Using the Node Tuning Operator

Learn about the Node Tuning Operator and how you can use it to manage node-level tuning by orchestrating the tuned daemon.

About the Node Tuning Operator

The Node Tuning Operator helps you manage node-level tuning by orchestrating the TuneD daemon and achieves low latency performance by using the Performance Profile controller. The majority of high-performance applications require some level of kernel tuning. The Node Tuning Operator provides a unified management interface to users of node-level sysctls and more flexibility to add custom tuning specified by user needs.

The Operator manages the containerized TuneD daemon for OKD as a Kubernetes daemon set. It ensures the custom tuning specification is passed to all containerized TuneD daemons running in the cluster in the format that the daemons understand. The daemons run on all nodes in the cluster, one per node.

Node-level settings applied by the containerized TuneD daemon are rolled back on an event that triggers a profile change or when the containerized TuneD daemon is terminated gracefully by receiving and handling a termination signal.

The Node Tuning Operator uses the Performance Profile controller to implement automatic tuning to achieve low latency performance for OKD applications. The cluster administrator configures a performance profile to define node-level settings such as the following:

  • Updating the kernel to kernel-rt.

  • Choosing CPUs for housekeeping.

  • Choosing CPUs for running workloads.

The Node Tuning Operator is part of a standard OKD installation in version 4.1 and later.

In earlier versions of OKD, the Performance Addon Operator was used to implement automatic tuning to achieve low latency performance for OpenShift applications. In OKD 4.11 and later, this functionality is part of the Node Tuning Operator.

Accessing an example Node Tuning Operator specification

Use this process to access an example Node Tuning Operator specification.

Procedure

  • Run the following command to access an example Node Tuning Operator specification:

    1. $ oc get Tuned/default -o yaml -n openshift-cluster-node-tuning-operator

The default CR is meant for delivering standard node-level tuning for the OKD platform and it can only be modified to set the Operator Management state. Any other custom changes to the default CR will be overwritten by the Operator. For custom tuning, create your own Tuned CRs. Newly created CRs will be combined with the default CR and custom tuning applied to OKD nodes based on node or pod labels and profile priorities.

While in certain situations the support for pod labels can be a convenient way of automatically delivering required tuning, this practice is discouraged and strongly advised against, especially in large-scale clusters. The default Tuned CR ships without pod label matching. If a custom profile is created with pod label matching, then the functionality will be enabled at that time. The pod label functionality will be deprecated in future versions of the Node Tuning Operator.

Default profiles set on a cluster

The following are the default profiles set on a cluster.

  1. apiVersion: tuned.openshift.io/v1
  2. kind: Tuned
  3. metadata:
  4. name: default
  5. namespace: openshift-cluster-node-tuning-operator
  6. spec:
  7. profile:
  8. - data: |
  9. [main]
  10. summary=Optimize systems running OpenShift (provider specific parent profile)
  11. include=-provider-${f:exec:cat:/var/lib/tuned/provider},openshift
  12. name: openshift
  13. recommend:
  14. - profile: openshift-control-plane
  15. priority: 30
  16. match:
  17. - label: node-role.kubernetes.io/master
  18. - label: node-role.kubernetes.io/infra
  19. - profile: openshift-node
  20. priority: 40

Starting with OKD 4.9, all OpenShift TuneD profiles are shipped with the TuneD package. You can use the oc exec command to view the contents of these profiles:

  1. $ oc exec $tuned_pod -n openshift-cluster-node-tuning-operator -- find /usr/lib/tuned/openshift{,-control-plane,-node} -name tuned.conf -exec grep -H ^ {} \;

Verifying that the TuneD profiles are applied

Verify the TuneD profiles that are applied to your cluster node.

  1. $ oc get profile -n openshift-cluster-node-tuning-operator

Example output

  1. NAME TUNED APPLIED DEGRADED AGE
  2. master-0 openshift-control-plane True False 6h33m
  3. master-1 openshift-control-plane True False 6h33m
  4. master-2 openshift-control-plane True False 6h33m
  5. worker-a openshift-node True False 6h28m
  6. worker-b openshift-node True False 6h28m
  • NAME: Name of the Profile object. There is one Profile object per node and their names match.

  • TUNED: Name of the desired TuneD profile to apply.

  • APPLIED: True if the TuneD daemon applied the desired profile. (True/False/Unknown).

  • DEGRADED: True if any errors were reported during application of the TuneD profile (True/False/Unknown).

  • AGE: Time elapsed since the creation of Profile object.

Custom tuning specification

The custom resource (CR) for the Operator has two major sections. The first section, profile:, is a list of TuneD profiles and their names. The second, recommend:, defines the profile selection logic.

Multiple custom tuning specifications can co-exist as multiple CRs in the Operator’s namespace. The existence of new CRs or the deletion of old CRs is detected by the Operator. All existing custom tuning specifications are merged and appropriate objects for the containerized TuneD daemons are updated.

Management state

The Operator Management state is set by adjusting the default Tuned CR. By default, the Operator is in the Managed state and the spec.managementState field is not present in the default Tuned CR. Valid values for the Operator Management state are as follows:

  • Managed: the Operator will update its operands as configuration resources are updated

  • Unmanaged: the Operator will ignore changes to the configuration resources

  • Removed: the Operator will remove its operands and resources the Operator provisioned

Profile data

The profile: section lists TuneD profiles and their names.

  1. profile:
  2. - name: tuned_profile_1
  3. data: |
  4. # TuneD profile specification
  5. [main]
  6. summary=Description of tuned_profile_1 profile
  7. [sysctl]
  8. net.ipv4.ip_forward=1
  9. # ... other sysctl's or other TuneD daemon plugins supported by the containerized TuneD
  10. # ...
  11. - name: tuned_profile_n
  12. data: |
  13. # TuneD profile specification
  14. [main]
  15. summary=Description of tuned_profile_n profile
  16. # tuned_profile_n profile settings

Recommended profiles

The profile: selection logic is defined by the recommend: section of the CR. The recommend: section is a list of items to recommend the profiles based on a selection criteria.

  1. recommend:
  2. <recommend-item-1>
  3. # ...
  4. <recommend-item-n>

The individual items of the list:

  1. - machineConfigLabels: (1)
  2. <mcLabels> (2)
  3. match: (3)
  4. <match> (4)
  5. priority: <priority> (5)
  6. profile: <tuned_profile_name> (6)
  7. operand: (7)
  8. debug: <bool> (8)
  9. tunedConfig:
  10. reapply_sysctl: <bool> (9)
1Optional.
2A dictionary of key/value MachineConfig labels. The keys must be unique.
3If omitted, profile match is assumed unless a profile with a higher priority matches first or machineConfigLabels is set.
4An optional list.
5Profile ordering priority. Lower numbers mean higher priority (0 is the highest priority).
6A TuneD profile to apply on a match. For example tuned_profile_1.
7Optional operand configuration.
8Turn debugging on or off for the TuneD daemon. Options are true for on or false for off. The default is false.
9Turn reapply_sysctl functionality on or off for the TuneD daemon. Options are true for on and false for off.

<match> is an optional list recursively defined as follows:

  1. - label: <label_name> (1)
  2. value: <label_value> (2)
  3. type: <label_type> (3)
  4. <match> (4)
1Node or pod label name.
2Optional node or pod label value. If omitted, the presence of <label_name> is enough to match.
3Optional object type (node or pod). If omitted, node is assumed.
4An optional <match> list.

If <match> is not omitted, all nested <match> sections must also evaluate to true. Otherwise, false is assumed and the profile with the respective <match> section will not be applied or recommended. Therefore, the nesting (child <match> sections) works as logical AND operator. Conversely, if any item of the <match> list matches, the entire <match> list evaluates to true. Therefore, the list acts as logical OR operator.

If machineConfigLabels is defined, machine config pool based matching is turned on for the given recommend: list item. <mcLabels> specifies the labels for a machine config. The machine config is created automatically to apply host settings, such as kernel boot parameters, for the profile <tuned_profile_name>. This involves finding all machine config pools with machine config selector matching <mcLabels> and setting the profile <tuned_profile_name> on all nodes that are assigned the found machine config pools. To target nodes that have both master and worker roles, you must use the master role.

The list items match and machineConfigLabels are connected by the logical OR operator. The match item is evaluated first in a short-circuit manner. Therefore, if it evaluates to true, the machineConfigLabels item is not considered.

When using machine config pool based matching, it is advised to group nodes with the same hardware configuration into the same machine config pool. Not following this practice might result in TuneD operands calculating conflicting kernel parameters for two or more nodes sharing the same machine config pool.

Example: node or pod label based matching

  1. - match:
  2. - label: tuned.openshift.io/elasticsearch
  3. match:
  4. - label: node-role.kubernetes.io/master
  5. - label: node-role.kubernetes.io/infra
  6. type: pod
  7. priority: 10
  8. profile: openshift-control-plane-es
  9. - match:
  10. - label: node-role.kubernetes.io/master
  11. - label: node-role.kubernetes.io/infra
  12. priority: 20
  13. profile: openshift-control-plane
  14. - priority: 30
  15. profile: openshift-node

The CR above is translated for the containerized TuneD daemon into its recommend.conf file based on the profile priorities. The profile with the highest priority (10) is openshift-control-plane-es and, therefore, it is considered first. The containerized TuneD daemon running on a given node looks to see if there is a pod running on the same node with the tuned.openshift.io/elasticsearch label set. If not, the entire <match> section evaluates as false. If there is such a pod with the label, in order for the <match> section to evaluate to true, the node label also needs to be node-role.kubernetes.io/master or node-role.kubernetes.io/infra.

If the labels for the profile with priority 10 matched, openshift-control-plane-es profile is applied and no other profile is considered. If the node/pod label combination did not match, the second highest priority profile (openshift-control-plane) is considered. This profile is applied if the containerized TuneD pod runs on a node with labels node-role.kubernetes.io/master or node-role.kubernetes.io/infra.

Finally, the profile openshift-node has the lowest priority of 30. It lacks the <match> section and, therefore, will always match. It acts as a profile catch-all to set openshift-node profile, if no other profile with higher priority matches on a given node.

Decision workflow

Example: machine config pool based matching

  1. apiVersion: tuned.openshift.io/v1
  2. kind: Tuned
  3. metadata:
  4. name: openshift-node-custom
  5. namespace: openshift-cluster-node-tuning-operator
  6. spec:
  7. profile:
  8. - data: |
  9. [main]
  10. summary=Custom OpenShift node profile with an additional kernel parameter
  11. include=openshift-node
  12. [bootloader]
  13. cmdline_openshift_node_custom=+skew_tick=1
  14. name: openshift-node-custom
  15. recommend:
  16. - machineConfigLabels:
  17. machineconfiguration.openshift.io/role: "worker-custom"
  18. priority: 20
  19. profile: openshift-node-custom

To minimize node reboots, label the target nodes with a label the machine config pool’s node selector will match, then create the Tuned CR above and finally create the custom machine config pool itself.

Cloud provider-specific TuneD profiles

With this functionality, all Cloud provider-specific nodes can conveniently be assigned a TuneD profile specifically tailored to a given Cloud provider on a OKD cluster. This can be accomplished without adding additional node labels or grouping nodes into machine config pools.

This functionality takes advantage of spec.providerID node object values in the form of <cloud-provider>://<cloud-provider-specific-id> and writes the file /var/lib/tuned/provider with the value <cloud-provider> in NTO operand containers. The content of this file is then used by TuneD to load provider-<cloud-provider> profile if such profile exists.

The openshift profile that both openshift-control-plane and openshift-node profiles inherit settings from is now updated to use this functionality through the use of conditional profile loading. Neither NTO nor TuneD currently ship any Cloud provider-specific profiles. However, it is possible to create a custom profile provider-<cloud-provider> that will be applied to all Cloud provider-specific cluster nodes.

Example GCE Cloud provider profile

  1. apiVersion: tuned.openshift.io/v1
  2. kind: Tuned
  3. metadata:
  4. name: provider-gce
  5. namespace: openshift-cluster-node-tuning-operator
  6. spec:
  7. profile:
  8. - data: |
  9. [main]
  10. summary=GCE Cloud provider-specific profile
  11. # Your tuning for GCE Cloud provider goes here.
  12. name: provider-gce

Due to profile inheritance, any setting specified in the provider-<cloud-provider> profile will be overwritten by the openshift profile and its child profiles.

Custom tuning examples

Using TuneD profiles from the default CR

The following CR applies custom node-level tuning for OKD nodes with label tuned.openshift.io/ingress-node-label set to any value.

Example: custom tuning using the openshift-control-plane TuneD profile

  1. apiVersion: tuned.openshift.io/v1
  2. kind: Tuned
  3. metadata:
  4. name: ingress
  5. namespace: openshift-cluster-node-tuning-operator
  6. spec:
  7. profile:
  8. - data: |
  9. [main]
  10. summary=A custom OpenShift ingress profile
  11. include=openshift-control-plane
  12. [sysctl]
  13. net.ipv4.ip_local_port_range="1024 65535"
  14. net.ipv4.tcp_tw_reuse=1
  15. name: openshift-ingress
  16. recommend:
  17. - match:
  18. - label: tuned.openshift.io/ingress-node-label
  19. priority: 10
  20. profile: openshift-ingress

Custom profile writers are strongly encouraged to include the default TuneD daemon profiles shipped within the default Tuned CR. The example above uses the default openshift-control-plane profile to accomplish this.

Using built-in TuneD profiles

Given the successful rollout of the NTO-managed daemon set, the TuneD operands all manage the same version of the TuneD daemon. To list the built-in TuneD profiles supported by the daemon, query any TuneD pod in the following way:

  1. $ oc exec $tuned_pod -n openshift-cluster-node-tuning-operator -- find /usr/lib/tuned/ -name tuned.conf -printf '%h\n' | sed 's|^.*/||'

You can use the profile names retrieved by this in your custom tuning specification.

Example: using built-in hpc-compute TuneD profile

  1. apiVersion: tuned.openshift.io/v1
  2. kind: Tuned
  3. metadata:
  4. name: openshift-node-hpc-compute
  5. namespace: openshift-cluster-node-tuning-operator
  6. spec:
  7. profile:
  8. - data: |
  9. [main]
  10. summary=Custom OpenShift node profile for HPC compute workloads
  11. include=openshift-node,hpc-compute
  12. name: openshift-node-hpc-compute
  13. recommend:
  14. - match:
  15. - label: tuned.openshift.io/openshift-node-hpc-compute
  16. priority: 20
  17. profile: openshift-node-hpc-compute

In addition to the built-in hpc-compute profile, the example above includes the openshift-node TuneD daemon profile shipped within the default Tuned CR to use OpenShift-specific tuning for compute nodes.

Supported TuneD daemon plugins

Excluding the [main] section, the following TuneD plugins are supported when using custom profiles defined in the profile: section of the Tuned CR:

  • audio

  • cpu

  • disk

  • eeepc_she

  • modules

  • mounts

  • net

  • scheduler

  • scsi_host

  • selinux

  • sysctl

  • sysfs

  • usb

  • video

  • vm

  • bootloader

There is some dynamic tuning functionality provided by some of these plugins that is not supported. The following TuneD plugins are currently not supported:

  • script

  • systemd

The TuneD bootloader plugin is currently supported on Fedora CoreOS (FCOS) 8.x worker nodes. For Fedora 7.x worker nodes, the TuneD bootloader plugin is currently not supported.

See Available TuneD Plugins and Getting Started with TuneD for more information.

Configuring node tuning in a hosted cluster

Hosted control planes is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/.

To set node-level tuning on the nodes in your hosted cluster, you can use the Node Tuning Operator. In hosted control planes, you can configure node tuning by creating config maps that contain Tuned objects and referencing those config maps in your node pools.

Procedure

  1. Create a config map that contains a valid tuned manifest, and reference the manifest in a node pool. In the following example, a Tuned manifest defines a profile that sets vm.dirty_ratio to 55 on nodes that contain the tuned-1-node-label node label with any value. Save the following ConfigMap manifest in a file named tuned-1.yaml:

    1. apiVersion: v1
    2. kind: ConfigMap
    3. metadata:
    4. name: tuned-1
    5. namespace: clusters
    6. data:
    7. tuning: |
    8. apiVersion: tuned.openshift.io/v1
    9. kind: Tuned
    10. metadata:
    11. name: tuned-1
    12. namespace: openshift-cluster-node-tuning-operator
    13. spec:
    14. profile:
    15. - data: |
    16. [main]
    17. summary=Custom OpenShift profile
    18. include=openshift-node
    19. [sysctl]
    20. vm.dirty_ratio="55"
    21. name: tuned-1-profile
    22. recommend:
    23. - priority: 20
    24. profile: tuned-1-profile

    If you do not add any labels to an entry in the spec.recommend section of the Tuned spec, node-pool-based matching is assumed, so the highest priority profile in the spec.recommend section is applied to nodes in the pool. Although you can achieve more fine-grained node-label-based matching by setting a label value in the Tuned .spec.recommend.match section, node labels will not persist during an upgrade unless you set the .spec.management.upgradeType value of the node pool to InPlace.

  2. Create the ConfigMap object in the management cluster:

    1. $ oc --kubeconfig="$MGMT_KUBECONFIG" create -f tuned-1.yaml
  3. Reference the ConfigMap object in the spec.tuningConfig field of the node pool, either by editing a node pool or creating one. In this example, assume that you have only one NodePool, named nodepool-1, which contains 2 nodes.

    1. apiVersion: hypershift.openshift.io/v1alpha1
    2. kind: NodePool
    3. metadata:
    4. ...
    5. name: nodepool-1
    6. namespace: clusters
    7. ...
    8. spec:
    9. ...
    10. tuningConfig:
    11. - name: tuned-1
    12. status:
    13. ...

    You can reference the same config map in multiple node pools. In hosted control planes, the Node Tuning Operator appends a hash of the node pool name and namespace to the name of the Tuned CRs to distinguish them. Outside of this case, do not create multiple TuneD profiles of the same name in different Tuned CRs for the same hosted cluster.

Verification

Now that you have created the ConfigMap object that contains a Tuned manifest and referenced it in a NodePool, the Node Tuning Operator syncs the Tuned objects into the hosted cluster. You can verify which Tuned objects are defined and which TuneD profiles are applied to each node.

  1. List the Tuned objects in the hosted cluster:

    1. $ oc --kubeconfig="$HC_KUBECONFIG" get Tuneds -n openshift-cluster-node-tuning-operator

    Example output

    1. NAME AGE
    2. default 7m36s
    3. rendered 7m36s
    4. tuned-1 65s
  2. List the Profile objects in the hosted cluster:

    1. $ oc --kubeconfig="$HC_KUBECONFIG" get Profiles -n openshift-cluster-node-tuning-operator

    Example output

    1. NAME TUNED APPLIED DEGRADED AGE
    2. nodepool-1-worker-1 tuned-1-profile True False 7m43s
    3. nodepool-1-worker-2 tuned-1-profile True False 7m14s

    If no custom profiles are created, the openshift-node profile is applied by default.

  3. To confirm that the tuning was applied correctly, start a debug shell on a node and check the sysctl values:

    1. $ oc --kubeconfig="$HC_KUBECONFIG" debug node/nodepool-1-worker-1 -- chroot /host sysctl vm.dirty_ratio

    Example output

    1. vm.dirty_ratio = 55

Advanced node tuning for hosted clusters by setting kernel boot parameters

Hosted control planes is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/.

For more advanced tuning in hosted control planes, which requires setting kernel boot parameters, you can also use the Node Tuning Operator. The following example shows how you can create a node pool with huge pages reserved.

Procedure

  1. Create a ConfigMap object that contains a Tuned object manifest for creating 10 huge pages that are 2 MB in size. Save this ConfigMap manifest in a file named tuned-hugepages.yaml:

    1. apiVersion: v1
    2. kind: ConfigMap
    3. metadata:
    4. name: tuned-hugepages
    5. namespace: clusters
    6. data:
    7. tuning: |
    8. apiVersion: tuned.openshift.io/v1
    9. kind: Tuned
    10. metadata:
    11. name: hugepages
    12. namespace: openshift-cluster-node-tuning-operator
    13. spec:
    14. profile:
    15. - data: |
    16. [main]
    17. summary=Boot time configuration for hugepages
    18. include=openshift-node
    19. [bootloader]
    20. cmdline_openshift_node_hugepages=hugepagesz=2M hugepages=50
    21. name: openshift-node-hugepages
    22. recommend:
    23. - priority: 20
    24. profile: openshift-node-hugepages

    The .spec.recommend.match field is intentionally left blank. In this case, this Tuned object is applied to all nodes in the node pool where this ConfigMap object is referenced. Group nodes with the same hardware configuration into the same node pool. Otherwise, TuneD operands can calculate conflicting kernel parameters for two or more nodes that share the same node pool.

  2. Create the ConfigMap object in the management cluster:

    1. $ oc --kubeconfig="$MGMT_KUBECONFIG" create -f tuned-hugepages.yaml
  3. Create a NodePool manifest YAML file, customize the upgrade type of the NodePool, and reference the ConfigMap object that you created in the spec.tuningConfig section. Create the NodePool manifest and save it in a file named hugepages-nodepool.yaml by using the hypershift CLI:

    1. NODEPOOL_NAME=hugepages-example
    2. INSTANCE_TYPE=m5.2xlarge
    3. NODEPOOL_REPLICAS=2
    4. hypershift create nodepool aws \
    5. --cluster-name $CLUSTER_NAME \
    6. --name $NODEPOOL_NAME \
    7. --node-count $NODEPOOL_REPLICAS \
    8. --instance-type $INSTANCE_TYPE \
    9. --render > hugepages-nodepool.yaml
  4. In the hugepages-nodepool.yaml file, set .spec.management.upgradeType to InPlace, and set .spec.tuningConfig to reference the tuned-hugepages ConfigMap object that you created.

    1. apiVersion: hypershift.openshift.io/v1alpha1
    2. kind: NodePool
    3. metadata:
    4. name: hugepages-nodepool
    5. namespace: clusters
    6. ...
    7. spec:
    8. management:
    9. ...
    10. upgradeType: InPlace
    11. ...
    12. tuningConfig:
    13. - name: tuned-hugepages

    To avoid the unnecessary re-creation of nodes when you apply the new MachineConfig objects, set .spec.management.upgradeType to InPlace. If you use the Replace upgrade type, nodes are fully deleted and new nodes can replace them when you apply the new kernel boot parameters that the TuneD operand calculated.

  5. Create the NodePool in the management cluster:

    1. $ oc --kubeconfig="$MGMT_KUBECONFIG" create -f hugepages-nodepool.yaml

Verification

After the nodes are available, the containerized TuneD daemon calculates the required kernel boot parameters based on the applied TuneD profile. After the nodes are ready and reboot once to apply the generated MachineConfig object, you can verify that the TuneD profile is applied and that the kernel boot parameters are set.

  1. List the Tuned objects in the hosted cluster:

    1. $ oc --kubeconfig="$HC_KUBECONFIG" get Tuneds -n openshift-cluster-node-tuning-operator

    Example output

    1. NAME AGE
    2. default 123m
    3. hugepages-8dfb1fed 1m23s
    4. rendered 123m
  2. List the Profile objects in the hosted cluster:

    1. $ oc --kubeconfig="$HC_KUBECONFIG" get Profiles -n openshift-cluster-node-tuning-operator

    Example output

    1. NAME TUNED APPLIED DEGRADED AGE
    2. nodepool-1-worker-1 openshift-node True False 132m
    3. nodepool-1-worker-2 openshift-node True False 131m
    4. hugepages-nodepool-worker-1 openshift-node-hugepages True False 4m8s
    5. hugepages-nodepool-worker-2 openshift-node-hugepages True False 3m57s

    Both of the worker nodes in the new NodePool have the openshift-node-hugepages profile applied.

  3. To confirm that the tuning was applied correctly, start a debug shell on a node and check /proc/cmdline.

    1. $ oc --kubeconfig="$HC_KUBECONFIG" debug node/nodepool-1-worker-1 -- chroot /host cat /proc/cmdline

    Example output

    1. BOOT_IMAGE=(hd0,gpt3)/ostree/rhcos-... hugepagesz=2M hugepages=50

Additional resources

For more information about hosted control planes, see Using hosted control plane clusters (Technology Preview).