From 8344d5eb3b384fbe83f5cd619ece7a5262caf7a6 Mon Sep 17 00:00:00 2001 From: Kingdon Barrett Date: Sat, 25 Aug 2018 13:36:01 -0400 Subject: [PATCH 1/4] feat(controller): permit setting GUNICORN_WORKERS and CONN_MAX_AGE from global values.yaml --- charts/controller/templates/controller-deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/controller/templates/controller-deployment.yaml b/charts/controller/templates/controller-deployment.yaml index b9a5a688d..83368e461 100644 --- a/charts/controller/templates/controller-deployment.yaml +++ b/charts/controller/templates/controller-deployment.yaml @@ -73,6 +73,10 @@ spec: value: "{{ .Values.global.registry_location }}" - name: "DEIS_REGISTRY_SECRET_PREFIX" value: "{{ .Values.global.secret_prefix }}" + - name: "GUNICORN_WORKERS" + value: "{{ .Values.global.gunicorn_workers }}" + - name: "CONN_MAX_AGE" + value: "{{ .Values.global.conn_max_age }}" - name: "SLUGRUNNER_IMAGE_NAME" valueFrom: configMapKeyRef: From 11c9e66d5b1294b8e7390236ff3ae4e6f5f3be7a Mon Sep 17 00:00:00 2001 From: Kingdon Barrett Date: Sat, 25 Aug 2018 14:09:32 -0400 Subject: [PATCH 2/4] feat(controller): set CONN_MAX_AGE from env var --- rootfs/api/settings/production.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rootfs/api/settings/production.py b/rootfs/api/settings/production.py index fd745752e..00a62e45b 100644 --- a/rootfs/api/settings/production.py +++ b/rootfs/api/settings/production.py @@ -27,8 +27,6 @@ 'security.W008' ] -CONN_MAX_AGE = 60 * 3 - # SECURITY: change this to allowed fqdn's to prevent host poisioning attacks # https://docs.djangoproject.com/en/1.11/ref/settings/#allowed-hosts ALLOWED_HOSTS = ['*'] @@ -368,7 +366,7 @@ 'HOST': os.environ.get('DEIS_DATABASE_SERVICE_HOST', ''), 'PORT': os.environ.get('DEIS_DATABASE_SERVICE_PORT', 5432), # https://docs.djangoproject.com/en/1.11/ref/databases/#persistent-connections - 'CONN_MAX_AGE': 600, + 'CONN_MAX_AGE': os.environ.get('CONN_MAX_AGE', 600), } } From a16db5e1189d204711a5b1a234ea963e395a5cd3 Mon Sep 17 00:00:00 2001 From: Kingdon Barrett Date: Tue, 4 Sep 2018 20:34:26 -0400 Subject: [PATCH 3/4] feat(controller): document added chart values The controller values.yaml should mention all of the settings that can affect the controller in values.yaml too. --- charts/controller/values.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/charts/controller/values.yaml b/charts/controller/values.yaml index 692793ac7..595be7e1a 100644 --- a/charts/controller/values.yaml +++ b/charts/controller/values.yaml @@ -49,6 +49,21 @@ global: host_port: 5555 # Prefix for the imagepull secret created when using private registry secret_prefix: "private-registry" + # Clusters with large nodes (24 CPU+) may need to lower or tune the number of GUNICORN_WORKERS. + # + # Default value is based on your number of CPUs: + # - (os.cpu_count() or 4) * 4 + 1 + # This setting probably should not be higher than max_connections which defaults to 100 + # gunicorn_workers: 13 + # If there are enough gunicorn workers to use up max_connections, you may also want to reduce CONN_MAX_AGE + # so health checks time out their connection faster and don't use all available connections + # + # Valid values are a number of seconds, or 0 to disable persistent connections. + # Setting the value to "None" will ensure that connections are never timed out. + # - 0 + # - 600 + # - "None" + # conn_max_age: 600 # Experimental feature to toggle using kubernetes ingress instead of the Deis router. # # Valid values are: From 4f93b5d98aab3b083769fc16277ae53be8806e4a Mon Sep 17 00:00:00 2001 From: Kingdon Barrett Date: Tue, 30 Oct 2018 21:53:57 -0400 Subject: [PATCH 4/4] noop (rerun the tests) --- charts/controller/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/controller/values.yaml b/charts/controller/values.yaml index 595be7e1a..3701bac2a 100644 --- a/charts/controller/values.yaml +++ b/charts/controller/values.yaml @@ -60,7 +60,7 @@ global: # # Valid values are a number of seconds, or 0 to disable persistent connections. # Setting the value to "None" will ensure that connections are never timed out. - # - 0 + # - 0 # - 600 # - "None" # conn_max_age: 600