Skip to content

Commit

Permalink
[bitnami/redis] prevent zombie PIDs in redis health checks (#3559)
Browse files Browse the repository at this point in the history 
* prevent generation of zombie PIDs in exec health probes

Signed-off-by: Alexander Kabakaev <[email protected]>

* redis: make shareProcessNamespace configurable

Signed-off-by: Alexander Kabakaev <[email protected]>
  • Loading branch information
@kabakaev
kabakaev authored Sep 1, 2020
1 parent c912fd0 commit abfeef4
Show file tree
Hide file tree
Showing 6 changed files with 51 additions and 14 deletions.
2 changes: 1 addition & 1 deletion bitnami/redis/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: redis
version: 10.7.17
version: 10.8.0
appVersion: 6.0.6
description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.
keywords:
Expand Down
2 changes: 2 additions & 0 deletions bitnami/redis/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ The following table lists the configurable parameters of the Redis chart and the
| `master.readinessProbe.timeoutSeconds` | When the probe times out (redis master pod) | `1` |
| `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1` |
| `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` |
| `master.shareProcessNamespace` | Redis Master pod `shareProcessNamespace` option. Enables /pause reap zombie PIDs. | `false` |
| `master.priorityClassName` | Redis Master pod priorityClassName | {} |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
Expand Down Expand Up @@ -205,6 +206,7 @@ The following table lists the configurable parameters of the Redis chart and the
| `slave.readinessProbe.timeoutSeconds` | When the probe times out (redis slave pod) | `1` |
| `slave.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod) | `1` |
| `slave.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. (redis slave pod) | `5` |
| `slave.shareProcessNamespace` | Redis slave pod `shareProcessNamespace` option. Enables /pause reap zombie PIDs. | `false` |
| `slave.persistence.enabled` | Use a PVC to persist data (slave node) | `true` |
| `slave.persistence.path` | Path to mount the volume at, to use other images | `/data` |
| `slave.persistence.subPath` | Subdirectory of the volume to mount at | `""` |
Expand Down
16 changes: 10 additions & 6 deletions bitnami/redis/templates/redis-master-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ spec:
{{- if .Values.master.tolerations }}
tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.master.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.master.shareProcessNamespace }}
{{- end }}
{{- if .Values.master.schedulerName }}
schedulerName: {{ .Values.master.schedulerName }}
{{- end }}
Expand Down Expand Up @@ -166,7 +169,8 @@ spec:
livenessProbe:
initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }}
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }}
exec:
Expand All @@ -181,14 +185,14 @@ spec:
readinessProbe:
initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.master.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }}
- /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }}
{{- else if .Values.master.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.master.customReadinessProbe | nindent 12 }}
{{- end }}
Expand Down Expand Up @@ -303,7 +307,7 @@ spec:
livenessProbe:
initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ add1 .Values.sentinel.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
exec:
Expand All @@ -318,14 +322,14 @@ spec:
readinessProbe:
initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ add1 .Values.sentinel.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
- /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
{{- else if .Values.sentinel.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
{{- end }}
Expand Down
17 changes: 10 additions & 7 deletions bitnami/redis/templates/redis-slave-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ spec:
{{- if .Values.slave.tolerations }}
tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.slave.shareProcessNamespace }}
shareProcessNamespace: {{ .Values.slave.shareProcessNamespace }}
{{- end }}
{{- if .Values.slave.schedulerName }}
schedulerName: {{ .Values.slave.schedulerName }}
{{- end }}
Expand Down Expand Up @@ -191,7 +194,7 @@ spec:
livenessProbe:
initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ add1 .Values.slave.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
exec:
Expand All @@ -210,17 +213,17 @@ spec:
readinessProbe:
initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ add1 .Values.slave.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
{{- if .Values.sentinel.enabled }}
- /health/ping_readiness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
- /health/ping_readiness_local.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
{{- else }}
- /health/ping_readiness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
- /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
{{- end }}
{{- else if .Values.slave.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
Expand Down Expand Up @@ -331,7 +334,7 @@ spec:
livenessProbe:
initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ add1 .Values.sentinel.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
exec:
Expand All @@ -346,14 +349,14 @@ spec:
readinessProbe:
initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ add1 .Values.sentinel.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
- /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
{{- else if .Values.sentinel.customReadinessProbe }}
readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
{{- end }}
Expand Down
14 changes: 14 additions & 0 deletions bitnami/redis/values-production.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,13 @@ master:
##
# schedulerName:

# Enable shared process namespace in a pod.
# If set to false (default), each container will run in separate namespace, redis will have PID=1.
# If set to true, the /pause will run as init process and will reap any zombie PIDs,
# for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
# Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
shareProcessNamespace: false
## Configure extra options for Redis Master liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
Expand Down Expand Up @@ -454,6 +461,13 @@ slave:
# whenUnsatisfiable: DoNotSchedule
spreadConstraints: {}

# Enable shared process namespace in a pod.
# If set to false (default), each container will run in separate namespace, redis will have PID=1.
# If set to true, the /pause will run as init process and will reap any zombie PIDs,
# for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
# Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
shareProcessNamespace: false
## Configure extra options for Redis Slave liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
Expand Down
14 changes: 14 additions & 0 deletions bitnami/redis/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,13 @@ master:
##
# schedulerName:

# Enable shared process namespace in a pod.
# If set to false (default), each container will run in separate namespace, redis will have PID=1.
# If set to true, the /pause will run as init process and will reap any zombie PIDs,
# for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
# Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
shareProcessNamespace: false
## Configure extra options for Redis Master liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
Expand Down Expand Up @@ -454,6 +461,13 @@ slave:
# whenUnsatisfiable: DoNotSchedule
spreadConstraints: {}

# Enable shared process namespace in a pod.
# If set to false (default), each container will run in separate namespace, redis will have PID=1.
# If set to true, the /pause will run as init process and will reap any zombie PIDs,
# for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
# Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
shareProcessNamespace: false
## Configure extra options for Redis Slave liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
Expand Down

0 comments on commit abfeef4

Please sign in to comment.