US-622676 - helm chart changes for tcp keep alive probe (#837)

* US-622676 - helm chart changes for tcp keep alive probe * US-622676 - updating the documents * US-622676 - updating the documents * US-622676 - updating the readme * US-622676 - PR changes * US-622676 - Reverting the original change * US-622676 - code review comments --------- Co-authored-by: kumas39 <[email protected]>
pegasystems · Oct 22, 2024 · 23b0df7 · 23b0df7
1 parent 36a77e3
commit 23b0df7
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 11 deletions.
diff --git a/charts/pega/README.md b/charts/pega/README.md
@@ -333,6 +333,20 @@ tier:
       runAsUser: RUN_AS_USER
       fsGroup: FS_GROUP
 ```
+
+Starting in Kubernetes version 1.29, you can configure the OS Kernel level setting net.ipv4.tcp_keepalive_time using standard sysctls command.
+The following code provides an example configuration. If needed, provide the value in seconds as per the cloud provider TCP connections timeout settings.
+
+Example:
+
+```yaml
+tier:
+  - name: my-tier
+    securityContext:
+      sysctls:
+        - name: net.ipv4.tcp_keepalive_time
+          value: "300"
+```
 ### service
 
 Specify the `service` yaml block to expose a Pega tier to other Kubernetes run services, or externally to other systems. The name of the service will be based on the tier's name, so if your tier is "web", your service name will be "pega-web". If you omit service, no Kubernetes service object is created for the tier during the deployment. For more information on services, see the [Kubernetes Documentation](https://kubernetes.io/docs/concepts/services-networking/service).

diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl
@@ -117,6 +117,11 @@ spec:
         runAsUser: 9001
         fsGroup: 0
 {{- end }}
+{{- if (.node.tcpKeepAliveProbe) }}
+        sysctls:
+        - name: "net.ipv4.tcp_keepalive_time"
+          value: "{{ .node.tcpKeepAliveProbe }}"
+{{- end }}
 {{- if .node.securityContext }}
 {{ toYaml .node.securityContext | indent 8 }}
 {{- end }}

diff --git a/charts/pega/values.yaml b/charts/pega/values.yaml
@@ -257,6 +257,14 @@ global:
       #   runAsUser: 9001
       #   fsGroup: 0
 
+      # To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds.
+      # This setting only works for Kubernetes version 1.29 onwards. For more information, see below,
+      # https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
+      # securityContext:
+      #   sysctls:
+      #   - name: net.ipv4.tcp_keepalive_time
+      #     value: "300"
+
       # To specify security settings for a Container, include the securityContext field in the Container manifest
       # Security settings that you specify for a Container apply only to the pega container,
       # and they override settings made at the Pod level when there is overlap. Container settings
@@ -328,6 +336,14 @@ global:
       #   runAsUser: 9001
       #   fsGroup: 0
 
+      # To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds.
+      # This setting only works for Kubernetes version 1.29 onwards. For more information, see below,
+      # https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
+      # securityContext:
+      #   sysctls:
+      #   - name: net.ipv4.tcp_keepalive_time
+      #     value: "300"
+
       # To specify security settings for a Container, include the securityContext field in the Container manifest
       # Security settings that you specify for a Container apply only to the pega container,
       # and they override settings made at the Pod level when there is overlap. Container settings
@@ -399,6 +415,14 @@ global:
       #   runAsUser: 9001
       #   fsGroup: 0
 
+      # To configure net.ipv4.tcp_keepalive_time OS Kernel setting, set the value in seconds.
+      # This setting only works for Kubernetes version 1.29 onwards. For more information, see below,
+      # https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
+      # securityContext:
+      #   sysctls:
+      #   - name: net.ipv4.tcp_keepalive_time
+      #     value: "300"
+
       # To specify security settings for a Container, include the securityContext field in the Container manifest
       # Security settings that you specify for a Container apply only to the pega container,
       # and they override settings made at the Pod level when there is overlap. Container settings

diff --git a/terratest/src/test/pega/pega-tier-deployment_test.go b/terratest/src/test/pega/pega-tier-deployment_test.go
@@ -75,16 +75,16 @@ func TestPegaTierDeploymentWithPodAffinity(t *testing.T) {
 	for _, vendor := range supportedVendors {
 		var options = &helm.Options{
 			SetValues: map[string]string{
-				"global.provider":                        									vendor,
-				"global.actions.execute":                 									"deploy",
-				"global.deployment.name":                 									"pega",
-				"installer.upgrade.upgradeType":          									"zero-downtime",
-				"global.tier[0].name":                    									"web",
-				"global.tier[1].name":                    									"batch",
-				"global.tier[2].name":                    									"stream",
-				affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].key": 			"kubernetes.io/os", 
-				affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].operator": 	"In", 
-				affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].values[0]": 	"linux", 
+				"global.provider":               vendor,
+				"global.actions.execute":        "deploy",
+				"global.deployment.name":        "pega",
+				"installer.upgrade.upgradeType": "zero-downtime",
+				"global.tier[0].name":           "web",
+				"global.tier[1].name":           "batch",
+				"global.tier[2].name":           "stream",
+				affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].key":       "kubernetes.io/os",
+				affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].operator":  "In",
+				affintiyBasePath + "nodeSelectorTerms[0].matchExpressions[0].values[0]": "linux",
 			},
 		}
 
@@ -102,7 +102,37 @@ func TestPegaTierDeploymentWithPodAffinity(t *testing.T) {
 		UnmarshalK8SYaml(t, yamlSplit[3], &depObjStream)
 		deploymentAffinityStream := depObjStream.Spec.Template.Spec.Affinity
 		require.Empty(t, deploymentAffinityStream)
-	}	
+	}
+}
+
+func TestPegaTierDeploymentWithTCPProbe(t *testing.T) {
+
+	var supportedVendors = []string{"k8s", "eks", "gke", "aks", "pks"}
+	helmChartPath, err := filepath.Abs(PegaHelmChartPath)
+	require.NoError(t, err)
+
+	var depObj appsv1.Deployment
+
+	for _, vendor := range supportedVendors {
+		var options = &helm.Options{
+			SetValues: map[string]string{
+				"global.provider":                  vendor,
+				"global.actions.execute":           "deploy",
+				"global.deployment.name":           "pega",
+				"global.tier[0].name":              "web",
+				"global.tier[0].tcpKeepAliveProbe": "10",
+			},
+		}
+
+		yamlContent := RenderTemplate(t, options, helmChartPath, []string{"templates/pega-tier-deployment.yaml"})
+		yamlSplit := strings.Split(yamlContent, "---")
+
+		UnmarshalK8SYaml(t, yamlSplit[1], &depObj)
+		require.Equal(t, "net.ipv4.tcp_keepalive_time", *&depObj.Spec.Template.Spec.SecurityContext.Sysctls[0].Name)
+		require.Equal(t, "10", *&depObj.Spec.Template.Spec.SecurityContext.Sysctls[0].Value)
+
+	}
+
 }
 
 func TestPegaTierDeploymentWithFSGroup(t *testing.T) {