Skip to content

Commit

Permalink
set net.ipv4.tcp_keepalive_time and net.core.somaxconn for tidb and t…
Browse files Browse the repository at this point in the history
…ikv in init container
  • Loading branch information
DanielZhangQD committed Nov 6, 2019
1 parent 60a6f80 commit 063d760
Show file tree
Hide file tree
Showing 8 changed files with 630 additions and 14 deletions.
12 changes: 0 additions & 12 deletions charts/tidb-cluster/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -173,10 +173,6 @@ pd:
# # when the kubelet is configured to allow unsafe sysctls
# - name: net.core.somaxconn
# value: "32768"
# - name: net.ipv4.tcp_syncookies
# value: "0"
# - name: net.ipv4.tcp_tw_recycle
# value: "0"

# Specify the priorityClassName for PD Pod.
# refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#how-to-use-priority-and-preemption
Expand Down Expand Up @@ -271,10 +267,6 @@ tikv:
# # when the kubelet is configured to allow unsafe sysctls
# - name: net.core.somaxconn
# value: "32768"
# - name: net.ipv4.tcp_syncookies
# value: "0"
# - name: net.ipv4.tcp_tw_recycle
# value: "0"

# Specify the priorityClassName for TiKV Pod.
# refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#how-to-use-priority-and-preemption
Expand Down Expand Up @@ -358,10 +350,6 @@ tidb:
# # when the kubelet is configured to allow unsafe sysctls
# - name: net.core.somaxconn
# value: "32768"
# - name: net.ipv4.tcp_syncookies
# value: "0"
# - name: net.ipv4.tcp_tw_recycle
# value: "0"

# # Load balancers usually have an idle timeout (eg. AWS NLB idle timeout is 350),
# # the tcp_keepalive_time must be set to lower than LB idle timeout.
Expand Down
16 changes: 16 additions & 0 deletions deploy/modules/aliyun/tidb-cluster/values/default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,26 @@ pd:
storage: 20Gi
storageClassName: alicloud-disk
tikv:
annotations:
tidb.pingcap.com/sysctl-init: "true"
podSecurityContext:
sysctls:
- name: net.core.somaxconn
value: "32768"
logLevel: info
storageClassName: local-volume
syncLog: true
tidb:
annotations:
tidb.pingcap.com/sysctl-init: "true"
podSecurityContext:
sysctls:
- name: net.core.somaxconn
value: "32768"
- name: net.ipv4.tcp_keepalive_intvl
value: "75"
- name: net.ipv4.tcp_keepalive_time
value: "300"
logLevel: info
service:
type: LoadBalancer
Expand Down
16 changes: 16 additions & 0 deletions deploy/modules/gcp/tidb-cluster/values/default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,24 @@ timezone: UTC
pd:
storageClassName: pd-ssd
tikv:
annotations:
tidb.pingcap.com/sysctl-init: "true"
podSecurityContext:
sysctls:
- name: net.core.somaxconn
value: "32768"
storageClassName: local-storage
tidb:
annotations:
tidb.pingcap.com/sysctl-init: "true"
podSecurityContext:
sysctls:
- name: net.core.somaxconn
value: "32768"
- name: net.ipv4.tcp_keepalive_intvl
value: "75"
- name: net.ipv4.tcp_keepalive_time
value: "300"
service:
type: LoadBalancer
externalTrafficPolicy: Local
Expand Down
4 changes: 4 additions & 0 deletions pkg/label/label.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,13 @@ const (
AnnTiKVPartition string = "tidb.pingcap.com/tikv-partition"
// AnnForceUpgradeKey is tc annotation key to indicate whether force upgrade should be done
AnnForceUpgradeKey = "tidb.pingcap.com/force-upgrade"
// AnnSysctlInit is pod annotation key to indicate whether configuring sysctls with init container
AnnSysctlInit = "tidb.pingcap.com/sysctl-init"

// AnnForceUpgradeVal is tc annotation value to indicate whether force upgrade should be done
AnnForceUpgradeVal = "true"
// AnnSysctlInitVal is pod annotation value to indicate whether configuring sysctls with init container
AnnSysctlInitVal = "true"

// PDLabelVal is PD label value
PDLabelVal string = "pd"
Expand Down
33 changes: 32 additions & 1 deletion pkg/manager/member/tidb_member_manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,36 @@ func getNewTiDBSetForTidbCluster(tc *v1alpha1.TidbCluster) *apps.StatefulSet {
})
}

sysctls := "sysctl -w"
var initContainers []corev1.Container
if tc.Spec.TiDB.Annotations != nil {
init, ok := tc.Spec.TiDB.Annotations[label.AnnSysctlInit]
if ok && (init == label.AnnSysctlInitVal) {
if tc.Spec.TiDB.PodSecurityContext != nil && len(tc.Spec.TiDB.PodSecurityContext.Sysctls) > 0 {
for _, sysctl := range tc.Spec.TiDB.PodSecurityContext.Sysctls {
sysctls = sysctls + fmt.Sprintf(" %s=%s", sysctl.Name, sysctl.Value)
}
privileged := true
initContainers = append(initContainers, corev1.Container{
Name: "init",
Image: controller.GetSlowLogTailerImage(tc),
Command: []string{
"sh",
"-c",
sysctls,
},
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
},
})
}
}
}
podSecurityContext := tc.Spec.TiDB.PodSecurityContext.DeepCopy()
if len(initContainers) > 0 {
podSecurityContext.Sysctls = []corev1.Sysctl{}
}

var containers []corev1.Container
if tc.Spec.TiDB.SeparateSlowLog {
// mount a shared volume and tail the slow log to STDOUT using a sidecar.
Expand Down Expand Up @@ -383,8 +413,9 @@ func getNewTiDBSetForTidbCluster(tc *v1alpha1.TidbCluster) *apps.StatefulSet {
RestartPolicy: corev1.RestartPolicyAlways,
Tolerations: tc.Spec.TiDB.Tolerations,
Volumes: vols,
SecurityContext: tc.Spec.TiDB.PodSecurityContext,
SecurityContext: podSecurityContext,
PriorityClassName: tc.Spec.TiDB.PriorityClassName,
InitContainers: initContainers,
},
},
ServiceName: controller.TiDBPeerMemberName(tcName),
Expand Down
Loading

0 comments on commit 063d760

Please sign in to comment.