Merge pull request #69352 from bhardesty/osdocs-8615-rosa-kubeletconfig

bscott-rh · web-flow · commit 87b1df4136b1 · 2024-01-11T14:58:17.000-05:00
OSDOCS-8615: Configuring PID limits
diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml
@@ -543,6 +543,8 @@ Topics:
     File: rosa-nodes-about-autoscaling-nodes
   - Name: Configuring cluster memory to meet container memory and risk requirements
     File: nodes-cluster-resource-configure
+- Name: Configuring PID limits
+  File: rosa-configuring-pid-limits
 ---
 Name: Security and compliance
 Dir: security
diff --git a/modules/risks-setting-higher-process-id-limits.adoc b/modules/risks-setting-higher-process-id-limits.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-configuring-pid-limits.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="risks-setting-higher-process-id-limits_{context}"]
+= Risks of setting higher process ID limits for {product-title} pods
+
+The `podPidsLimit` parameter for a pod controls the maximum number of processes and threads that can run simultaneously in that pod.
+
+You can increase the value for `podPidsLimit` from the default of 4,096 to a maximum of 16,384. Changing this value might incur downtime for applications, because changing the `podPidsLimit` requires rebooting the affected node.
+
+If you are running a large number of pods per node, and you have a high `podPidsLimit` value on your nodes, you risk exceeding the PID maximum for the node.
+
+To find the maximum number of pods that you can run simultaneously on a single node without exceeding the PID maximum for the node, divide 3,650,000 by your `podPidsLimit` value. For example, if your `podPidsLimit` value is 16,384, and you expect the pods to use close to that number of process IDs, you can safely run 222 pods on a single node.
+
+[NOTE]
+====
+Memory, CPU, and available storage can also limit the maximum number of pods that can run simultaneously, even when the `podPidsLimit` value is set appropriately. For more information, see "Planning your environment" and "Limits and scalability".
+====
diff --git a/modules/sd-understanding-process-id-limits.adoc b/modules/sd-understanding-process-id-limits.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-configuring-pid-limits.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="understanding-process-id-limits_{context}"]
+= Understanding process ID limits
+
+In {product-title}, consider these two supported limits for process ID (PID) usage before you schedule work on your cluster:
+
+* Maximum number of PIDs per pod.
++
+The default value is 4,096 in {product-title} 4.11 and later. This value is controlled by the `podPidsLimit` parameter set on the node.
+
+* Maximum number of PIDs per node.
++
+The default value depends on link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html-single/nodes/index#nodes-nodes-resources-configuring[node resources]. In {product-title}, this value is controlled by the link:https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#system-reserved[`--system-reserved`] parameter, which reserves PIDs on each node based on the total resources of the node.
+
+When a pod exceeds the allowed maximum number of PIDs per pod, the pod might stop functioning correctly and might be evicted from the node. See link:https://kubernetes.io/docs/concepts/scheduling-eviction/node-pressure-eviction/#eviction-signals-and-thresholds[the Kubernetes documentation for eviction signals and thresholds] for more information.
+
+When a node exceeds the allowed maximum number of PIDs per node, the node can become unstable because new processes cannot have PIDs assigned. If existing processes cannot complete without creating additional processes, the entire node can become unusable and require reboot. This situation can result in data loss, depending on the processes and applications being run. Customer administrators and Red Hat Site Reliability Engineering are notified when this threshold is reached, and a `Worker node is experiencing PIDPressure` warning will appear in the cluster logs.
diff --git a/modules/setting-higher-pid-limit-on-existing-cluster.adoc b/modules/setting-higher-pid-limit-on-existing-cluster.adoc
@@ -0,0 +1,82 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-configuring-pid-limits.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="setting-higher-pid-limit-on-existing-cluster_{context}"]
+= Setting a higher PID limit on an existing {product-title} cluster
+
+You can set a higher `podPidsLimit` on an existing {product-title} cluster by creating or editing a `KubeletConfig` object that changes the `--pod-pids-limit` parameter.
+
+[IMPORTANT]
+====
+Changing the `podPidsLimit` on an existing cluster will trigger non-control plane nodes in the cluster to reboot one at a time. Make this change outside of peak usage hours for your cluster and avoid upgrading or hibernating your cluster until all nodes have rebooted.
+====
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+* You have logged in to your Red Hat account by using the ROSA CLI.
+
+.Procedure
+
+. Create or edit the `KubeletConfig` object to change the PID limit.
++
+--
+** If this is the first time you are changing the default PID limit, create the `KubeletConfig` object and set the `--pod-pids-limit` value by running the following command: 
++
+[source,terminal]
+----
+$ rosa create kubeletconfig -c <cluster_name> --pod-pids-limit=<value>
+----
++
+For example, the following command sets a maximum of 16,384 PIDs per pod for cluster `my-cluster`:
++
+[source,terminal]
+----
+$ rosa create kubeletconfig -c my-cluster --pod-pids-limit=16384
+----
+
+** If you previously created a `KubeletConfig` object, edit the existing `KubeletConfig` object and set the `--pod-pids-limit` value by running the following command:
++
+[source,terminal]
+----
+$ rosa edit kubeletconfig -c <cluster_name> --pod-pids-limit=<value>
+----
+--
++
+A cluster-wide rolling reboot of worker nodes is triggered.
+
+. Verify that all of the worker nodes rebooted by running the following command:
++
+[source,terminal]
+----
+$ oc get machineconfigpool
+----
++
+.Example output
+[source,terminal]
+----
+NAME      CONFIG                    UPDATED  UPDATING   DEGRADED  MACHINECOUNT  READYMACHINECOUNT  UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT  AGE
+master    rendered-master-06c9c4…   True     False      False     3             3                  3                   0                     4h42m
+worker    rendered-worker-f4b64…    True     False      False     4             4                  4                   0                     4h42m
+----
+
+.Verification
+
+When each node in the cluster has rebooted, you can verify that the new setting is in place.
+
+* Check the Pod Pids limit in the `KubeletConfig` object:
++
+[source,terminal]
+----
+$ rosa describe kubeletconfig --cluster=<cluster_name>
+----
++
+The new PIDs limit appears in the output, as shown in the following example:
++
+.Example output
+[source,terminal]
+----
+Pod Pids Limit:                       16384
+----
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
@@ -22,6 +22,7 @@ include::snippets/pid-limits.adoc[]
 .Additional Resources
 
 * xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-red-hat-operator_rosa-service-definition[Red Hat Operator Support]
+* xref:../../rosa_cluster_admin/rosa-configuring-pid-limits.adoc#rosa-configuring-pid-limits[Configuring PID limits]
 
 include::modules/rosa-sdpolicy-am-aws-compute-types.adoc[leveloffset=+2]
 
diff --git a/rosa_cluster_admin/rosa-configuring-pid-limits.adoc b/rosa_cluster_admin/rosa-configuring-pid-limits.adoc
@@ -0,0 +1,40 @@
+// This assembly covers how to configure cluster-wide PID limits by configuring
+// the kubeletconfig. Eventually, additional cluster-wide parameters should be
+// available for configuration. As additional parameters are added, it might be 
+// better to change this assembly to be "Configuring cluster parameters" or 
+// something similar.
+//
+// Also, this content theoretically applies to OSD as well, but the PID limits
+// can only be configured through the ROSA CLI. When other methods are added for
+// configuring PID limits, this assembly and its modules can be evaluated for 
+// inclusion in the OSD docs.
+
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-configuring-pid-limits"]
+= Configuring PID limits
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-configuring-pid-limits
+
+toc::[]
+
+A process identifier (PID) is a unique identifier assigned by the Linux kernel to each process or thread currently running on a system. The number of processes that can run simultaneously on a system is limited to 4,194,304 by the Linux kernel. This number might also be affected by limited access to other system resources such as memory, CPU, and disk space.
+
+In {product-title} 4.11 and later, by default, a pod can have a maximum of 4,096 PIDs. If your workload requires more than that, you can increase the allowed maximum number of PIDs.
+
+// Understanding process ID limits
+include::modules/sd-understanding-process-id-limits.adoc[leveloffset=+1]
+
+// Risks of setting higher process ID limits
+include::modules/risks-setting-higher-process-id-limits.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
+
+* xref:../rosa_planning/rosa-planning-environment.adoc#rosa-planning-environment[Planning your environment]
+
+* xref:../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]
+
+// Setting a higher pid limit on an existing cluster
+include::modules/setting-higher-pid-limit-on-existing-cluster.adoc[leveloffset=+1]
diff --git a/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc b/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc
@@ -63,3 +63,4 @@ ifdef::openshift-rosa[]
 * xref:../../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-managing-worker-nodes[Managing compute nodes]
 endif::[]
 * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[About autoscaling]
+* xref:../../rosa_cluster_admin/rosa-configuring-pid-limits.adoc#rosa-configuring-pid-limits[Configuring PID limits]
diff --git a/snippets/pid-limits.adoc b/snippets/pid-limits.adoc
@@ -15,9 +15,17 @@
 
 :_mod-docs-content-type: SNIPPET
 
+// The PID limits are only configurable through the ROSA CLI. Once they are configurable through OCM, the conditionalization can be removed.
+
 [IMPORTANT]
 ====
-As of the {product-title} versions 4.8.35, 4.9.26, 4.10.6, the {product-title} default per-pod pid limit is `4096`. If you want to enable this PID limit, you must upgrade your {product-title} clusters to these versions or later. {product-title} clusters with prior versions use a default PID limit of `1024`.
+As of {product-title} 4.11, the default per-pod PID limit is `4096`. If you want to enable this PID limit, you must upgrade your {product-title} clusters to this version or later. {product-title} clusters running on earlier versions use a default PID limit of `1024`.
+
+ifdef::openshift-rosa[]
+You can configure the per-pod PID limit on a {product-title} cluster by using the ROSA CLI. For more information, see "Configuring PID limits".
+endif::openshift-rosa[]
 
+ifdef::openshift-dedicated[]
 You cannot configure the per-pod PID limit on any {product-title} cluster.
-====
+endif::openshift-dedicated[]
+====
