oidc-auth-armada-app/helm-charts/custom
Joaci Morais 17bda2e4d9 Liveness tweak to avoid overload on cpu
This is one of proposed set of solutions to high platform CPU usage
issues seen at multiple users. OIDC pods had configured the
Liveness initialDelaySeconds, periodSeconds and timeoutSeconds to
1, 10 and 1 respectively. The timeoutSeconds was very agressive, and
may cause issues on low spec CPUs.

+---------------------+-------------+-- ---------+
|      Liveness       | Old Values  | New Values |
+---------------------+-------------+---- -------+
| initialDelaySeconds |      1      |    13      |
|    periodSeconds    |      10     |    13      |
|    timeoutSeconds   |      1      |    8       |
+---------------------+-------------+------------+

Was reported that there are a lot 5 seconds liveness probes configured
in the system, so we choose not 5 multiple values to avoid concurrency

Test Plan:

PASS: Deploy a SX using a stx.9.0 master ISO.
PASS: Configure the kubelet log verbocity to 4 and restart kubelet
      service in order to show the Liveness probes logs on the
      /var/log/daemon.log file.
PASS: Apply the oidc-auth-apps using the configuration guide.
PASS: Check if the Liveness probes parameters are configured like:
      - periodSeconds: 10
      - initialDelaySeconds: 1
      - timeoutSeconds: 1
      for the "stx-oidc-client" pod and for "oidc-dex" pod by using
      the 'kubeclt get pod <mypod> -o yaml' command.
PASS: Check if the Liveness probe is logging at 10 seconds a time
      watching the /var/log/daemon.log log file.
PASS: Build the new oidc-auth-app tarball with the changes.
PASS: Update test. Do the app update with the new built tarball by
      using the 'system application-update <tarball>' command.
PASS: Check if the Liveness probes parameters are configured like:
      - periodSeconds: 13
      - initialDelaySeconds: 13
      - timeoutSeconds: 8
      for the "stx-oidc-client" pod and for "oidc-dex" pod by using
      the 'kubeclt get pod <mypod> -o yaml' command.
PASS: Check if the Liveness probe is logging in 13 seconds instead of
      10 seconds.
PASS: Restore to a snapshot before apply oidc-auth-apps from master
      ISO, oidc-auth-apps status should be uploaded.
PASS: Delete the current version of oidc-auth-apps using the command
      'system application-delete oidc-auth-apps'
PASS: Upload the new oidc-auth-apps tarball just built using the
      command 'system application-upload <tarball>'.
PASS: Apply the new oidc-auth-apps using the configuration guide.
PASS: Recheck if the Liveness probes parameters are configured like:
      - periodSeconds: 13
      - initialDelaySeconds: 13
      - timeoutSeconds: 8
      for the "stx-oidc-client" pod and for "oidc-dex" pod by using
      the 'kubeclt get pod <mypod> -o yaml' command.
PASS: Recheck if the Liveness probe is logging in 13 seconds instead
      of 10 seconds.
PASS: Perform oidc-auth-apps test by creating a user, apply
      rolebiding and authenticate it using oidc-auth command, check
      if the new user can send k8s commands based on its roles.

Closes-Bug: 2077365

Change-Id: I7c547f3fef43c1d8d703a99746271c2333b2e1a6
Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com>
2024-08-20 10:38:26 -03:00
..
oidc-client-helm Liveness tweak to avoid overload on cpu 2024-08-20 10:38:26 -03:00
secret-observer-helm Fix oidc-auth-apps upgrade. 2024-06-04 13:53:38 -03:00