From bafabcbb44365e672b004e1a01e5be767c274cb0 Mon Sep 17 00:00:00 2001 From: "Christopher M. Luciano" Date: Mon, 13 Mar 2017 13:43:31 -0400 Subject: [PATCH] Consolidate sysctl commands for kubelet These commands are important enough to be in the Kubelet itself. By default, Ubuntu 14.04 and Debian Jessie have these set to 200 and 20000. Without this setting, nodes are limited in the number of containers that they can start. --- cmd/kubelet/app/server.go | 38 ----------------------- pkg/kubelet/cm/container_manager_linux.go | 2 ++ pkg/util/sysctl/sysctl.go | 5 +++ 3 files changed, 7 insertions(+), 38 deletions(-) diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 92a41383de..ba37eb1842 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -21,7 +21,6 @@ import ( "crypto/tls" "errors" "fmt" - "io/ioutil" "math/rand" "net" "net/http" @@ -30,7 +29,6 @@ import ( "os" "path" "strconv" - "strings" "time" "github.com/golang/glog" @@ -824,42 +822,6 @@ func RunKubelet(kubeFlags *options.KubeletFlags, kubeCfg *componentconfig.Kubele rlimit.RlimitNumFiles(uint64(kubeCfg.MaxOpenFiles)) - // TODO(dawnchen): remove this once we deprecated old debian containervm images. - // This is a workaround for issue: https://github.com/opencontainers/runc/issues/726 - // The current chosen number is consistent with most of other os dist. - const maxKeysPath = "/proc/sys/kernel/keys/root_maxkeys" - const minKeys uint64 = 1000000 - key, err := ioutil.ReadFile(maxKeysPath) - if err != nil { - glog.Errorf("Cannot read keys quota in %s", maxKeysPath) - } else { - fields := strings.Fields(string(key)) - nKey, _ := strconv.ParseUint(fields[0], 10, 64) - if nKey < minKeys { - glog.Infof("Setting keys quota in %s to %d", maxKeysPath, minKeys) - err = ioutil.WriteFile(maxKeysPath, []byte(fmt.Sprintf("%d", uint64(minKeys))), 0644) - if err != nil { - glog.Warningf("Failed to update %s: %v", maxKeysPath, err) - } - } - } - const maxBytesPath = "/proc/sys/kernel/keys/root_maxbytes" - const minBytes uint64 = 25000000 - bytes, err := ioutil.ReadFile(maxBytesPath) - if err != nil { - glog.Errorf("Cannot read keys bytes in %s", maxBytesPath) - } else { - fields := strings.Fields(string(bytes)) - nByte, _ := strconv.ParseUint(fields[0], 10, 64) - if nByte < minBytes { - glog.Infof("Setting keys bytes in %s to %d", maxBytesPath, minBytes) - err = ioutil.WriteFile(maxBytesPath, []byte(fmt.Sprintf("%d", uint64(minBytes))), 0644) - if err != nil { - glog.Warningf("Failed to update %s: %v", maxBytesPath, err) - } - } - } - // process pods and exit. if runOnce { if _, err := k.RunOnce(podCfg.Updates()); err != nil { diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go index 52f9f32fc0..062e536fa7 100644 --- a/pkg/kubelet/cm/container_manager_linux.go +++ b/pkg/kubelet/cm/container_manager_linux.go @@ -312,6 +312,8 @@ func setupKernelTunables(option KernelTunableBehavior) error { utilsysctl.VmPanicOnOOM: utilsysctl.VmPanicOnOOMInvokeOOMKiller, utilsysctl.KernelPanic: utilsysctl.KernelPanicRebootTimeout, utilsysctl.KernelPanicOnOops: utilsysctl.KernelPanicOnOopsAlways, + utilsysctl.RootMaxKeys: utilsysctl.RootMaxKeysSetting, + utilsysctl.RootMaxBytes: utilsysctl.RootMaxBytesSetting, } sysctl := utilsysctl.New() diff --git a/pkg/util/sysctl/sysctl.go b/pkg/util/sysctl/sysctl.go index e58b99d301..5c01dd88e7 100644 --- a/pkg/util/sysctl/sysctl.go +++ b/pkg/util/sysctl/sysctl.go @@ -29,12 +29,17 @@ const ( VmPanicOnOOM = "vm/panic_on_oom" KernelPanic = "kernel/panic" KernelPanicOnOops = "kernel/panic_on_oops" + RootMaxKeys = "kernel/keys/root_maxkeys" + RootMaxBytes = "kernel/keys/root_maxbytes" VmOvercommitMemoryAlways = 1 // kernel performs no memory over-commit handling VmPanicOnOOMInvokeOOMKiller = 0 // kernel calls the oom_killer function when OOM occurs KernelPanicOnOopsAlways = 1 // kernel panics on kernel oops KernelPanicRebootTimeout = 10 // seconds after a panic for the kernel to reboot + + RootMaxKeysSetting = 1000000 // Needed since docker creates a new key per container + RootMaxBytesSetting = RootMaxKeysSetting * 25 // allocate 25 bytes per key * number of MaxKeys ) // An injectable interface for running sysctl commands.