt get pod <mypod> -o yaml' command. PASS: Check if the Liveness probe is logging in 13 seconds instead of 10 seconds. PASS: Restore to a snapshot before apply oidc-auth-apps from master ISO, oidc-auth-apps status should be uploaded. PASS: Delete the current version of oidc-auth-apps using the command 'system application-delete oidc-auth-apps' PASS: Upload the new oidc-auth-apps tarball just built using the command 'system application-upload <tarball>'. PASS: Apply the new oidc-auth-apps using the configuration guide. PASS: Recheck if the Liveness probes parameters are configured like: - periodSeconds: 13 - initialDelaySeconds: 13 - timeoutSeconds: 8 for the "stx-oidc-client" pod and for "oidc-dex" pod by using the 'kubeclt get pod <mypod> -o yaml' command. PASS: Recheck if the Liveness probe is logging in 13 seconds instead of 10 seconds. PASS: Perform oidc-auth-apps test by creating a user, apply rolebiding and authenticate it using oidc-auth command, check if the new user can send k8s commands based on its roles. Closes-Bug: 2077365 Change-Id: I7c547f3fef43c1d8d703a99746271c2333b2e1a6 Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com> |
||
---|---|---|
.. | ||
oidc-client-helm | ||
secret-observer-helm |