Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

US-622676 - helm chart changes for tcp keep alive probe #837

Merged
merged 9 commits into from
Oct 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions charts/pega/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -333,6 +333,20 @@ tier:
runAsUser: RUN_AS_USER
fsGroup: FS_GROUP
```

Starting in Kubernetes version 1.29, you can configure the OS Kernel level setting net.ipv4.tcp_keepalive_time using standard sysctls command.
The following code provides an example configuration. If needed, provide the value in seconds as per the cloud provider TCP connections timeout settings.

Example:

```yaml
tier:
- name: my-tier
securityContext:
sysctls:
- name: net.ipv4.tcp_keepalive_time
value: "300"
```
### service

Specify the `service` yaml block to expose a Pega tier to other Kubernetes run services, or externally to other systems. The name of the service will be based on the tier's name, so if your tier is "web", your service name will be "pega-web". If you omit service, no Kubernetes service object is created for the tier during the deployment. For more information on services, see the [Kubernetes Documentation](https://kubernetes.io/docs/concepts/services-networking/service).
Expand Down
5 changes: 5 additions & 0 deletions charts/pega/templates/_pega-deployment.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,11 @@ spec:
runAsUser: 9001
fsGroup: 0
{{- end }}
{{- if (.node.tcpKeepAliveProbe) }}
sysctls:
- name: "net.ipv4.tcp_keepalive_time"
value: "{{ .node.tcpKeepAliveProbe }}"
{{- end }}
{{- if .node.securityContext }}
{{ toYaml .node.securityContext | indent 8 }}
{{- end }}
Expand Down
24 changes: 24 additions & 0 deletions charts/pega/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,14 @@ global:
# runAsUser: 9001
# fsGroup: 0

# To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds.
# This setting only works for Kubernetes version 1.29 onwards. For more information, see below,
# https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
# securityContext:
# sysctls:
# - name: net.ipv4.tcp_keepalive_time
# value: "300"

# To specify security settings for a Container, include the securityContext field in the Container manifest
# Security settings that you specify for a Container apply only to the pega container,
# and they override settings made at the Pod level when there is overlap. Container settings
Expand Down Expand Up @@ -328,6 +336,14 @@ global:
# runAsUser: 9001
# fsGroup: 0

# To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds.
# This setting only works for Kubernetes version 1.29 onwards. For more information, see below,
# https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
# securityContext:
# sysctls:
# - name: net.ipv4.tcp_keepalive_time
# value: "300"

# To specify security settings for a Container, include the securityContext field in the Container manifest
# Security settings that you specify for a Container apply only to the pega container,
# and they override settings made at the Pod level when there is overlap. Container settings
Expand Down Expand Up @@ -399,6 +415,14 @@ global:
# runAsUser: 9001
# fsGroup: 0

# To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds.
# This setting only works for Kubernetes version 1.29 onwards. For more information, see below,
# https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
# securityContext:
# sysctls:
# - name: net.ipv4.tcp_keepalive_time
# value: "300"

# To specify security settings for a Container, include the securityContext field in the Container manifest
# Security settings that you specify for a Container apply only to the pega container,
# and they override settings made at the Pod level when there is overlap. Container settings
Expand Down
52 changes: 41 additions & 11 deletions terratest/src/test/pega/pega-tier-deployment_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,16 +75,16 @@ func TestPegaTierDeploymentWithPodAffinity(t *testing.T) {
for _, vendor := range supportedVendors {
var options = &helm.Options{
SetValues: map[string]string{
"global.provider": vendor,
"global.actions.execute": "deploy",
"global.deployment.name": "pega",
"installer.upgrade.upgradeType": "zero-downtime",
"global.tier[0].name": "web",
"global.tier[1].name": "batch",
"global.tier[2].name": "stream",
affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].key": "kubernetes.io/os",
affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].operator": "In",
affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].values[0]": "linux",
"global.provider": vendor,
"global.actions.execute": "deploy",
"global.deployment.name": "pega",
"installer.upgrade.upgradeType": "zero-downtime",
"global.tier[0].name": "web",
"global.tier[1].name": "batch",
"global.tier[2].name": "stream",
affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].key": "kubernetes.io/os",
affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].operator": "In",
affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].values[0]": "linux",
},
}

Expand All @@ -102,7 +102,37 @@ func TestPegaTierDeploymentWithPodAffinity(t *testing.T) {
UnmarshalK8SYaml(t, yamlSplit[3], &depObjStream)
deploymentAffinityStream := depObjStream.Spec.Template.Spec.Affinity
require.Empty(t, deploymentAffinityStream)
}
}
}

func TestPegaTierDeploymentWithTCPProbe(t *testing.T) {

var supportedVendors = []string{"k8s", "eks", "gke", "aks", "pks"}
helmChartPath, err := filepath.Abs(PegaHelmChartPath)
require.NoError(t, err)

var depObj appsv1.Deployment

for _, vendor := range supportedVendors {
var options = &helm.Options{
SetValues: map[string]string{
"global.provider": vendor,
"global.actions.execute": "deploy",
"global.deployment.name": "pega",
"global.tier[0].name": "web",
"global.tier[0].tcpKeepAliveProbe": "10",
},
}

yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-tier-deployment.yaml"})
yamlSplit := strings.Split(yamlContent, "---")

UnmarshalK8SYaml(t, yamlSplit[1], &depObj)
require.Equal(t, "net.ipv4.tcp_keepalive_time", *&depObj.Spec.Template.Spec.SecurityContext.Sysctls[0].Name)
require.Equal(t, "10", *&depObj.Spec.Template.Spec.SecurityContext.Sysctls[0].Value)

}

}

func TestPegaTierDeploymentWithFSGroup(t *testing.T) {
Expand Down
Loading