Skip to content

Add a flag for enabling pprof on the controller manager #4449

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Okabe-Junya wants to merge 1 commit into
base: master
Choose a base branch
from
+18 −1
Open

Add a flag for enabling pprof on the controller manager #4449

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion charts/gha-runner-scale-set-controller/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,9 @@ spec:
- "--listener-metrics-endpoint="
- "--metrics-addr=0"
{{- end }}
{{- with .Values.pprof }}
- "--pprof-addr={{ .addr }}"
{{- end }}
Comment on lines +87 to +89
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The with .Values.pprof block will render --pprof-addr={{ .addr }} even if addr is unset/empty (e.g. pprof: {}), which can produce --pprof-addr=<no value> and later an invalid containerPort. Consider conditioning on .Values.pprof.addr and/or using required to ensure addr is provided when pprof is configured.

Copilot uses AI. Check for mistakes.
Comment on lines +87 to +89
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New behavior is introduced when .Values.pprof.addr is set (adds a flag + port), and this chart already has extensive Helm template tests. Adding a test case that enables pprof.addr and asserts the rendered --pprof-addr arg and pprof port would help prevent regressions.

Copilot uses AI. Check for mistakes.
{{- range .Values.flags.excludeLabelPropagationPrefixes }}
- "--exclude-label-propagation-prefix={{ . }}"
{{- end }}
Expand All @@ -95,12 +98,19 @@ spec:
{{- end }}
command:
- "/manager"
{{- with .Values.metrics }}
{{- if or .Values.metrics .Values.pprof }}
ports:
{{- end }}
{{- with .Values.metrics }}
- containerPort: {{regexReplaceAll ":([0-9]+)" .controllerManagerAddr "${1}"}}
protocol: TCP
name: metrics
{{- end }}
{{- with .Values.pprof }}
- containerPort: {{regexReplaceAll ":([0-9]+)" .addr "${1}"}}
Comment on lines 105 to +110
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

containerPort is derived from .Values.pprof.addr using regexReplaceAll ":([0-9]+)" ..., which breaks for common bind addresses that include a host (e.g. 127.0.0.1:6060 becomes 127.0.0.16060). This will render an invalid containerPort and Kubernetes will reject the Deployment. Consider extracting the trailing port number (e.g. via regexFind on [0-9]+$ or splitList and take the last element), and optionally fail fast if no port can be parsed.

Suggested change
- containerPort: {{regexReplaceAll ":([0-9]+)" .controllerManagerAddr "${1}"}}
protocol: TCP
name: metrics
{{- end }}
{{- with .Values.pprof }}
- containerPort: {{regexReplaceAll ":([0-9]+)" .addr "${1}"}}
- containerPort: {{ required "Values.metrics.controllerManagerAddr must end with a numeric port" (regexFind "[0-9]+$" .controllerManagerAddr) }}
protocol: TCP
name: metrics
{{- end }}
{{- with .Values.pprof }}
- containerPort: {{ required "Values.pprof.addr must end with a numeric port" (regexFind "[0-9]+$" .addr) }}

Copilot uses AI. Check for mistakes.
protocol: TCP
name: pprof
{{- end }}
env:
- name: CONTROLLER_MANAGER_CONTAINER_IMAGE
value: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
Expand Down
4 changes: 4 additions & 0 deletions charts/gha-runner-scale-set-controller/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,10 @@ priorityClassName: ""
# listenerAddr: ":8080"
# listenerEndpoint: "/metrics"

## To enable pprof, uncomment the following lines.
# pprof:
# addr: ":6060"
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example pprof.addr: ":6060" binds on all interfaces inside the pod, which makes it easy to accidentally expose pprof broadly in-cluster (pprof can reveal sensitive runtime details). Consider updating the example to 127.0.0.1:6060 (or adding a note recommending localhost + kubectl port-forward, or a NetworkPolicy) so the default guidance is safer.

Suggested change
# addr: ":6060"
# addr: "127.0.0.1:6060"

Copilot uses AI. Check for mistakes.

flags:
## Log level can be set here with one of the following values: "debug", "info", "warn", "error".
## Defaults to "debug".
Expand Down
3 changes: 3 additions & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ func main() {
listenerMetricsEndpoint string

metricsAddr string
pprofAddr string
autoScalingRunnerSetOnly bool
enableLeaderElection bool
disableAdmissionWebhook bool
Expand Down Expand Up @@ -121,6 +122,7 @@ func main() {
flag.StringVar(&listenerMetricsAddr, "listener-metrics-addr", ":8080", "The address applied to AutoscalingListener metrics server")
flag.StringVar(&listenerMetricsEndpoint, "listener-metrics-endpoint", "/metrics", "The AutoscalingListener metrics server endpoint from which the metrics are collected")
flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
flag.StringVar(&pprofAddr, "pprof-addr", "", "The address the pprof endpoint binds to.")
flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
flag.StringVar(&leaderElectionID, "leader-election-id", "actions-runner-controller", "Controller id for leader election.")
Expand Down Expand Up @@ -239,6 +241,7 @@ func main() {
SyncPeriod: &syncPeriod,
DefaultNamespaces: defaultNamespaces,
},
PprofBindAddress: pprofAddr,
WebhookServer: webhookServer,
LeaderElection: enableLeaderElection,
LeaderElectionID: leaderElectionID,
Expand Down
Loading