diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py index 4cff4b97c2..01e33494b0 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/constants.py +++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py @@ -1122,6 +1122,14 @@ DEFAULT_REGISTRIES_INFO = { } # kubernetes parameters +SERVICE_PARAM_SECTION_KUBERNETES_CONFIG = 'config' +SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS = 'pod_max_pids' +# Platform pods use under 20 in steady state, but allow extra room. +SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MIN = 100 +# Some openstack pods reach ~450 in steady state, allow 2/3 extra to be safe. +SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_DEFAULT = 750 +SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MAX = 65535 + SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES = 'certificates' SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST = 'apiserver_certsan' diff --git a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py index 37d934ca61..d2874acb4b 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py +++ b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py @@ -389,6 +389,13 @@ def _validate_admission_plugins(name, value): "Invalid admission plugin: '%s'" % plugin)) +def _validate_pod_max_pids(name, value): + """Check if specified value is supported""" + _validate_range(name, value, + constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MIN, + constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MAX) + + PLATFORM_CONFIG_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL, ] @@ -630,6 +637,19 @@ KUBERNETES_CERTIFICATES_PARAMETER_DATA_FORMAT = { constants.SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST: SERVICE_PARAMETER_DATA_FORMAT_ARRAY, } +KUBERNETES_CONFIG_PARAMETER_OPTIONAL = [ + constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS, +] + +KUBERNETES_CONFIG_PARAMETER_VALIDATOR = { + constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS: _validate_pod_max_pids, +} + +KUBERNETES_CONFIG_PARAMETER_RESOURCE = { + constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS: + 'platform::kubernetes::params::k8s_pod_max_pids', +} + KUBERNETES_APISERVER_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL, constants.SERVICE_PARAM_NAME_OIDC_CLIENT_ID, @@ -805,6 +825,11 @@ SERVICE_PARAMETER_SCHEMA = { SERVICE_PARAM_VALIDATOR: KUBERNETES_APISERVER_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: KUBERNETES_APISERVER_PARAMETER_RESOURCE, }, + constants.SERVICE_PARAM_SECTION_KUBERNETES_CONFIG: { + SERVICE_PARAM_OPTIONAL: KUBERNETES_CONFIG_PARAMETER_OPTIONAL, + SERVICE_PARAM_VALIDATOR: KUBERNETES_CONFIG_PARAMETER_VALIDATOR, + SERVICE_PARAM_RESOURCE: KUBERNETES_CONFIG_PARAMETER_RESOURCE, + }, }, constants.SERVICE_TYPE_PTP: { constants.SERVICE_PARAM_SECTION_PTP_GLOBAL: { diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py index 3d274b0d73..1413998d7b 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py @@ -8583,6 +8583,14 @@ class ConductorManager(service.PeriodicService): config_uuid = self._config_update_hosts(context, [constants.CONTROLLER], reboot=True) + elif service == constants.SERVICE_TYPE_KUBERNETES: + # The KUBERNETES_POD_MAX_PIDS affects workers. + # A smarter way would be for update_service_config to receive the + # diff list or dict, to only target required personalities. + config_uuid = self._config_update_hosts(context, + [constants.CONTROLLER, + constants.WORKER], + reboot=True) else: # All other services personalities = [constants.CONTROLLER]