openstack/openstack-helm-infra
Code Issues Proposed changes

[etcd] Add cronjob with database compaction

Browse Source 
etcd database need to be periodically compacted and defrag
This patch adds jobs to perform required maintenance actions
automatically.

Co-Authored-By: Oleh Hryhorov <ohryhorov@mirantis.com>

Change-Id: I31b48bb198f7322c343c7d0171322759893e374f
This commit is contained in:
Vasyl Saienko 2024-09-14 10:32:53 +00:00
parent 36288fa552
commit 5b04ac3aae
6 changed files with 163 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etcd/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v3.4.3 appVersion: v3.4.3
description: OpenStack-Helm etcd description: OpenStack-Helm etcd
name: etcd name: etcd
version: 0.1.8 version: 0.1.9
home: https://coreos.com/etcd/ home: https://coreos.com/etcd/
icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png
sources: sources:

47
etcd/templates/bin/_etcd-db-compact.sh.tpl Normal file
View File

@ -0,0 +1,47 @@
#!/bin/sh
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -x
export ETCDCTL_API=3
{{- if .Values.jobs.db_compact.command_timeout }}
COMMAND_TIMEOUT='--command-timeout={{ .Values.jobs.db_compact.command_timeout }}'
{{- else }}
COMMAND_TIMEOUT=''
{{- end }}
ENDPOINTS=$(etcdctl member list --endpoints=http://${ETCD_SERVICE_HOST}:${ETCD_SERVICE_PORT} ${COMMAND_TIMEOUT}| cut -d, -f5 | sed -e 's/ //g' | paste -sd ',')
etcdctl --endpoints=${ENDPOINTS} endpoint status --write-out="table" ${COMMAND_TIMEOUT}
rev=$(etcdctl --endpoints=http://${ETCD_SERVICE_HOST}:${ETCD_SERVICE_PORT} endpoint status --write-out="json" ${COMMAND_TIMEOUT}| egrep -o '"revision":[0-9]*' | egrep -o '[0-9].*')
compact_result=$(etcdctl compact --physical=true --endpoints=${ENDPOINTS} $rev ${COMMAND_TIMEOUT} 2>&1 > /dev/null)
compact_res=$?
if [[ $compact_res -ne 0 ]]; then
match_pattern=$(echo ${compact_result} | egrep '(mvcc: required revision has been compacted.*$)')
match_pattern_res=$?
if [[ $match_pattern_res -eq 0 ]]; then
exit 0
else
echo "Failed to compact database: $compact_result"
exit $compact_res
fi
else
etcdctl defrag --endpoints=${ENDPOINTS} ${COMMAND_TIMEOUT}
etcdctl --endpoints=${ENDPOINTS} endpoint status --write-out="table" ${COMMAND_TIMEOUT}
fi

4
etcd/templates/configmap-bin.yaml
View File

@ -27,6 +27,10 @@ data:
{{- end }} {{- end }}
etcd.sh: | etcd.sh: |
{{ tuple "bin/_etcd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_etcd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- if .Values.manifests.cron_job_db_compact }}
etcd-db-compact.sh: |
{{ tuple "bin/_etcd-db-compact.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
etcd-healthcheck.sh: | etcd-healthcheck.sh: |
{{ tuple "bin/_etcd-healthcheck.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_etcd-healthcheck.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}

75
etcd/templates/cron-job-db-compact.yaml Normal file
View File

@ -0,0 +1,75 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.cron_job_db_compact }}
{{- $envAll := . }}
{{- $configMapBinName := printf "%s-%s" $envAll.Release.Name "etcd-bin" }}
{{- $serviceAccountName := "etcd-db-compact" }}
{{ tuple $envAll "db_compact" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: etcd-db-compaction
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
schedule: {{ .Values.jobs.db_compact.cron | quote }}
successfulJobsHistoryLimit: {{ .Values.jobs.db_compact.history.success }}
failedJobsHistoryLimit: {{ .Values.jobs.db_compact.history.failed }}
{{- if .Values.jobs.db_compact.starting_deadline }}
startingDeadlineSeconds: {{ .Values.jobs.db_compact.starting_deadline }}
{{- end }}
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels:
{{ tuple $envAll "etcd" "db-compact" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
template:
metadata:
labels:
{{ tuple $envAll "etcd" "db-compact" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
spec:
{{ dict "envAll" $envAll "application" "etcd_db_compact" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll "db_compact" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
containers:
- name: etcd-db-compact
{{ tuple $envAll "etcd_db_compact" | include "helm-toolkit.snippets.image" | indent 14 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_compact | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{ dict "envAll" $envAll "application" "etcd_db_compact" "container" "etcd_db_compact" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
command:
- /tmp/etcd-db-compact.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: etcd-bin
mountPath: /tmp/etcd-db-compact.sh
subPath: etcd-db-compact.sh
readOnly: true
volumes:
- name: pod-tmp
emptyDir: {}
- name: etcd-bin
configMap:
name: {{ $configMapBinName | quote }}
defaultMode: 0555
{{- end }}

35
etcd/values.yaml
View File

@ -21,6 +21,7 @@ images:
etcd: 'registry.k8s.io/etcd-amd64:3.4.3' etcd: 'registry.k8s.io/etcd-amd64:3.4.3'
dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
image_repo_sync: docker.io/library/docker:17.07.0 image_repo_sync: docker.io/library/docker:17.07.0
etcd_db_compact: 'registry.k8s.io/etcd-amd64:3.4.3'
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
local_registry: local_registry:
active: false active: false
@ -32,6 +33,9 @@ labels:
server: server:
node_selector_key: openstack-control-plane node_selector_key: openstack-control-plane
node_selector_value: enabled node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
dependencies: dependencies:
dynamic: dynamic:
@ -49,6 +53,10 @@ dependencies:
service: local_image_registry service: local_image_registry
etcd: etcd:
jobs: null jobs: null
db_compact:
services:
- endpoint: internal
service: etcd
pod: pod:
env: env:
@ -63,6 +71,17 @@ pod:
etcd: etcd:
runAsUser: 0 runAsUser: 0
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
etcd_db_compact:
pod:
runAsUser: 65534
runAsNonRoot: true
allowPrivilegeEscalation: false
container:
etcd_db_compact:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
mandatory_access_control: mandatory_access_control:
type: apparmor type: apparmor
etcd: etcd:
@ -110,6 +129,10 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
db_compact:
requests:
memory: "128Mi"
cpu: "100m"
secrets: secrets:
oci_image_registry: oci_image_registry:
@ -177,6 +200,17 @@ volume:
class_name: general class_name: general
size: 5Gi size: 5Gi
jobs:
db_compact:
cron: "1 */2 * * *"
starting_deadline: 600
# Timeout have to be set the same format
# as it is for etcdctl 120s, 1m etc.
command_timeout: 120s
history:
success: 3
failed: 1
manifests: manifests:
configmap_bin: true configmap_bin: true
statefulset: true statefulset: true
@ -184,4 +218,5 @@ manifests:
secret_registry: true secret_registry: true
service: true service: true
service_discovery: true service_discovery: true
cron_job_db_compact: false
... ...

1
releasenotes/notes/etcd.yaml
View File

@ -9,4 +9,5 @@ etcd:
- 0.1.6 Update kubernetes registry to registry.k8s.io - 0.1.6 Update kubernetes registry to registry.k8s.io
- 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default - 0.1.7 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
- 0.1.8 Switch etcd to staetefulset - 0.1.8 Switch etcd to staetefulset
- 0.1.9 Adding cronjob with etcd compaction
... ...