Address OOM kills in addons-manager

[vijaykatam]

• Fewer concurrent reconciles for packageinstallstatus_controller
• Higher ratelimiting for packageinstallstatus_controller
• Bubble up errors in reconcile method so that retries back off
• Remove timestamp addition in status
• Allow enabling pprof
• [Fix memory leak]: Reassigning variables remote tracker client variable which is a pointer causes the object to be tracked in memory even after its usage.
• [Fix memory leak]: Remote tracker seems to be very sensitive with respect to how watch is called. Change watch to only include stateless functions.

Signed-off-by: Vijay Katam vkatam@vmware.com

What this PR does / why we need it

Address OOM kills in addons-manager due to memory leaks

Which issue(s) this PR fixes

Fixes #2963

Describe testing done for PR

Tested on a scale test cluster with 158 clusters. The pod has been running stable for over 7 hours without OOM.

k get pods -n vmware-system-tkg -o wide | grep addons
tanzu-addons-controller-manager-5b5658c9d6-sxzcz         1/1     Running   0               7h22m   10.102.0.2   420f40b588050e0ef6dd8503237a8f91   <none>           <none>

The memory stays around ~400 mb

root@420f40b588050e0ef6dd8503237a8f91 [ ~ ]# curl http://localhost:18317/metrics | grep process_resident_memory_bytes
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0# HELP process_resident_memory_bytes Resident memory size in bytes.
# TYPE process_resident_memory_bytes gauge
process_resident_memory_bytes 4.03750912e+08
100   97k    0   97k    0     0  38.9M      0 --:--:-- --:--:-- --:--:-- 47.7M

Release note

package-based-lcm: fix memory leaks in packageinstallstatus_controller

Additional information

Before fix - notice packageinstallstatusreconciler

After fix Note that packageinstallstatusreconciler does not show up anymore

Special notes for your reviewer

[codecov]

Codecov Report

Merging #3004 (8fc4a78) into main (6d6ca50) will increase coverage by 0.12%.
The diff coverage is 70.39%.

@@            Coverage Diff             @@
##             main    #3004      +/-   ##
==========================================
+ Coverage   44.00%   44.13%   +0.12%     
==========================================
  Files         416      416              
  Lines       41852    42108     +256     
==========================================
+ Hits        18417    18583     +166     
- Misses      21714    21799      +85     
- Partials     1721     1726       +5     

Impacted Files	Coverage Δ
addons/controllers/addon_controller.go	63.30% <ø> (-0.31%)	⬇️
pkg/v1/config/clientconfig.go	34.79% <ø> (ø)
pkg/v1/config/defaults.go	42.30% <0.00%> (-0.83%)	⬇️
pkg/v1/tkg/avi/client.go	5.07% <0.00%> (-0.24%)	⬇️
pkg/v1/tkg/client/cluster.go	14.45% <ø> (+0.19%)	⬆️
pkg/v1/tkg/client/init.go	0.00% <0.00%> (ø)
pkg/v1/tkg/tkgconfigproviders/vsphere.go	49.24% <52.38%> (+0.44%)	⬆️
...ons/controllers/packageinstallstatus_controller.go	79.15% <75.51%> (-1.50%)	⬇️
pkg/v1/tkg/client/validate.go	57.99% <76.87%> (+1.74%)	⬆️
addons/controllers/packageinstallstatus_handler.go	40.00% <100.00%> (ø)
... and 14 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9ab0604...8fc4a78. Read the comment docs.

[maralavi]

I think the first two lines of this comment are valid still. Why removing those in that case?

[vijaykatam]

Added back with updated comment. Note that by default remote tracker excludes configmap and resource.

[maralavi]

Why we add ConfigMap and Secret to the ClientUncachedObjects? We never read any of those types in PackageInstallStatus Controller code.

[maralavi]

Wouldn't adding PackageInstall & Package to ClientUncachedObjects, mean that we'll not allow objects of those types to be cached anymore? Does that mean that we will be reading from api server for those now and that we'll be not using the cache functionality of remote watch anymore?

[maralavi]

It's sad to see timestamp go, it was adding more insight to the reconciliation status. But I can imagine it can add to the churn a lot as well.

[vijaykatam]

This was causing lot of unnecessary logs

[vijaykatam]

Until we can find another way to address checking if a package is managed, I am removing this because it requires a client and putting a stateful function (one that has a ref to reconciler) is contributing towards memory leaks.

[vijaykatam]

I made these functions not receivers of the PackageInstallStatusReconciler because these are passed to Watch in the remote tracker and is contributing to memory leaks.

[vijaykatam]

we can restore this test after we figure out a better way to check managed packages.

[maralavi]

@vijaykatam This block needed to be outside of the defer, the tests were failing sue to this change.