Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-8316

Devspace ca-cert related configmap filing up the etcd

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Release Notes
    • Hide
      = Improve mounting certs into user containers

      The process of mounting certificates into user containers has been improved in this release:

      * The obsolete `che-trusted-ca-certs` ConfigMap that was used for mounting certificates into the `/public-certs` directory was removed.
      * The `ca-certs-merged` ConfigMap is now created in the user namespace and is merged either into the `/public-certs` directory or `/etc/pki/ca-trust/extracted/pem`, depending on the value of `spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount` defined in the Custom Resource.

      More details about importing untrusted TLS certificates are available in the link:https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.20/html/administration_guide/configuring-devspaces#importing-untrusted-tls-certificates[official documentation].
      Show
      = Improve mounting certs into user containers The process of mounting certificates into user containers has been improved in this release: * The obsolete `che-trusted-ca-certs` ConfigMap that was used for mounting certificates into the `/public-certs` directory was removed. * The `ca-certs-merged` ConfigMap is now created in the user namespace and is merged either into the `/public-certs` directory or `/etc/pki/ca-trust/extracted/pem`, depending on the value of `spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount` defined in the Custom Resource. More details about importing untrusted TLS certificates are available in the link: https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.20/html/administration_guide/configuring-devspaces#importing-untrusted-tls-certificates [official documentation].
    • Enhancement
    • Done

      Description of problem:

      Customer has over 2400 Devspace installed on a single cluster.

      The cluster is slow and irresponsive periodically. 

      We found that etcd is nearly filing up (7.5 GB) and configmap take around 5.5 GB.

      The largest configmaps are ca-cert-merged and che-trusted-ca-cert which are 1 MB each and they can be found in every devspace namespace.

      The content of ca-cert-merged configmap in different namespaces are actually same.

      This make kube-apiserver request are slow and take a lot of memory.

      The cluster is running on 4.16.35.

      Actual results:

      Cluster is slow and irresponsive periodically

      Expected results:

      Cluster should be functional and stable

       

              abazko Anatolii Bazko
              tkong-ocm Tony Kong
              Dmytro Nochevnov Dmytro Nochevnov
              Jana Vrbkova Jana Vrbkova
              Votes:
              1 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: