Add --max-fd argument to uwsgi to stop it from getting OOMKilled in Kubernetes #9564
Conversation
Contextual Security AnalysisAs DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.
Chat with your AI-powered Security Buddy by typing Install and configure more repositories at DryRun Security |
|
Please create PR against dev or bugfix |
|
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🔴 Risk threshold exceeded. Adding a reviewer if one is configured in notification list: @mtesauro @grendel513 Tip Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example... Powered by DryRun Security |
|
@hoeg thanks for updating your commits. It think this will work! There is not a some extra changes unrelated to your file descriptor changes that should not be here. Once those are removed, I think this will be good to go :) |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
Closing this PR as the parent issue was addressed by changing the k8s config rather then a code change on the DD side. |
Description
This PR fixes the issue described in issue #9562 regarding uWSGI that under some circumstances will take up an unnecessary amount of resources on a kubernetes node leading to the pod getting OOMKilled.
We introduce the possibility to set the
--max-fdargument when starting up uWSGI to mitigate this issue.Test results
I have tested the fix on a kubernetes cluster where it prevented the pod from getting OOMKilled. For more information see #9562.
Documentation
It is not clear to me where the documentation should be updated.