kapp and kube API Server calls limits #627
Comments
revolunet
added
the
carvel triage
renuy
added
helping with an issue
|
Hi @revolunet! I am guessing that the server has a bunch of pending requests and therefore it's refusing the tcp connection. |
|
thanks @praveenrewar ! will try and report with these options |
|
While it reduces the load in the long run it doesnt prevent 403s. Looks like at the start of
|
|
I see. Would you be able to share any such error? If it's happening in the apply stage, then you could also try increasing |
|
mmm thanks. i've tried many combinations without luck. looks like we have something wrong in our cluster. it fails as soon as we launch multiple parrallel kapp deploys; investigating... |
|
Would you be able to share a couple of things which might help us in improving kapp performance (we are already working on a couple of things #599)
|
|
Hi Our cluster is 6x(6cpu + 32Go) I tried with a superior account and got no 403 but still 499 or 500 from the API Server which make kapp stop. We use Rancher and suspect it is our bottleneck here. We'll test directly on the API Server to see if it gets better. It works well with one some logs examples |
I see, but usually if you get a forbidden error leads kapp to stop, I am wondering what caused these mani api calls then?
That is a possibility, because based on the cluster configuration, it should be able to handle these many requests. |
|
Hi @revolunet ! Were you able to find the root cause of the failures? Let me know if you need any help or if you would like to share some information which could be helpful to improve kapp performance. |
|
Hello @praveenrewar, After many tests we've confirmed that it comes from the rancher API; For some reason it throws "connection refused" when under load and we're unable to find the root cause or more logs. The good news is kapp works flawlessly when talking directly to the kube API server ! I think this issue can be closed |
|
Thank you for the update @revolunet. Closing the issue for now, but feel free to re open it if you find something we can improve on. |
|
Maybe kapp could have a better retry mechanism on API errors so it could also work with flaky clusters. Thanks for your support ! |
github-actions
bot
added
the
carvel triage
|
We do have a set of retry-able errors, but currently retrying doesn't happen in the waiting stage. We are tracking that over here. Hopefully we will find a suitable solution to it soon. |
Hello,
I'm benchmarking some
kapp deploycommands on a big manifest file with 6 containers and some wait-rules, without kapp-controller, and i'm facing 403 errors from the APIServer if i do multiple concurrentkapp deploy. Looks like these 403 make kapp stop with :I've done various tests and set
kapp-api-qpsto 10 andkapp-api-burstto 10 and have no more ideas so i'd like to share this with you, maybe you'll have some 😉Looks like most of 403 are related to cluster-wide API calls (namespaces, pods...)
Have anyone experiences this kind of behaviour ? we're using AKS with Rancher.
Some numbers for a multiple deploy (3) with the below manifests (stripped) :
In this graph you can see APIServer responses to
kapp:Samples errors :
Sample manifests :
The text was updated successfully, but these errors were encountered: