Add environment variables (!66) · Merge requests · GitLab.org / Cloud Native / charts / gitlab-zoekt

Dmitry Gruzd requested to merge add-environment-variables into main Nov 25, 2023

What does this MR do and why?

This is a follow-up to Add GOGC configuration value (!56 - merged)

Context for the change: During the Zoekt incident @msmiley mentioned that we run Zoekt pods on hosts with 80 vCPUs, so Go runtime spawns its threads suboptimally. To fix this mismatch, we need to set GOMAXPROCS (I've also found confirmation that we should do that in different online resources, for example: https://github.com/uber-go/automaxprocs/issues/12#issuecomment-405976401).

In order to add GOMAXPROCS configuration we'd essentially need to duplicate Add GOGC configuration value (!56 - merged). Instead, I've decided to make it so that we can set any env variables we want for zoekt-webserer and zoekt-indexer.

We don't use webserver.goGc.enabled nor indexer.goGc.enabled, so it's backwards compatible.

How to set up and validate locally

helm install gitlab-zoekt .
Execute kubectl describe pod gitlab-zoekt-0 and verify that GOGC and GOMAXPROCS are unset for zoekt-webserver and zoekt-indexer
helm upgrade gitlab-zoekt . --set webserver.environment.GOGC=50 --set webserver.environment.GOMAXPROCS=4 --set indexer.environment.GOGC=75 --set indexer.environment.GOMAXPROCS=6
Execute kubectl describe pod gitlab-zoekt-0 and verify that GOGC and GOMAXPROCS are set for zoekt-webserver and zoekt-indexer

  zoekt-webserver:
    ...
    Environment:
      GOGC:  50
      GOMAXPROCS: 4
  zoekt-indexer:
    ...
    Environment:
      GOGC:  75
      GOMAXPROCS: 6

You can also use:

$ kubectl exec gitlab-zoekt-0 -c zoekt-indexer -- env | fgrep GO
GOGC=75
GOMAXPROCS=6
$ kubectl exec gitlab-zoekt-0 -c zoekt-webserver -- env | fgrep GO
GOGC=50
GOMAXPROCS=4

As an additional testing step I've executed ./spec/scripts/integration.sh with these custom values, which was successful.

Click to expand

❯ ./spec/scripts/integration.sh --set webserver.environment.GOGC=50 --set webserver.environment.GOMAXPROCS=4 --set indexer.environment.GOGC=75 --set indexer.environment.GOMAXPROCS=6
Installation:
> Uninstall helm release if exists ...                      [OK]
> Helm install ...                                          [OK]
> Deploy cert manager ...                                   [OK]
Healthchecks & Metrics:
> Local | Legacy indexer health ...                         [OK]
> Local | New indexer health ...                            [OK]
> Local | Webserver health ...                              [OK]
> Internal Gateway | Legacy indexer health ...              [OK]
> Internal Gateway | New indexer health ...                 [OK]
> Internal Gateway | New indexer metrics ...                [OK]
> Internal Gateway | Webserver health ...                   [OK]
> Internal Gateway | Webserver metrics ...                  [OK]
> Internal Gateway | Nginx health ...                       [OK]
> External Gateway | Nginx health ...                       [OK]
> External Gateway | Indexer health ...                     [OK]
> External Gateway | Indexer metrics ...                    [OK]
> External Gateway | Webserver health ...                   [OK]
> External Gateway | Webserver metrics ...                  [OK]
Indexing & Searching:
> Local | Indexer truncate ...                              [OK]
> Local | Legacy indexer ...                                [OK]
> Local | Webserver ...                                     [OK]
> Local | Indexer ...                                       [OK]
> Internal Gateway | Legacy indexer indexing ...            [OK]
> Internal Gateway | Webserver ...                          [OK]
> External Gateway | Indexer ...                            [OK]
> External Gateway | Webserver ...                          [OK]
> External Gateway /nodes endpoint | Webserver ...          [OK]
> External Gateway /nodes endpoint | Indexer ...            [OK]
Basic Auth:
> Auth | Create secret ...                                  [OK]
> Auth | Enable basic_auth ...                              [OK]
> Auth | No auth | Internal Gateway | Nginx health ...      [OK]
> Auth | No auth | External Gateway | Nginx health ...      [OK]
> Auth | No auth | External Gateway | Webserver health ...  [OK]
> Auth | No auth | External Gateway | Webserver metrics ... [OK]
> Auth | No auth | External Gateway | Indexer health ...    [OK]
> Auth | No auth | External Gateway | Indexer metrics ...   [OK]
> Auth | Wrong | External Gateway | Indexer ...             [OK]
> Auth | Wrong | External Gateway | Webserver ...           [OK]
> Auth | External Gateway | Indexer ...                     [OK]
> Auth | External Gateway | Webserver ...                   [OK]
> Auth | External Gateway /nodes endpoint | Webserver ...   [OK]
> Auth | External Gateway /nodes endpoint | Indexer ...     [OK]
TLS:
> Wait for cert-manager-webhook deployment ...              [OK]
> Add certificate ...                                       [OK]
> Enable TLS ...                                            [OK]
> TLS | External Gateway | Webserver ...                    [OK]
> TLS | External Gateway | Indexer ...                      [OK]
> TLS | External Gateway /nodes endpoint | Webserver ...    [OK]
> TLS | External Gateway /nodes endpoint | Indexer ...      [OK]
Upgrade:
> Helm upgrade ...                                          [OK]

Edited Nov 25, 2023 by Dmitry Gruzd

Add environment variables

What does this MR do and why?

How to set up and validate locally

Merge request reports