From dc1af5a9c5da528201a6cff4ca57ec5d4bb02d9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Necatican=20Y=C4=B1ld=C4=B1r=C4=B1m?= Date: Mon, 23 May 2022 19:36:03 +0300 Subject: [PATCH] [etcd] Add support for setting the request size limit (#8849) * [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes` Signed-off-by: necatican * [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES Signed-off-by: necatican --- inventory/sample/group_vars/etcd.yml | 7 +++++++ roles/etcd/defaults/main.yml | 8 ++++++++ roles/etcd/templates/etcd-events.env.j2 | 3 +++ roles/etcd/templates/etcd.env.j2 | 3 +++ roles/kubernetes/control-plane/defaults/main/etcd.yml | 1 + .../templates/kubeadm-config.v1beta2.yaml.j2 | 4 +++- 6 files changed, 25 insertions(+), 1 deletion(-) diff --git a/inventory/sample/group_vars/etcd.yml b/inventory/sample/group_vars/etcd.yml index cc09942fc..f07c7209c 100644 --- a/inventory/sample/group_vars/etcd.yml +++ b/inventory/sample/group_vars/etcd.yml @@ -7,13 +7,20 @@ ## Etcd is restricted by default to 512M on systems under 4GB RAM, 512MB is not enough for much more than testing. ## Set this if your etcd nodes have less than 4GB but you want more RAM for etcd. Set to 0 for unrestricted RAM. +## This value is only relevant when deploying etcd with `etcd_deployment_type: docker` # etcd_memory_limit: "512M" ## Etcd has a default of 2G for its space quota. If you put a value in etcd_memory_limit which is less than ## etcd_quota_backend_bytes, you may encounter out of memory terminations of the etcd cluster. Please check ## etcd documentation for more information. +# 8G is a suggested maximum size for normal environments and etcd warns at startup if the configured value exceeds it. # etcd_quota_backend_bytes: "2147483648" +# Maximum client request size in bytes the server will accept. +# etcd is designed to handle small key value pairs typical for metadata. +# Larger requests will work, but may increase the latency of other requests +# etcd_max_request_bytes: "1572864" + ### ETCD: disable peer client cert authentication. # This affects ETCD_PEER_CLIENT_CERT_AUTH variable # etcd_peer_client_auth: true diff --git a/roles/etcd/defaults/main.yml b/roles/etcd/defaults/main.yml index 2edb874b4..32971bc71 100644 --- a/roles/etcd/defaults/main.yml +++ b/roles/etcd/defaults/main.yml @@ -46,10 +46,18 @@ etcd_extra_vars: {} # Limits # Limit memory only if <4GB memory on host. 0=unlimited +# This value is only relevant when deploying etcd with `etcd_deployment_type: docker` etcd_memory_limit: "{% if ansible_memtotal_mb < 4096 %}512M{% else %}0{% endif %}" +# The default storage size limit is 2G. +# 8G is a suggested maximum size for normal environments and etcd warns at startup if the configured value exceeds it. # etcd_quota_backend_bytes: "2147483648" +# Maximum client request size in bytes the server will accept. +# etcd is designed to handle small key value pairs typical for metadata. +# Larger requests will work, but may increase the latency of other requests +# etcd_max_request_bytes: "1572864" + # Uncomment to set CPU share for etcd # etcd_cpu_limit: 300m diff --git a/roles/etcd/templates/etcd-events.env.j2 b/roles/etcd/templates/etcd-events.env.j2 index 4be85c7b6..bcb0cc748 100644 --- a/roles/etcd/templates/etcd-events.env.j2 +++ b/roles/etcd/templates/etcd-events.env.j2 @@ -19,6 +19,9 @@ ETCD_SNAPSHOT_COUNT={{ etcd_snapshot_count }} {% if etcd_quota_backend_bytes is defined %} ETCD_QUOTA_BACKEND_BYTES={{ etcd_quota_backend_bytes }} {% endif %} +{% if etcd_max_request_bytes is defined %} +ETCD_MAX_REQUEST_BYTES={{ etcd_max_request_bytes }} +{% endif %} # TLS settings ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem diff --git a/roles/etcd/templates/etcd.env.j2 b/roles/etcd/templates/etcd.env.j2 index 145fd6288..8b1b699fc 100644 --- a/roles/etcd/templates/etcd.env.j2 +++ b/roles/etcd/templates/etcd.env.j2 @@ -23,6 +23,9 @@ ETCD_SNAPSHOT_COUNT={{ etcd_snapshot_count }} {% if etcd_quota_backend_bytes is defined %} ETCD_QUOTA_BACKEND_BYTES={{ etcd_quota_backend_bytes }} {% endif %} +{% if etcd_max_request_bytes is defined %} +ETCD_MAX_REQUEST_BYTES={{ etcd_max_request_bytes }} +{% endif %} {% if etcd_log_package_levels is defined %} ETCD_LOG_PACKAGE_LEVELS={{ etcd_log_package_levels }} {% endif %} diff --git a/roles/kubernetes/control-plane/defaults/main/etcd.yml b/roles/kubernetes/control-plane/defaults/main/etcd.yml index 13983afef..60e934bc2 100644 --- a/roles/kubernetes/control-plane/defaults/main/etcd.yml +++ b/roles/kubernetes/control-plane/defaults/main/etcd.yml @@ -23,5 +23,6 @@ etcd_metrics: "basic" etcd_extra_vars: {} # etcd_quota_backend_bytes: "2147483648" +# etcd_max_request_bytes: "1572864" etcd_compaction_retention: "8" diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 index 9b2e47398..ba1c5be39 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 @@ -58,6 +58,9 @@ etcd: {% if etcd_quota_backend_bytes is defined %} quota-backend-bytes: "{{ etcd_quota_backend_bytes }}" {% endif %} +{% if etcd_max_request_bytes is defined %} + max-request-bytes: "{{ etcd_max_request_bytes }}" +{% endif %} {% if etcd_log_package_levels is defined %} log-package-levels: "{{ etcd_log_package_levels }}" {% endif %} @@ -450,4 +453,3 @@ featureGates: {{ feature|replace("=", ": ") }} {% endfor %} {% endif %} -