[etcd] Add support for setting the request size limit (#8849)

* [etcd] Add extra documentation for `etcd_memory_limit` and `etcd_quota_backend_bytes`

Signed-off-by: necatican <necaticanyildirim@gmail.com>

* [etcd] Add support for setting ETCD_MAX_REQUEST_BYTES

Signed-off-by: necatican <necaticanyildirim@gmail.com>

inventory/sample/group_vars/etcd.yml

@@ -7,13 +7,20 @@
 
 ## Etcd is restricted by default to 512M on systems under 4GB RAM, 512MB is not enough for much more than testing.
 ## Set this if your etcd nodes have less than 4GB but you want more RAM for etcd. Set to 0 for unrestricted RAM.
+## This value is only relevant when deploying etcd with `etcd_deployment_type: docker`
 # etcd_memory_limit: "512M"
 
 ## Etcd has a default of 2G for its space quota. If you put a value in etcd_memory_limit which is less than
 ## etcd_quota_backend_bytes, you may encounter out of memory terminations of the etcd cluster. Please check
 ## etcd documentation for more information.
+# 8G is a suggested maximum size for normal environments and etcd warns at startup if the configured value exceeds it.
 # etcd_quota_backend_bytes: "2147483648"
 
+# Maximum client request size in bytes the server will accept.
+# etcd is designed to handle small key value pairs typical for metadata.
+# Larger requests will work, but may increase the latency of other requests
+# etcd_max_request_bytes: "1572864"
+
 ### ETCD: disable peer client cert authentication.
 # This affects ETCD_PEER_CLIENT_CERT_AUTH variable
 # etcd_peer_client_auth: true

roles/etcd/defaults/main.yml

@@ -46,10 +46,18 @@ etcd_extra_vars: {}
 
 # Limits
 # Limit memory only if <4GB memory on host. 0=unlimited
+# This value is only relevant when deploying etcd with `etcd_deployment_type: docker`
 etcd_memory_limit: "{% if ansible_memtotal_mb < 4096 %}512M{% else %}0{% endif %}"
 
+# The default storage size limit is 2G.
+# 8G is a suggested maximum size for normal environments and etcd warns at startup if the configured value exceeds it.
 # etcd_quota_backend_bytes: "2147483648"
 
+# Maximum client request size in bytes the server will accept.
+# etcd is designed to handle small key value pairs typical for metadata.
+# Larger requests will work, but may increase the latency of other requests
+# etcd_max_request_bytes: "1572864"
+
 # Uncomment to set CPU share for etcd
 # etcd_cpu_limit: 300m
 

roles/etcd/templates/etcd-events.env.j2

@@ -19,6 +19,9 @@ ETCD_SNAPSHOT_COUNT={{ etcd_snapshot_count }}
 {% if etcd_quota_backend_bytes is defined %}
 ETCD_QUOTA_BACKEND_BYTES={{ etcd_quota_backend_bytes }}
 {% endif %}
+{% if etcd_max_request_bytes is defined %}
+ETCD_MAX_REQUEST_BYTES={{ etcd_max_request_bytes }}
+{% endif %}
 
 # TLS settings
 ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem

roles/etcd/templates/etcd.env.j2

@@ -23,6 +23,9 @@ ETCD_SNAPSHOT_COUNT={{ etcd_snapshot_count }}
 {% if etcd_quota_backend_bytes is defined %}
 ETCD_QUOTA_BACKEND_BYTES={{ etcd_quota_backend_bytes }}
 {% endif %}
+{% if etcd_max_request_bytes is defined %}
+ETCD_MAX_REQUEST_BYTES={{ etcd_max_request_bytes }}
+{% endif %}
 {% if etcd_log_package_levels is defined %}
 ETCD_LOG_PACKAGE_LEVELS={{ etcd_log_package_levels }}
 {% endif %}

roles/kubernetes/control-plane/defaults/main/etcd.yml

@@ -23,5 +23,6 @@ etcd_metrics: "basic"
 etcd_extra_vars: {}
 
 # etcd_quota_backend_bytes: "2147483648"
+# etcd_max_request_bytes: "1572864"
 
 etcd_compaction_retention: "8"

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2

@@ -58,6 +58,9 @@ etcd:
 {% if etcd_quota_backend_bytes is defined %}
       quota-backend-bytes: "{{ etcd_quota_backend_bytes }}"
 {% endif %}
+{% if etcd_max_request_bytes is defined %}
+      max-request-bytes: "{{ etcd_max_request_bytes }}"
+{% endif %}
 {% if etcd_log_package_levels is defined %}
       log-package-levels: "{{ etcd_log_package_levels }}"
 {% endif %}
@@ -450,4 +453,3 @@ featureGates:
   {{ feature|replace("=", ": ") }}
 {%   endfor %}
 {% endif %}
-