From 884b1d6bffdae5b287aab0a3056cdd26aeded35a Mon Sep 17 00:00:00 2001 From: kumas39 Date: Thu, 17 Oct 2024 14:09:22 +0530 Subject: [PATCH 1/7] US-622676 - helm chart changes for tcp keep alive probe --- charts/pega/templates/_pega-deployment.tpl | 5 ++ .../test/pega/pega-tier-deployment_test.go | 52 +++++++++++++++---- 2 files changed, 46 insertions(+), 11 deletions(-) diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl index 6bff86872..f7fe2e9f5 100644 --- a/charts/pega/templates/_pega-deployment.tpl +++ b/charts/pega/templates/_pega-deployment.tpl @@ -117,6 +117,11 @@ spec: runAsUser: 9001 fsGroup: 0 {{- end }} +{{- if (.node.tcpKeepAliveProbe) }} + sysctls: + - name: "net.ipv4.tcp_keepalive_time" + value: "{{ .node.tcpKeepAliveProbe }}" +{{- end }} {{- if .node.securityContext }} {{ toYaml .node.securityContext | indent 8 }} {{- end }} diff --git a/terratest/src/test/pega/pega-tier-deployment_test.go b/terratest/src/test/pega/pega-tier-deployment_test.go index b45eeefbc..a196fc532 100644 --- a/terratest/src/test/pega/pega-tier-deployment_test.go +++ b/terratest/src/test/pega/pega-tier-deployment_test.go @@ -75,16 +75,16 @@ func TestPegaTierDeploymentWithPodAffinity(t *testing.T) { for _, vendor := range supportedVendors { var options = &helm.Options{ SetValues: map[string]string{ - "global.provider": vendor, - "global.actions.execute": "deploy", - "global.deployment.name": "pega", - "installer.upgrade.upgradeType": "zero-downtime", - "global.tier[0].name": "web", - "global.tier[1].name": "batch", - "global.tier[2].name": "stream", - affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].key": "kubernetes.io/os", - affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].operator": "In", - affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].values[0]": "linux", + "global.provider": vendor, + "global.actions.execute": "deploy", + "global.deployment.name": "pega", + "installer.upgrade.upgradeType": "zero-downtime", + "global.tier[0].name": "web", + "global.tier[1].name": "batch", + "global.tier[2].name": "stream", + affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].key": "kubernetes.io/os", + affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].operator": "In", + affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].values[0]": "linux", }, } @@ -102,7 +102,37 @@ func TestPegaTierDeploymentWithPodAffinity(t *testing.T) { UnmarshalK8SYaml(t, yamlSplit[3], &depObjStream) deploymentAffinityStream := depObjStream.Spec.Template.Spec.Affinity require.Empty(t, deploymentAffinityStream) - } + } +} + +func TestPegaTierDeploymentWithTCPProbe(t *testing.T) { + + var supportedVendors = []string{"k8s", "eks", "gke", "aks", "pks"} + helmChartPath, err := filepath.Abs(PegaHelmChartPath) + require.NoError(t, err) + + var depObj appsv1.Deployment + + for _, vendor := range supportedVendors { + var options = &helm.Options{ + SetValues: map[string]string{ + "global.provider": vendor, + "global.actions.execute": "deploy", + "global.deployment.name": "pega", + "global.tier[0].name": "web", + "global.tier[0].tcpKeepAliveProbe": "10", + }, + } + + yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-tier-deployment.yaml"}) + yamlSplit := strings.Split(yamlContent, "---") + + UnmarshalK8SYaml(t, yamlSplit[1], &depObj) + require.Equal(t, "net.ipv4.tcp_keepalive_time", *&depObj.Spec.Template.Spec.SecurityContext.Sysctls[0].Name) + require.Equal(t, "10", *&depObj.Spec.Template.Spec.SecurityContext.Sysctls[0].Value) + + } + } func TestPegaTierDeploymentWithFSGroup(t *testing.T) { From df2f6fc1cd6def991cf606488d8a74c62e3787da Mon Sep 17 00:00:00 2001 From: kumas39 Date: Thu, 17 Oct 2024 14:49:00 +0530 Subject: [PATCH 2/7] US-622676 - updating the documents --- charts/pega/README.md | 14 ++++++++++++++ charts/pega/values.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/charts/pega/README.md b/charts/pega/README.md index 4dc6b5b42..83f692366 100644 --- a/charts/pega/README.md +++ b/charts/pega/README.md @@ -333,6 +333,20 @@ tier: runAsUser: RUN_AS_USER fsGroup: FS_GROUP ``` + +Starting from Kubernetes 1.29 version, kubernetes allows to set `net.ipv4.tcp_keepalive_time` OS kernel setting using standard sysctls command. +Please refer below example and provide the value as per your cloud provider TCP connections timeout settings. + +Example: + +```yaml +tier: + - name: my-tier + securityContext: + sysctls: + - name: net.ipv4.tcp_keepalive_time + value: "300" +``` ### service Specify the `service` yaml block to expose a Pega tier to other Kubernetes run services, or externally to other systems. The name of the service will be based on the tier's name, so if your tier is "web", your service name will be "pega-web". If you omit service, no Kubernetes service object is created for the tier during the deployment. For more information on services, see the [Kubernetes Documentation](https://kubernetes.io/docs/concepts/services-networking/service). diff --git a/charts/pega/values.yaml b/charts/pega/values.yaml index fc9230b50..577bc3fb2 100644 --- a/charts/pega/values.yaml +++ b/charts/pega/values.yaml @@ -257,6 +257,14 @@ global: # runAsUser: 9001 # fsGroup: 0 + # To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds. + # This setting only works for Kubernetes version 1.29 onwards. For more information, see below, + # https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context + # securityContext: + # sysctls: + # - name: net.ipv4.tcp_keepalive_time + # value: "300" + # To specify security settings for a Container, include the securityContext field in the Container manifest # Security settings that you specify for a Container apply only to the pega container, # and they override settings made at the Pod level when there is overlap. Container settings @@ -328,6 +336,14 @@ global: # runAsUser: 9001 # fsGroup: 0 + # To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds. + # This setting only works for Kubernetes version 1.29 onwards. For more information, see below, + # https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context + # securityContext: + # sysctls: + # - name: net.ipv4.tcp_keepalive_time + # value: "300" + # To specify security settings for a Container, include the securityContext field in the Container manifest # Security settings that you specify for a Container apply only to the pega container, # and they override settings made at the Pod level when there is overlap. Container settings @@ -399,6 +415,14 @@ global: # runAsUser: 9001 # fsGroup: 0 + # To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds. + # This setting only works for Kubernetes version 1.29 onwards. For more information, see below, + # https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context + # securityContext: + # sysctls: + # - name: net.ipv4.tcp_keepalive_time + # value: "300" + # To specify security settings for a Container, include the securityContext field in the Container manifest # Security settings that you specify for a Container apply only to the pega container, # and they override settings made at the Pod level when there is overlap. Container settings From efc0a9d331c2d9294462d6e25713414226edfe51 Mon Sep 17 00:00:00 2001 From: kumas39 Date: Thu, 17 Oct 2024 15:56:30 +0530 Subject: [PATCH 3/7] US-622676 - updating the documents --- charts/pega/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/pega/README.md b/charts/pega/README.md index 83f692366..7dd980348 100644 --- a/charts/pega/README.md +++ b/charts/pega/README.md @@ -334,8 +334,8 @@ tier: fsGroup: FS_GROUP ``` -Starting from Kubernetes 1.29 version, kubernetes allows to set `net.ipv4.tcp_keepalive_time` OS kernel setting using standard sysctls command. -Please refer below example and provide the value as per your cloud provider TCP connections timeout settings. +Starting from Kubernetes 1.29 version, kubernetes allows to set OS kernel level setting `net.ipv4.tcp_keepalive_time` using standard sysctls command. +Please refer below example and if needed, provide the value as per your cloud provider TCP connections timeout settings. Example: From 7251a4104534836c7309caa3bbeb4e2a5d27409e Mon Sep 17 00:00:00 2001 From: kumas39 Date: Fri, 18 Oct 2024 08:57:25 +0530 Subject: [PATCH 4/7] US-622676 - updating the readme --- charts/pega/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/pega/README.md b/charts/pega/README.md index 7dd980348..39bb1eaf0 100644 --- a/charts/pega/README.md +++ b/charts/pega/README.md @@ -335,7 +335,7 @@ tier: ``` Starting from Kubernetes 1.29 version, kubernetes allows to set OS kernel level setting `net.ipv4.tcp_keepalive_time` using standard sysctls command. -Please refer below example and if needed, provide the value as per your cloud provider TCP connections timeout settings. +Please refer below example and if needed, provide the value in seconds as per the cloud provider TCP connections timeout settings. Example: From 7d806da4f8fae557f0713f0cb35ef04da43cb49c Mon Sep 17 00:00:00 2001 From: kumas39 Date: Sat, 19 Oct 2024 11:48:37 +0530 Subject: [PATCH 5/7] US-622676 - PR changes --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index a24673ce0..5d84d083e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -28,7 +28,7 @@ node { branchName = "${scmVars.GIT_BRANCH}" packageName = currentBuild.displayName prNumber = "${env.BRANCH_NAME}".split("-")[1] - chartVersion = "${prNumber}.${env.BUILD_NUMBER}" + chartVersion = "3.11.${env.BUILD_NUMBER}" deployConfigsFileName = "deploy-config-${chartVersion}.tgz" installerConfigsFileName = "installer-config-${chartVersion}.tgz" // Perform Chart packaging From 602f55768d0f406e3db82f887c8eb2e96ae0a9b4 Mon Sep 17 00:00:00 2001 From: kumas39 Date: Mon, 21 Oct 2024 14:07:59 +0530 Subject: [PATCH 6/7] US-622676 - Reverting the original change --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 5d84d083e..a24673ce0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -28,7 +28,7 @@ node { branchName = "${scmVars.GIT_BRANCH}" packageName = currentBuild.displayName prNumber = "${env.BRANCH_NAME}".split("-")[1] - chartVersion = "3.11.${env.BUILD_NUMBER}" + chartVersion = "${prNumber}.${env.BUILD_NUMBER}" deployConfigsFileName = "deploy-config-${chartVersion}.tgz" installerConfigsFileName = "installer-config-${chartVersion}.tgz" // Perform Chart packaging From 18ec3514f30a7364c2f797fa67bc00eced662ef1 Mon Sep 17 00:00:00 2001 From: kumas39 Date: Mon, 21 Oct 2024 17:03:06 +0530 Subject: [PATCH 7/7] US-622676 - code review comments --- charts/pega/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/pega/README.md b/charts/pega/README.md index 39bb1eaf0..67c9de7cc 100644 --- a/charts/pega/README.md +++ b/charts/pega/README.md @@ -334,8 +334,8 @@ tier: fsGroup: FS_GROUP ``` -Starting from Kubernetes 1.29 version, kubernetes allows to set OS kernel level setting `net.ipv4.tcp_keepalive_time` using standard sysctls command. -Please refer below example and if needed, provide the value in seconds as per the cloud provider TCP connections timeout settings. +Starting in Kubernetes version 1.29, you can configure the OS Kernel level setting net.ipv4.tcp_keepalive_time using standard sysctls command. +The following code provides an example configuration. If needed, provide the value in seconds as per the cloud provider TCP connections timeout settings. Example: