Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OOM integration test #984

Merged
merged 8 commits into from
Dec 10, 2024
Merged

Add OOM integration test #984

merged 8 commits into from
Dec 10, 2024

Conversation

benashz
Copy link
Collaborator

@benashz benashz commented Dec 10, 2024
edited
Loading

Adds dedicated integration tests to ensure that manager is not OOM killed when the total K8s Secret data exceeds the container's memory limits.

To run:

make docker-build integration-test-oom

@benashz
Use the mutex pool provided by k8s keymutex
882e24f 
The previous client cache locking scheme was not thread safe, and
allocated more locks than are typically needed. This change replaces
that approach by using the KeyMutex provided by the k8s utils package.
Locks are now a pooled resource.

Other fixes
- update invalid Bitnami Helm chart repo for postgres. We should phasing
  out its use.
- Bump TF Helm to latest version
@benashz
demo: update the postgres chart URL
40b5ec3
@benashz
lint bats tests
209d8a3
@benashz
Core: reduce memory footprint
c17c40e 
Previously, VSO was caching and registering full object watchers on K8s Secrets. While watching K8s Secrets is necessary for automated remediation in the case where a destination secret is deleted from the cluster, doing so can result in OOM conditions for the operator, since each Secret's data contributes to the operator's total memory.

This change does the following:
- disables the caching K8s Secrets in the manager's client.
- only watches for Secret metadata changes.
@benashz
Document why we are using WatchesMetadata() for Secrets
9f2f611
@benashz benashz requested a review from a team as a code owner December 10, 2024 21:06
@benashz benashz force-pushed the VAULT-32632/add-oom-integration-tests branch from 6c7ab63 to 6a29244 Compare December 10, 2024 21:21
@benashz benashz added this to the v0.9.1 milestone Dec 10, 2024
@benashz benashz requested a review from tvoran December 10, 2024 21:26
@benashz benashz mentioned this pull request Dec 10, 2024
Merged
1 task
@benashz
Bump vault versions - only test community latest
900d168 
Ensure that we are always testing against the previous enterprise
releases. Community lags behind those release, so we only test against
enterprise on the N-1, and N-2 versions.
Base automatically changed from VAULT-32632/fix-secrets-memory-usage to main December 10, 2024 22:44
@benashz benashz enabled auto-merge (squash) December 10, 2024 22:48
@benashz benashz merged commit 0773bd0 into main Dec 10, 2024
49 checks passed
@benashz benashz deleted the VAULT-32632/add-oom-integration-tests branch December 10, 2024 23:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.9.1
Development

Successfully merging this pull request may close these issues.
2 participants
@benashz @tvoran