diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go index 78a496fd69..53136f7978 100644 --- a/pkg/kubelet/cm/container_manager_linux.go +++ b/pkg/kubelet/cm/container_manager_linux.go @@ -147,6 +147,8 @@ func setupKernelTunables(option KernelTunableBehavior) error { desiredState := map[string]int{ utilsysctl.VmOvercommitMemory: utilsysctl.VmOvercommitMemoryAlways, utilsysctl.VmPanicOnOOM: utilsysctl.VmPanicOnOOMInvokeOOMKiller, + utilsysctl.KernelPanic: utilsysctl.KernelPanicRebootTimeout, + utilsysctl.KernelPanicOnOops: utilsysctl.KernelPanicOnOopsAlways, } errList := []error{} diff --git a/pkg/kubelet/dockertools/fake_manager.go b/pkg/kubelet/dockertools/fake_manager.go index 04e6a014ed..4f0a96cb58 100644 --- a/pkg/kubelet/dockertools/fake_manager.go +++ b/pkg/kubelet/dockertools/fake_manager.go @@ -44,7 +44,7 @@ func NewFakeDockerManager( httpClient kubetypes.HttpGetter, imageBackOff *util.Backoff) *DockerManager { fakeOOMAdjuster := oom.NewFakeOOMAdjuster() - fakeProcFs := procfs.NewFakeProcFs() + fakeProcFs := procfs.NewFakeProcFS() dm := NewDockerManager(client, recorder, livenessManager, containerRefManager, machineInfo, podInfraContainerImage, qps, burst, containerLogsDir, osInterface, networkPlugin, generator, httpClient, &NativeExecHandler{}, fakeOOMAdjuster, fakeProcFs, false, imageBackOff, true) diff --git a/pkg/kubelet/dockertools/manager.go b/pkg/kubelet/dockertools/manager.go index 3db3066fa7..ac1d8abda8 100644 --- a/pkg/kubelet/dockertools/manager.go +++ b/pkg/kubelet/dockertools/manager.go @@ -133,7 +133,7 @@ type DockerManager struct { oomAdjuster *oom.OOMAdjuster // Get information from /proc mount. - procFs procfs.ProcFsInterface + procFs procfs.ProcFSInterface // If true, enforce container cpu limits with CFS quota support cpuCFSQuota bool @@ -158,7 +158,7 @@ func NewDockerManager( httpClient kubetypes.HttpGetter, execHandler ExecHandler, oomAdjuster *oom.OOMAdjuster, - procFs procfs.ProcFsInterface, + procFs procfs.ProcFSInterface, cpuCFSQuota bool, imageBackOff *util.Backoff, serializeImagePulls bool) *DockerManager { diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 9c4f0807ac..74c59a2759 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -320,7 +320,7 @@ func NewMainKubelet( return nil, err } - procFs := procfs.NewProcFs() + procFs := procfs.NewProcFS() imageBackOff := util.NewBackOff(resyncInterval, MaxContainerBackOff) klet.livenessManager = proberesults.NewManager() diff --git a/pkg/util/procfs/procfs.go b/pkg/util/procfs/procfs.go index 22dd1470cc..c0a45725fb 100644 --- a/pkg/util/procfs/procfs.go +++ b/pkg/util/procfs/procfs.go @@ -24,10 +24,10 @@ import ( "strings" ) -type ProcFs struct{} +type ProcFS struct{} -func NewProcFs() ProcFsInterface { - return &ProcFs{} +func NewProcFS() ProcFSInterface { + return &ProcFS{} } func containerNameFromProcCgroup(content string) (string, error) { @@ -44,7 +44,7 @@ func containerNameFromProcCgroup(content string) (string, error) { // getFullContainerName gets the container name given the root process id of the container. // Eg. If the devices cgroup for the container is stored in /sys/fs/cgroup/devices/docker/nginx, // return docker/nginx. Assumes that the process is part of exactly one cgroup hierarchy. -func (pfs *ProcFs) GetFullContainerName(pid int) (string, error) { +func (pfs *ProcFS) GetFullContainerName(pid int) (string, error) { filePath := path.Join("/proc", strconv.Itoa(pid), "cgroup") content, err := ioutil.ReadFile(filePath) if err != nil { diff --git a/pkg/util/procfs/procfs_fake.go b/pkg/util/procfs/procfs_fake.go index b002a9d98c..8d16aa53cc 100644 --- a/pkg/util/procfs/procfs_fake.go +++ b/pkg/util/procfs/procfs_fake.go @@ -16,15 +16,15 @@ limitations under the License. package procfs -type FakeProcFs struct{} +type FakeProcFS struct{} -func NewFakeProcFs() ProcFsInterface { - return &FakeProcFs{} +func NewFakeProcFS() ProcFSInterface { + return &FakeProcFS{} } -// getFullContainerName gets the container name given the root process id of the container. +// GetFullContainerName gets the container name given the root process id of the container. // Eg. If the devices cgroup for the container is stored in /sys/fs/cgroup/devices/docker/nginx, // return docker/nginx. Assumes that the process is part of exactly one cgroup hierarchy. -func (fakePfs *FakeProcFs) GetFullContainerName(pid int) (string, error) { +func (fakePfs *FakeProcFS) GetFullContainerName(pid int) (string, error) { return "", nil } diff --git a/pkg/util/procfs/procfs_interface.go b/pkg/util/procfs/procfs_interface.go index b776443dbf..d3bf14f0c7 100644 --- a/pkg/util/procfs/procfs_interface.go +++ b/pkg/util/procfs/procfs_interface.go @@ -16,7 +16,7 @@ limitations under the License. package procfs -type ProcFsInterface interface { - // getFullContainerName gets the container name given the root process id of the container. +type ProcFSInterface interface { + // GetFullContainerName gets the container name given the root process id of the container. GetFullContainerName(pid int) (string, error) } diff --git a/pkg/util/sysctl/sysctl.go b/pkg/util/sysctl/sysctl.go index 784a20ff23..9398a7ac31 100644 --- a/pkg/util/sysctl/sysctl.go +++ b/pkg/util/sysctl/sysctl.go @@ -27,9 +27,14 @@ const ( sysctlBase = "/proc/sys" VmOvercommitMemory = "vm/overcommit_memory" VmPanicOnOOM = "vm/panic_on_oom" + KernelPanic = "kernel/panic" + KernelPanicOnOops = "kernel/panic_on_oops" VmOvercommitMemoryAlways = 1 // kernel performs no memory over-commit handling VmPanicOnOOMInvokeOOMKiller = 0 // kernel calls the oom_killer function when OOM occurs + + KernelPanicOnOopsAlways = 1 // kernel panics on kernel oops + KernelPanicRebootTimeout = 10 // seconds after a panic for the kernel to reboot ) // GetSysctl returns the value for the specified sysctl setting