weixin_39707851 2020-11-30 10:44 采纳率: 0%
浏览 0

Support specifying SecurityContext for Pods and enable tcp keepalive for AWS

Signed-off-by: Aylei

What problem does this PR solve?

close #880 close #795

What is changed and how does it work?

A new field podSecurityContext is introduced for TiKV/TiDB/PD's spec which can specify sysctls for Pods. Only the securityContext of TiDB is used now, but users can freely customize these fields as needed. In terraform, enable configuration of net.* sysctls in kubelet args, and set proper defaults for AWS.

Check List

Tests

  • Manual test (add detailed scripts or steps below)

Tested upon AWS NLB with 350s idle timeout:


$ mysql -h <elb-host> -P 4000 -u root
MySQL [(none)]> select sleep(360); select tidb_version();
+------------+
| sleep(360) |
+------------+
|          0 |
+------------+
1 row in set (6 min 0.00 sec)

+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| tidb_version()                                                                                                                                                                                                                                                                                              |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Release Version: v3.0.1
Git Commit Hash: 9e4e8da3c58c65123db5f26409759fe1847529f8
Git Branch: HEAD
UTC Build Time: 2019-07-16 01:03:40
GoVersion: go version go1.12 linux/amd64
Race Enabled: false
TiKV Min Version: 2.1.0-alpha.1-ff3dd160846b7d1aed9079c389fc188f7f5ea13e
Check Table Before Drop: false |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
</elb-host>

Verify the sysctls are properly set:


kubectl -n my-cluster exec -it my-cluster-tidb-1 -c tidb -- sh
/ # sysctl -a | grep keepalive
net.ipv4.tcp_keepalive_intvl = 300
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 300

Code changes

  • Has Helm charts change
  • Has Go code change

Related changes

  • Need to cherry-pick to the release branch
  • Need to update the documentation

Does this PR introduce a user-facing change?:

release-note
Support specifying SecurityContext for PD, TiKV and TiDB Pods and enable tcp keepalive for AWS.

该提问来源于开源项目:pingcap/tidb-operator

  • 写回答

5条回答 默认 最新

  • weixin_39707851 2020-11-30 10:44
    关注

    /run-e2e-in-kind

    评论

报告相同问题?