-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How does RKE2 limit pids in a container? #7041
Comments
You appear to be using RKE docs. Rke2 does not use cluster.yaml or any paths under /etc/kubernetes. Please reference the rke2 docs at https://docs.rke2.io and try again.
What about this is deprecated? |
Brandon, thanks for reply.
When I said cluster.yaml, I meant the yaml file that is the kind of Cluster in the cluster management menu in the rancher interface. I am attaching a screenshot. I know that if I change this configuration using gui, it will be changed the config file - /etc/rancher/rke2/config.yaml.d/50-rancher.yaml Also I had tried changing LimitNPROC param in the systemd file(/usr/local/lib/systemd/system/rke2-agent.service). Actually, according to the suse document ( https://www.suse.com/support/kb/doc/?id=000021322 ); Thanks again for reply, Let me continue my research at https://docs.rke2.io/ |
I would probably recommend with just using kubelet-arg:
- "--pod-max-pids=2048" Kubelet args are deprecated by upstream, but they are still very much supported. Rancher doesn't have any way to manage creating a kubelet config file on the node, so passing the path to one via kubelet args in the rancher UI is not recommended. |
RKE2 Version:
v1.24.9+rke2r2
Node(s) CPU architecture, OS, and Version:
4.18.0-372.32.1.el8_6.x86_64 #1 SMP Fri Oct 7 12:35:10 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux
Cluster Configuration:
3 master(cp,etcd), 3 worker
Kubernetes Version: v1.24.9
Hi,
I want to use PIDs cgroup limit. I tried these solutions. But it is not solved.
Firstly, I added Cluster.yaml like below.
After restart, I observed this params the result of this command - ps aux | grep kubelet | grep pids -
but this solution is deprecated.
And then, I edited these lines containerd.toml.tmpl file like below. After restart, my problem is not solved.
And then, I edited Cluster.yaml to use KubeletConfiguration again as defining below article: After restart, my problem is not solved.
https://www.suse.com/support/kb/doc/?id=000021322
in /etc/kubernetes/kubeletconfig.yml
After restart, I observed this params the result of this command - ps aux | grep kubelet | grep config -
but this solution is deprecated.
And laslty, I edited Cluster.yaml again and I added this params - kube-reserved=pid=2048
After reconciling, I observed this param but this is not solved.
I tried these solutions one by one. And after changes, I run in a container this command - cat /sys/fs/cgroup/pids/pids.max
None of the solutions worked.
How to limit pids in a container?
How to use PIDs cgroup limit?
The text was updated successfully, but these errors were encountered: