From 4bba04023dce5786007130c23e7d8da455600406 Mon Sep 17 00:00:00 2001
From: Erik Wilson <Erik.E.Wilson@gmail.com>
Date: Fri, 12 Apr 2019 16:45:59 -0700
Subject: [PATCH] Check for cgroup pids support

If cgroup pids are not supported add a feature-gates flag
SupportPodPidsLimit=false for kubelet.
---
 pkg/daemons/agent/agent.go | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/pkg/daemons/agent/agent.go b/pkg/daemons/agent/agent.go
index 985b78b362..2bffb400bd 100644
--- a/pkg/daemons/agent/agent.go
+++ b/pkg/daemons/agent/agent.go
@@ -101,17 +101,23 @@ func kubelet(cfg *config.Agent) {
 	if err != nil || defaultIP.String() != cfg.NodeIP {
 		argsMap["node-ip"] = cfg.NodeIP
 	}
-	root, hasCFS := checkCgroups()
+	root, hasCFS, hasPIDs := checkCgroups()
 	if !hasCFS {
 		logrus.Warn("Disabling CPU quotas due to missing cpu.cfs_period_us")
 		argsMap["cpu-cfs-quota"] = "false"
 	}
+	if !hasPIDs {
+		logrus.Warn("Disabling pod PIDs limit feature due to missing cgroup pids support")
+		argsMap["cgroups-per-qos"] = "false"
+		argsMap["enforce-node-allocatable"] = ""
+		argsMap["feature-gates"] = addFeatureGate(argsMap["feature-gates"], "SupportPodPidsLimit=false")
+	}
 	if root != "" {
 		argsMap["runtime-cgroups"] = root
 		argsMap["kubelet-cgroups"] = root
 	}
 	if system.RunningInUserNS() {
-		argsMap["feature-gates"] = "DevicePlugins=false"
+		argsMap["feature-gates"] = addFeatureGate(argsMap["feature-gates"], "DevicePlugins=false")
 	}
 
 	args := config.GetArgsList(argsMap, cfg.ExtraKubeletArgs)
@@ -123,15 +129,20 @@ func kubelet(cfg *config.Agent) {
 	}()
 }
 
-func checkCgroups() (string, bool) {
+func addFeatureGate(current, new string) string {
+	if current == "" {
+		return new
+	}
+	return current + "," + new
+}
+
+func checkCgroups() (root string, hasCFS bool, hasPIDs bool) {
 	f, err := os.Open("/proc/self/cgroup")
 	if err != nil {
-		return "", false
+		return "", false, false
 	}
 	defer f.Close()
 
-	ret := false
-	root := ""
 	scan := bufio.NewScanner(f)
 	for scan.Scan() {
 		parts := strings.Split(scan.Text(), ":")
@@ -140,10 +151,12 @@ func checkCgroups() (string, bool) {
 		}
 		systems := strings.Split(parts[1], ",")
 		for _, system := range systems {
-			if system == "cpu" {
+			if system == "pids" {
+				hasPIDs = true
+			} else if system == "cpu" {
 				p := filepath.Join("/sys/fs/cgroup", parts[1], parts[2], "cpu.cfs_period_us")
 				if _, err := os.Stat(p); err == nil {
-					ret = true
+					hasCFS = true
 				}
 			} else if system == "name=systemd" {
 				last := parts[len(parts)-1]
@@ -155,5 +168,5 @@ func checkCgroups() (string, bool) {
 		}
 	}
 
-	return root, ret
+	return root, hasCFS, hasPIDs
 }