COO-1597: Raise memory limit of observability-operator deploy#994
COO-1597: Raise memory limit of observability-operator deploy#994muellerfabi wants to merge 1 commit into
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: muellerfabi The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @muellerfabi. Thanks for your PR. I'm waiting for a rhobs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/retitle COO-1597: Raise memory limit of observability-operator deploy while it might help the reported case, I think that we should also document how users can customize the out-of-the box limits and where the current limits fit because I'm sure that we'll get other reports in the future (https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/subscription-config.md#resources). |
|
@muellerfabi: This pull request references COO-1597 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@jgbernalp wdyt? It's a small adjustment, so not sure how many user this will help out of the box. |
Is there a way for users to configure these limits? this might apply for this case. @muellerfabi do you have a pprof from this cluster that we can analyze? |
|
@jgbernalp yes it's possible (https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/subscription-config.md#resources) but the original report complained that it "should" just work out of the box. |
|
@simonpasquier the main issue with: https://github.com/operator-framework/operator-lifecycle-manager/blob/master/doc/design/subscription-config.md#resources is that it overwrites the resource constraints globally and thus for example if you have a deployment with the actual operator and for example kube-rbac-proxy sidecar (very typical), your large requirements will also apply there, see redhat-cop/patch-operator#76 as an example from another operator. |
|
@muellerfabi: This pull request references COO-1597 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
I updated the initial comment with further information, why overwriting resources in the Subscription kind is not ideal.
Raising the memory limit to 550Mi is sufficient until the cluster grows to 90 nodes or so. |
I'm worried that while it works for this cluster, we'll hear about other clusters still hitting the limit.
My initial assumption was that resource limits were a strong requirement but apparently not: https://sdk.operatorframework.io/docs/best-practices/managing-resources/#general-guidelines |
|
Warning Review limit reached
Next review available in: 54 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughThis change removes explicit CPU/memory resource limits across multiple deployment manifests, replacing Estimated code review effort: 2 (Simple) | ~10 minutes Changes
Sequence Diagram(s)Not applicable — this change consists of configuration edits without new control flow or interaction logic. Related issues: None specified in the provided information. Related PRs: None specified in the provided information. Suggested labels: deployment, configuration Suggested reviewers: None specified in the provided information. 🐰 No more limits capping what we can do, 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
bundle/manifests/observability-operator.clusterserviceversion.yaml (1)
956-956: 🧹 Nitpick | 🔵 TrivialRemoving limits drops OOM guardrails for all four COO containers.
With
limits: {}, none ofobo-prometheus-operator, its admission webhook,observability-operator, orperses-operatorhave a memory ceiling — a leak/regression in any of them can now consume unbounded node memory instead of being OOMKilled in isolation. This matches the PR's stated direction (per discussion, limits may be more harmful than helpful here), but worth confirming this tradeoff is accepted for all four components, not justperses-operatorwhich triggered COO-1597.Also applies to: 1027-1027, 1094-1094, 1166-1166
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@bundle/manifests/observability-operator.clusterserviceversion.yaml` at line 956, The CSV manifest is removing memory limits from all four COO containers, not just perses-operator, so confirm this is an intentional product decision across obo-prometheus-operator, its admission webhook, observability-operator, and perses-operator. Review the container specs in observability-operator.clusterserviceversion.yaml and either restore appropriate limits where guardrails are still desired or keep limits removed only if the no-limits tradeoff is explicitly accepted for every container.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@bundle/manifests/observability-operator.clusterserviceversion.yaml`:
- Line 956: The CSV manifest is removing memory limits from all four COO
containers, not just perses-operator, so confirm this is an intentional product
decision across obo-prometheus-operator, its admission webhook,
observability-operator, and perses-operator. Review the container specs in
observability-operator.clusterserviceversion.yaml and either restore appropriate
limits where guardrails are still desired or keep limits removed only if the
no-limits tradeoff is explicitly accepted for every container.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 35b05cf3-0ed4-4c95-8295-db4945b3f278
📒 Files selected for processing (4)
bundle/manifests/observability-operator.clusterserviceversion.yamldeploy/olm/syncselector-template.yamldeploy/operator/observability-operator-deployment.yamldeploy/perses/perses-operator-deployment.yaml
|
I updated my commit deleting resource limits for the components. KCS article https://access.redhat.com/solutions/6958023 states, beside some rationale:
|
|
/ok-to-test |
On a larger OCP 4.18 cluster with 66 nodes observability-operator 1.3.0 gets OOMKilled right after start.
Issue is reported in https://access.redhat.com/support/cases/#/case/04368491
Issue is tracked in https://issues.redhat.com/browse/COO-1597
Update due to missing information about the actual issue:
We are aware of the fact that it is possible to set resource requests and limits in the subscription. We use the following as a workaround:
The problem is that the given config is set on all COO components equally:
Because of the elevated memory usage of perses in contrast to the other components, we were forced to set the memory limit to 3Gi.
Now all the components have a needlessly too high memory limit: