Bug 1780755 - OLM pods have no resource limits set
Summary: OLM pods have no resource limits set
Keywords:
Status: CLOSED DUPLICATE of bug 1760608
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.4.0
Assignee: Evan Cordell
QA Contact: Salvatore Colangelo
URL:
Whiteboard:
Depends On: 1760608
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-06 19:48 UTC by Jeff Peeler
Modified: 2020-01-08 16:04 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1760608
Environment:
Last Closed: 2020-01-08 07:12:26 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github operator-framework operator-lifecycle-manager pull 1179 0 'None' closed [release-4.3] Bug 1780755: add resource limits to all OLM pods 2021-02-09 15:49:54 UTC

Comment 2 Salvatore Colangelo 2019-12-24 16:59:29 UTC
Hi ,

 no limit show in pods: as told in https://github.com/operator-framework/operator-lifecycle-manager/pull/1179

NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.3.0-0.nightly-2019-12-22-223447   True        False         33h 


[scolange@scolange ~]$ oc get pods
NAME                                READY   STATUS    RESTARTS   AGE
catalog-operator-84cbfc6fdb-24mc5   1/1     Running   0          34h
olm-operator-86cf7856d4-pqzmp       1/1     Running   0          34h
packageserver-bdf7d9484-k2pq6       1/1     Running   0          15h
packageserver-bdf7d9484-zzhgd       1/1     Running   0          15h
[scolange@scolange ~]$ oc get pod catalog-operator-84cbfc6fdb-24mc5 -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/networks-status: |-
      [{
          "name": "ovn-kubernetes",
          "interface": "eth0",
          "ips": [
              "10.128.0.15"
          ],
          "mac": "ee:ef:02:80:00:10",
          "dns": {}
      }]
    ovn: '{"ip_address":"10.128.0.15/23","mac_address":"ee:ef:02:80:00:10","gateway_ip":"10.128.0.1"}'
  creationTimestamp: "2019-12-23T06:52:44Z"
  generateName: catalog-operator-84cbfc6fdb-
  labels:
    app: catalog-operator
    pod-template-hash: 84cbfc6fdb
  name: catalog-operator-84cbfc6fdb-24mc5
  namespace: openshift-operator-lifecycle-manager
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: catalog-operator-84cbfc6fdb
    uid: b91ae1d9-55ca-43e4-8491-1890482ba687
  resourceVersion: "4550"
  selfLink: /api/v1/namespaces/openshift-operator-lifecycle-manager/pods/catalog-operator-84cbfc6fdb-24mc5
  uid: 5a1843dc-5021-4875-bc87-3a824876f41f
spec:
  containers:
  - args:
    - -namespace
    - openshift-marketplace
    - -configmapServerImage=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c4a4086f1272aa15863a7333071110ea289223c766fd5ebd61e8f74119a85282
    - -writeStatusName
    - operator-lifecycle-manager-catalog
    - -tls-cert
    - /var/run/secrets/serving-cert/tls.crt
    - -tls-key
    - /var/run/secrets/serving-cert/tls.key
    command:
    - /bin/catalog
    env:
    - name: RELEASE_VERSION
      value: 4.3.0-0.nightly-2019-12-22-223447
    image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:defd7a2e774b05a66f288958d7ccda3063ca7c725c367e6b58b6b0d6286ab8f4
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 8080
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: catalog-operator
    ports:
    - containerPort: 8080
      protocol: TCP
    - containerPort: 8081
      name: metrics
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 8080
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    resources:
      requests:
        cpu: 10m
        memory: 80Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: FallbackToLogsOnError
    volumeMounts:
    - mountPath: /var/run/secrets/serving-cert
      name: serving-cert
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: olm-operator-serviceaccount-token-t9vxf
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: qe-yinzhou-s-kkwn9-master-2
  nodeSelector:
    beta.kubernetes.io/os: linux
    node-role.kubernetes.io/master: ""
  priority: 2000000000
  priorityClassName: system-cluster-critical
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: olm-operator-serviceaccount
  serviceAccountName: olm-operator-serviceaccount
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
    operator: Exists
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 120
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 120
  - effect: NoSchedule
    key: node.kubernetes.io/memory-pressure
    operator: Exists
  volumes:
  - name: serving-cert
    secret:
      defaultMode: 420
      secretName: catalog-operator-serving-cert
  - name: olm-operator-serviceaccount-token-t9vxf
    secret:
      defaultMode: 420
      secretName: olm-operator-serviceaccount-token-t9vxf
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:53:52Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:55:22Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:55:22Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:53:52Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: cri-o://5e3b1fe86c854e6a5ee5ed2cfa080bed46369b293cdcdb8332be6dfbeba2fe09
    image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:defd7a2e774b05a66f288958d7ccda3063ca7c725c367e6b58b6b0d6286ab8f4
    imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:defd7a2e774b05a66f288958d7ccda3063ca7c725c367e6b58b6b0d6286ab8f4
    lastState: {}
    name: catalog-operator
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2019-12-23T06:55:13Z"
  hostIP: 10.0.0.8
  phase: Running
  podIP: 10.128.0.15
  podIPs:
  - ip: 10.128.0.15
  qosClass: Burstable
  startTime: "2019-12-23T06:53:52Z"
[scolange@scolange ~]$ oc get pod olm-operator-86cf7856d4-pqzmp -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/networks-status: |-
      [{
          "name": "ovn-kubernetes",
          "interface": "eth0",
          "ips": [
              "10.128.0.8"
          ],
          "mac": "ee:ef:02:80:00:09",
          "dns": {}
      }]
    ovn: '{"ip_address":"10.128.0.8/23","mac_address":"ee:ef:02:80:00:09","gateway_ip":"10.128.0.1"}'
  creationTimestamp: "2019-12-23T06:52:43Z"
  generateName: olm-operator-86cf7856d4-
  labels:
    app: olm-operator
    pod-template-hash: 86cf7856d4
  name: olm-operator-86cf7856d4-pqzmp
  namespace: openshift-operator-lifecycle-manager
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: olm-operator-86cf7856d4
    uid: 202b9d73-53df-4ee7-a9b3-17ee63c31720
  resourceVersion: "4569"
  selfLink: /api/v1/namespaces/openshift-operator-lifecycle-manager/pods/olm-operator-86cf7856d4-pqzmp
  uid: 899f1eaf-9e43-4dcb-bd5a-8cb72334c8da
spec:
  containers:
  - args:
    - -namespace
    - $(OPERATOR_NAMESPACE)
    - -writeStatusName
    - operator-lifecycle-manager
    - -writePackageServerStatusName
    - operator-lifecycle-manager-packageserver
    - -tls-cert
    - /var/run/secrets/serving-cert/tls.crt
    - -tls-key
    - /var/run/secrets/serving-cert/tls.key
    command:
    - /bin/olm
    env:
    - name: RELEASE_VERSION
      value: 4.3.0-0.nightly-2019-12-22-223447
    - name: OPERATOR_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    - name: OPERATOR_NAME
      value: olm-operator
    image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:defd7a2e774b05a66f288958d7ccda3063ca7c725c367e6b58b6b0d6286ab8f4
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 8080
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: olm-operator
    ports:
    - containerPort: 8080
      protocol: TCP
    - containerPort: 8081
      name: metrics
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 8080
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    resources:
      requests:
        cpu: 10m
        memory: 160Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: FallbackToLogsOnError
    volumeMounts:
    - mountPath: /var/run/secrets/serving-cert
      name: serving-cert
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: olm-operator-serviceaccount-token-t9vxf
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: qe-yinzhou-s-kkwn9-master-2
  nodeSelector:
    beta.kubernetes.io/os: linux
    node-role.kubernetes.io/master: ""
  priority: 2000000000
  priorityClassName: system-cluster-critical
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: olm-operator-serviceaccount
  serviceAccountName: olm-operator-serviceaccount
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
    operator: Exists
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 120
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 120
  - effect: NoSchedule
    key: node.kubernetes.io/memory-pressure
    operator: Exists
  volumes:
  - name: serving-cert
    secret:
      defaultMode: 420
      secretName: olm-operator-serving-cert
  - name: olm-operator-serviceaccount-token-t9vxf
    secret:
      defaultMode: 420
      secretName: olm-operator-serviceaccount-token-t9vxf
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:53:52Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:55:23Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:55:23Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2019-12-23T06:53:52Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: cri-o://d4f0a0ad7d82b5fcf425b02314a44673adc9828fe85e82d0d5714753067cb994
    image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:defd7a2e774b05a66f288958d7ccda3063ca7c725c367e6b58b6b0d6286ab8f4
    imageID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:defd7a2e774b05a66f288958d7ccda3063ca7c725c367e6b58b6b0d6286ab8f4
    lastState: {}
    name: olm-operator
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2019-12-23T06:55:13Z"
  hostIP: 10.0.0.8
  phase: Running
  podIP: 10.128.0.8
  podIPs:
  - ip: 10.128.0.8
  qosClass: Burstable
  startTime: "2019-12-23T06:53:52Z"


Exspected result:

  resources:
    limits:
      cpu: 200m
      memory: 200Mi
      cpu: 400m
      memory: 400Mi

Actual result :
    
   resources:
      requests:
        cpu: 10m
        memory: 160Mi

Comment 3 Dan Geoffroy 2020-01-02 12:38:59 UTC
We had to remove the resource limits for OLM as having limits does not allow OLM to be used in large scale clusters.  Please see https://bugzilla.redhat.com/show_bug.cgi?id=1784915 We will revisit this in 4.4 to see if we can come up with a better solution around resource limits.

Comment 4 Jian Zhang 2020-01-08 07:12:26 UTC
Since the target release has been set to 4.4.0, so close it as a duplicated bug.

*** This bug has been marked as a duplicate of bug 1760608 ***


Note You need to log in before you can comment on or make changes to this bug.