Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-8858

Image Updater: [Scalability Improvements] reuse http client and transport

XMLWordPrintable

    • Image Updater: [Scalability Improvements] reuse http client and transport
    • False
    • Hide

      None

      Show
      None
    • False

      Epic Goal

      • when connecting to external destinations, e.g., container registries and git repositories, image updater should strive to reuse http client and http transport where possible to preserve resources, while still maintaining isolation between each request invocation.
      • Image updater should be able to run and manage applications continuously in cluster over a long period of time without service disruption or resource leak. Users should not need to restart the pod or cluster to reclaim resources.

      Why is this important?

      • required for using image updater in production environment.

      Scenarios

      1. original issue was reported in image updater github issue https://github.com/argoproj-labs/argocd-image-updater/issues/1445
      2. with configuration:
        1. Configure Argo CD Image Updater to use a GitHub App for repository authentication (the GitHubAppCreds flow).
        2. Run the updater against many applications or let it run for extended time with default concurrency.
        3. Monitor processes inside the pod: ps aux | grep git | wc -l
        4. Eventually you will see process count grow (observed 8141) and git fetch/push will start failing with the errors above.

      SDLC Questionnaire

      S.No Questions Yes/No Sample JIRA Epic
      1 Does this Epic address a change in way the product is being used? (eg: Adding support for OpenShift GitOps to be used in ROSA cluster with HCP) No GITOPS-5223
      2 Does this  Epic require a change in  the application's runtime - Upgrade of operator-sdk, OLM, client-go, go-toolset ? No GITOPS-8104
      3 Does this Epic primarily dealing with introducing a new security related feature (eg: Introduce SSO support) No GITOPS-437, GITOPS-547
      4 Does this Epic primarily dealing with the  modification of  an existing security feature ? (Eg: Supporting of External  Authentication for SSO)  No GITOPS-8017
      5 Does this Epic require changes to any cryptographic library ( Eg: FIPS support for OpenShift GitOps) No GITOPS-6365
      6 Does this Epic require any new or change in the existing cryptographic algorithms used in the product  (Eg: Using GPG verification for manifests, Upgrading from SHA256 to SHA512) No GITOPS-3049
      7 Does this Epic require any change in existing  authentication mechanisms (eg: Argo CD Auth integration with OpenShift, Kerberos to OAuth) No GITOPS-437 GITOPS-547 GITOPS-3246 GITOPS-1330
      8 Does this Epic require any change in authorisation mechanism (Eg: Using RBAC and service accounts impersonation for App Sync) No GITOPS-3501
      9 Does this Epic require a change in the Communication protocol ( Eg: Using TLS to encrypt data traffic to/from Redis cache) No GITOPS-720
      10 Does this Epic require a change in how External Data is parsed and validated ? ( Eg: Change from JSON to Protobuf) No  
      11 Does this Epic require a change in core libraries or runtime (Eg: go compiler upgrade, Changing Operator SDK, controller-runtime, client-go versions) No GITOPS-7295
      12 Does this Epic require exposing any internal service to internet (Eg: Allow exposing Argo CD Agent principal via Route, using ArgoCD CR) No GITOPS-7728
      13 Does this Epic require a change in any existing gRPC service APIs No  
      14 Does this Epic require a change in any new external service (Eg: Support for OCI container registry for storing manifests) No GITOPS-4432
      15 Does this Epic require a change in the tenancy model ? (Eg: Supporting Apps/Appsets in Any namespace, cluster and repo credentials in any namespace) No GITOPS-917
      GITOPS-3754
      16 Does this Epic require any addition/modification of RBAC resources (Service Account, Role, RoleBinding, ClusterRole, ClusterRoleBinding) ? No  
      17 Does this Epic require a feature that needs to be enabled only for cluster scoped Argo CD instances ? No  

      Other Considerations

      • <Call out anything explicitly as Out of Scope?>
      • <Call out internal and external dependencies?>
      • <Are there any known previous works?>
      • <Any unanswered questions?>

      Definition of Ready

      • The epic has been broken down into stories.
      • Stories have been scoped.
      • The epic has been stack ranked.

      Definition of Done

      • Code Complete:
        • All code has been written, reviewed, and approved.
      • Tested:
        • Unit tests have been written and passed.
        • Integration tests have been completed.
        • System tests have been conducted, and all critical bugs have been fixed.
        • Tested on OpenShift either upstream or downstream on a local build.
      • Documentation:
        • User documentation or release notes have been written.
      • Build:
        • Code has been successfully built and integrated into the main repository / project.
      • Review:
        • Code has been peer-reviewed and meets coding standards.
        • All acceptance criteria defined in the user story have been met.
        • Tested by reviewer on OpenShift.
      • Deployment:
        • The feature has been deployed on OpenShift cluster for testing.
      • Acceptance:
        • Product Manager or stakeholder has reviewed and accepted the work.

              cfang@redhat.com Cheng Fang
              cfang@redhat.com Cheng Fang
              Tangerine
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: