From fcf7e5094e1690d8079b4f734f32da8294baa3fc Mon Sep 17 00:00:00 2001 From: Alexander Kabakaev Date: Sun, 30 Aug 2020 16:51:36 +0200 Subject: [PATCH 1/2] prevent generation of zombie PIDs in exec health probes Signed-off-by: Alexander Kabakaev --- .../redis/templates/redis-master-statefulset.yaml | 13 +++++++------ .../redis/templates/redis-slave-statefulset.yaml | 14 +++++++------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/bitnami/redis/templates/redis-master-statefulset.yaml b/bitnami/redis/templates/redis-master-statefulset.yaml index 7632a791e8644c..39329e5dba3cad 100755 --- a/bitnami/redis/templates/redis-master-statefulset.yaml +++ b/bitnami/redis/templates/redis-master-statefulset.yaml @@ -166,7 +166,8 @@ spec: livenessProbe: initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }} + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.master.livenessProbe.successThreshold }} failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} exec: @@ -181,14 +182,14 @@ spec: readinessProbe: initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.master.readinessProbe.successThreshold }} failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} exec: command: - sh - -c - - /health/ping_readiness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} + - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }} {{- else if .Values.master.customReadinessProbe }} readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }} {{- end }} @@ -303,7 +304,7 @@ spec: livenessProbe: initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ add1 .Values.sentinel.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} exec: @@ -318,14 +319,14 @@ spec: readinessProbe: initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ add1 .Values.sentinel.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} exec: command: - sh - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }} {{- else if .Values.sentinel.customReadinessProbe }} readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }} {{- end }} diff --git a/bitnami/redis/templates/redis-slave-statefulset.yaml b/bitnami/redis/templates/redis-slave-statefulset.yaml index 49bac9c72dc5b4..d1eff139ea6854 100755 --- a/bitnami/redis/templates/redis-slave-statefulset.yaml +++ b/bitnami/redis/templates/redis-slave-statefulset.yaml @@ -191,7 +191,7 @@ spec: livenessProbe: initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ add1 .Values.slave.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.slave.livenessProbe.successThreshold }} failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}} exec: @@ -210,7 +210,7 @@ spec: readinessProbe: initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ add1 .Values.slave.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.slave.readinessProbe.successThreshold }} failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }} exec: @@ -218,9 +218,9 @@ spec: - sh - -c {{- if .Values.sentinel.enabled }} - - /health/ping_readiness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }} + - /health/ping_readiness_local.sh {{ .Values.slave.readinessProbe.timeoutSeconds }} {{- else }} - - /health/ping_readiness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }} + - /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }} {{- end }} {{- else if .Values.slave.customReadinessProbe }} readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }} @@ -331,7 +331,7 @@ spec: livenessProbe: initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ add1 .Values.sentinel.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} exec: @@ -346,14 +346,14 @@ spec: readinessProbe: initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ add1 .Values.sentinel.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} exec: command: - sh - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }} {{- else if .Values.sentinel.customReadinessProbe }} readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }} {{- end }} From dc99958920ee9a276537f61743ecd204fbdd7b51 Mon Sep 17 00:00:00 2001 From: Alexander Kabakaev Date: Sun, 30 Aug 2020 20:37:02 +0200 Subject: [PATCH 2/2] redis: make shareProcessNamespace configurable Signed-off-by: Alexander Kabakaev --- bitnami/redis/Chart.yaml | 2 +- bitnami/redis/README.md | 2 ++ .../redis/templates/redis-master-statefulset.yaml | 3 +++ .../redis/templates/redis-slave-statefulset.yaml | 3 +++ bitnami/redis/values-production.yaml | 14 ++++++++++++++ bitnami/redis/values.yaml | 14 ++++++++++++++ 6 files changed, 37 insertions(+), 1 deletion(-) diff --git a/bitnami/redis/Chart.yaml b/bitnami/redis/Chart.yaml index 79250c865b25c9..aad92a3973e324 100644 --- a/bitnami/redis/Chart.yaml +++ b/bitnami/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.7.17 +version: 10.8.0 appVersion: 6.0.6 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/bitnami/redis/README.md b/bitnami/redis/README.md index fc68da11507227..fdcf0aebe5011d 100644 --- a/bitnami/redis/README.md +++ b/bitnami/redis/README.md @@ -175,6 +175,7 @@ The following table lists the configurable parameters of the Redis chart and the | `master.readinessProbe.timeoutSeconds` | When the probe times out (redis master pod) | `1` | | `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1` | | `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` | +| `master.shareProcessNamespace` | Redis Master pod `shareProcessNamespace` option. Enables /pause reap zombie PIDs. | `false` | | `master.priorityClassName` | Redis Master pod priorityClassName | {} | | `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | @@ -205,6 +206,7 @@ The following table lists the configurable parameters of the Redis chart and the | `slave.readinessProbe.timeoutSeconds` | When the probe times out (redis slave pod) | `1` | | `slave.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod) | `1` | | `slave.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. (redis slave pod) | `5` | +| `slave.shareProcessNamespace` | Redis slave pod `shareProcessNamespace` option. Enables /pause reap zombie PIDs. | `false` | | `slave.persistence.enabled` | Use a PVC to persist data (slave node) | `true` | | `slave.persistence.path` | Path to mount the volume at, to use other images | `/data` | | `slave.persistence.subPath` | Subdirectory of the volume to mount at | `""` | diff --git a/bitnami/redis/templates/redis-master-statefulset.yaml b/bitnami/redis/templates/redis-master-statefulset.yaml index 39329e5dba3cad..044d00e2630253 100755 --- a/bitnami/redis/templates/redis-master-statefulset.yaml +++ b/bitnami/redis/templates/redis-master-statefulset.yaml @@ -60,6 +60,9 @@ spec: {{- if .Values.master.tolerations }} tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }} {{- end }} + {{- if .Values.master.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.master.shareProcessNamespace }} + {{- end }} {{- if .Values.master.schedulerName }} schedulerName: {{ .Values.master.schedulerName }} {{- end }} diff --git a/bitnami/redis/templates/redis-slave-statefulset.yaml b/bitnami/redis/templates/redis-slave-statefulset.yaml index d1eff139ea6854..018564d0148fd4 100755 --- a/bitnami/redis/templates/redis-slave-statefulset.yaml +++ b/bitnami/redis/templates/redis-slave-statefulset.yaml @@ -62,6 +62,9 @@ spec: {{- if .Values.slave.tolerations }} tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }} {{- end }} + {{- if .Values.slave.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.slave.shareProcessNamespace }} + {{- end }} {{- if .Values.slave.schedulerName }} schedulerName: {{ .Values.slave.schedulerName }} {{- end }} diff --git a/bitnami/redis/values-production.yaml b/bitnami/redis/values-production.yaml index f93248cee4cb2d..59e6a68fa92b8d 100644 --- a/bitnami/redis/values-production.yaml +++ b/bitnami/redis/values-production.yaml @@ -291,6 +291,13 @@ master: ## # schedulerName: + # Enable shared process namespace in a pod. + # If set to false (default), each container will run in separate namespace, redis will have PID=1. + # If set to true, the /pause will run as init process and will reap any zombie PIDs, + # for example, generated by a custom exec probe running longer than a probe timeoutSeconds. + # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. + # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + shareProcessNamespace: false ## Configure extra options for Redis Master liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @@ -454,6 +461,13 @@ slave: # whenUnsatisfiable: DoNotSchedule spreadConstraints: {} + # Enable shared process namespace in a pod. + # If set to false (default), each container will run in separate namespace, redis will have PID=1. + # If set to true, the /pause will run as init process and will reap any zombie PIDs, + # for example, generated by a custom exec probe running longer than a probe timeoutSeconds. + # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. + # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + shareProcessNamespace: false ## Configure extra options for Redis Slave liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## diff --git a/bitnami/redis/values.yaml b/bitnami/redis/values.yaml index a59f8cd565c04f..72130c9d41b1e9 100644 --- a/bitnami/redis/values.yaml +++ b/bitnami/redis/values.yaml @@ -291,6 +291,13 @@ master: ## # schedulerName: + # Enable shared process namespace in a pod. + # If set to false (default), each container will run in separate namespace, redis will have PID=1. + # If set to true, the /pause will run as init process and will reap any zombie PIDs, + # for example, generated by a custom exec probe running longer than a probe timeoutSeconds. + # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. + # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + shareProcessNamespace: false ## Configure extra options for Redis Master liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @@ -454,6 +461,13 @@ slave: # whenUnsatisfiable: DoNotSchedule spreadConstraints: {} + # Enable shared process namespace in a pod. + # If set to false (default), each container will run in separate namespace, redis will have PID=1. + # If set to true, the /pause will run as init process and will reap any zombie PIDs, + # for example, generated by a custom exec probe running longer than a probe timeoutSeconds. + # Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. + # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + shareProcessNamespace: false ## Configure extra options for Redis Slave liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ##