diff --git a/modules/nodes-nodes-max-image-pulls.adoc b/modules/nodes-nodes-max-image-pulls.adoc new file mode 100644 index 000000000000..c982601c72e9 --- /dev/null +++ b/modules/nodes-nodes-max-image-pulls.adoc @@ -0,0 +1,133 @@ +// Module included in the following assemblies: +// +// * nodes/nodes/nodes-nodes-managing.adoc + +:_mod-docs-content-type: PROCEDURE +[id="nodes-nodes-max-image-pulls_{context}"] + += Configuring parallel container image pulls + +To help control bandwidth issues, you can configure the number of workload images that can be pulled at the same time. + +By default, the cluster can pull images in parallel, which allows multiple workloads to pull images at the same time. Pulling multiple images in parallel can improve workload start up time, by allowing your workloads to pull needed images without waiting. Also, updates However, pulling too many images at once can use excessive network bandwidth and cause latency issues throughout your cluster. + +You can configure the maximum number of images that can be pulled in parallel or force serial image pulling, which allows only one image to be pulled at a time. + +To control the number of images that can be pulled simultaneously, you can use a kubelet config to set the `maxParallelImagePulls` to specify a limit. Additional image pulls above this limit are held until one of the current pulls is complete. + +To force serial image pulls, use a kubelet config to set `serializeImagePulls` field to `true`. + +.Prerequisites + +* You have a running {product-title} cluster. + +* You are logged in to the cluster as a user with administrative privileges. + +.Procedure + +. Apply a custom label to the machine config pool where you want to configure parallel pulls by running a command similar to the following. ++ +[source,terminal] +---- +$ oc label machineconfigpool parallel-pulls=set +---- + +. Create a custom resource (CR) to enable and configure parallel image pulling. ++ +[source,yaml] +---- +apiVersion: machineconfiguration.openshift.io/v1 +kind: KubeletConfig +metadata: + name: parallel-image-pulls +# ... +spec: + machineConfigPoolSelector: + matchLabels: + parallel-pulls: set + kubeletConfig: + serializeImagePulls: false <1> + maxParallelImagePulls: 3 <2> +# ... +---- +<1> Set to `false` to enable parallel image pulls. Set to `true` to force serial image pulling. The default is `false`. +<2> Specify the maximum number of images that can be pulled in parallel. + +. Create the new machine config by running a command similar to the following: ++ +[source,terminal] +---- +$ oc create -f .yaml +---- + +.Verification + +. Check the machine configs to see that a new one was added by running the following command: ++ +[source,terminal] +---- +$ oc get MachineConfig +---- ++ +.Example output ++ +[source,terminal] +---- +NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE +00-master 70025364a114fc3067b2e82ce47fdb0149630e4b 3.5.0 133m +00-worker 70025364a114fc3067b2e82ce47fdb0149630e4b 3.5.0 133m +# ... +99-parallel-generated-kubelet 70025364a114fc3067b2e82ce47fdb0149630e4b 3.5.0 15s <1> +# ... +rendered-parallel-c634a80f644740974ceb40c054c79e50 70025364a114fc3067b2e82ce47fdb0149630e4b 3.5.0 10s <2> +---- +<1> The new machine config. In this example, the machine config is for the `parallel` custom machine config pool. +<2> The new rendered machine config. In this example, the machine config is for the `parallel` custom machine config pool. + +. Check to see that the nodes in the `parallel` machine config pool are being updated by running the following command: ++ +[source,terminal] +---- +$ oc get machineconfigpool +---- ++ +.Example output ++ +[source,terminal] +---- +NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE +parallel rendered-parallel-3904f0e69130d125b3b5ef0e981b1ce1 False True False 1 0 0 0 65m +master rendered-master-7536834c197384f3734c348c1d957c18 True False False 3 3 3 0 140m +worker rendered-worker-c634a80f644740974ceb40c054c79e50 True False False 2 2 2 0 140m +---- + +. When the nodes are updated, check that the parallel pull maximum was configured: + +.. Open an `oc debug` session to a node by running a command similar to the following: ++ +[source,terminal] +---- +$ oc debug node/ +---- + +.. Set `/host` as the root directory within the debug shell by running the following command: ++ +[source,terminal] +---- +sh-5.1# chroot /host +---- + +.. Examine the `kubelet.conf` file by running the following command: ++ +[source,terminal] +---- +sh-5.1# cat /etc/kubernetes/kubelet.conf | grep -i maxParallelImagePulls +---- ++ +.Example output ++ +[source,terminal] +---- +maxParallelImagePulls: 3 +---- + diff --git a/nodes/nodes/nodes-nodes-managing.adoc b/nodes/nodes/nodes-nodes-managing.adoc index c4c12eae6dd2..57aefbd36f16 100644 --- a/nodes/nodes/nodes-nodes-managing.adoc +++ b/nodes/nodes/nodes-nodes-managing.adoc @@ -31,6 +31,7 @@ include::modules/nodes-nodes-rtkernel-arguments.adoc[leveloffset=+1] endif::openshift-webscale[] include::modules/nodes-nodes-swap-memory.adoc[leveloffset=+1] +include::modules/nodes-nodes-max-image-pulls.adoc[leveloffset=+1] include::modules/nodes-control-plane-osp-migrating.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources