Skip to content

types/ingress: add new tuning option: maxConnections #1161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 2 commits into from
Apr 29, 2022
Merged

types/ingress: add new tuning option: maxConnections #1161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
af7ec8f
types/ingress: add new tuning option: maxConnections
frobware Apr 27, 2022
4d31f71
Run: make generate-with-container
frobware Apr 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1135,6 +1135,17 @@ spec:
type: string
type: object
tuningOptions:
anyOf:
- properties:
maxConnections:
enum:
- -1
- 0
- properties:
maxConnections:
format: int32
maximum: 2000000
minimum: 2000
description: "tuningOptions defines parameters for adjusting the performance
of ingress controller pods. All fields are optional and will use
their respective defaults if not set. See specific tuningOptions
Expand Down Expand Up @@ -1203,6 +1214,35 @@ spec:
are subject to change over time."
format: duration
type: string
maxConnections:
description: "maxConnections defines the maximum number of simultaneous
connections that can be established per HAProxy process. Increasing
this value allows each ingress controller pod to handle more
connections but at the cost of additional system resources being
consumed. \n Permitted values are: empty, 0, -1, and the range
2000-2000000. \n If this field is empty or 0, the IngressController
will use the default value of 20000, but the default is subject
to change in future releases. \n If the value is -1 then HAProxy
will dynamically compute a maximum value based on the available
ulimits in the running container. Selecting -1 (i.e., auto)
will result in a large value being computed (~520000 on OpenShift
>=4.10 clusters) and therefore each HAProxy process will incur
significant memory usage compared to the current default of
20000. \n Setting a value that is greater than the current operating
system limit will prevent the HAProxy process from starting.
\n If you choose a discrete value (e.g., 750000) and the router
pod is migrated to a new node, there's no guarantee that that
new node has identical ulimits configured. In such a scenario
the pod would fail to start. If you have nodes with different
ulimits configured (e.g., different tuned profiles) and you
choose a discrete value then the guidance is to use -1 and let
the value be computed dynamically at runtime. \n You can monitor
memory usage for router containers with the following metric:
'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.
\n You can monitor memory usage of individual HAProxy processes
in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'."
format: int32
type: integer
serverFinTimeout:
description: "serverFinTimeout defines how long a connection will
be held open while waiting for the server/backend response to
Expand Down
23 changes: 23 additions & 0 deletions operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,26 @@
- properties:
address:
format: ipv6
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/tuningOptions/anyOf
# We explicitly choose anyOf to allow:
#
# - the enum
# - the range
# - and null
#
# If we specify oneOf that only allows for one of 'the enum' or 'the
# range'. Anything outside of that is invalid. However, we want to
# allow 'null' because maxConnections is an optional field. Using
# anyOf allows for 'the enum', 'the range', or 'null'. By allowing
# 'null' we provide a consistent user experience given that there
# are other optional integer fields in tuningOptions.
value:
- properties:
maxConnections:
enum: [ -1, 0 ]
- properties:
maxConnections:
format: int32
minimum: 2000
maximum: 2000000
45 changes: 45 additions & 0 deletions operator/v1/types_ingress.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1392,6 +1392,51 @@ type IngressControllerTuningOptions struct {
// +kubebuilder:validation:Format=duration
// +optional
HealthCheckInterval *metav1.Duration `json:"healthCheckInterval,omitempty"`

// maxConnections defines the maximum number of simultaneous
// connections that can be established per HAProxy process.
// Increasing this value allows each ingress controller pod to
// handle more connections but at the cost of additional
// system resources being consumed.
//
// Permitted values are: empty, 0, -1, and the range
// 2000-2000000.
//
// If this field is empty or 0, the IngressController will use
// the default value of 20000, but the default is subject to
// change in future releases.
//
// If the value is -1 then HAProxy will dynamically compute a
// maximum value based on the available ulimits in the running
// container. Selecting -1 (i.e., auto) will result in a large
// value being computed (~520000 on OpenShift >=4.10 clusters)
// and therefore each HAProxy process will incur significant
// memory usage compared to the current default of 20000.
//
// Setting a value that is greater than the current operating
// system limit will prevent the HAProxy process from
// starting.
//
// If you choose a discrete value (e.g., 750000) and the
// router pod is migrated to a new node, there's no guarantee
// that that new node has identical ulimits configured. In
// such a scenario the pod would fail to start. If you have
// nodes with different ulimits configured (e.g., different
// tuned profiles) and you choose a discrete value then the
// guidance is to use -1 and let the value be computed
// dynamically at runtime.
//
// You can monitor memory usage for router containers with the
// following metric:
// 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'.
//
// You can monitor memory usage of individual HAProxy
// processes in router containers with the following metric:
// 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'.
//
// +kubebuilder:validation:Optional
// +optional
MaxConnections int32 `json:"maxConnections,omitempty"`
}

// HTTPEmptyRequestsPolicy indicates how HTTP connections for which no request
Expand Down
1 change: 1 addition & 0 deletions operator/v1/zz_generated.swagger_doc_generated.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.