Add --max-fd argument to uwsgi to stop it from getting OOMKilled in Kubernetes

[hoeg]

Description

This PR fixes the issue described in issue #9562 regarding uWSGI that under some circumstances will take up an unnecessary amount of resources on a kubernetes node leading to the pod getting OOMKilled.

We introduce the possibility to set the --max-fd argument when starting up uWSGI to mitigate this issue.

Test results

I have tested the fix on a kubernetes cluster where it prevented the pod from getting OOMKilled. For more information see #9562.

Documentation

It is not clear to me where the documentation should be updated.

[dryrunsecurity]

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status	DryRun Security Check
✅	Sensitive Functions Analyzer
❌	Configured Sensitive Files Analyzer
✅	Sensitive Files Analyzer

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

[dsever]

Please create PR against dev or bugfix

[mtesauro]

Approved

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Sensitive Functions Analyzer	✅	0 findings
Configured Sensitive Files Analyzer	❌	4 findings
Sensitive Files Analyzer	❕	1 findings

Note

🔴 Risk threshold exceeded. Adding a reviewer if one is configured in .dryrunsecurity.yaml.

notification list: @mtesauro @grendel513

Tip

Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example...

@dryrunsecurity What are common security issues with web application cookies?

Powered by DryRun Security

[Maffooch]

@hoeg thanks for updating your commits. It think this will work! There is not a some extra changes unrelated to your file descriptor changes that should not be here. Once those are removed, I think this will be good to go :)

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Closing this PR as the parent issue was addressed by changing the k8s config rather then a code change on the DD side.

[tmablunar]

I am trying to pick this is this issue up from my colleague @hoeg.

The described solution in k8s does not resolve the issue for us. We do not have any resource limits and requesting 4096Mi of memory. The pod is still OOMKilled. However, using the suggested solution in this PR solves the problem.