mirror of https://github.com/k3s-io/k3s
bf111161b7
Automatic merge from submit-queue (batch tested with PRs 57973, 57990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Set pids limit at pod level **What this PR does / why we need it**: Add a new Alpha Feature to set a maximum number of pids per Pod. This is to allow the use case where cluster administrators wish to limit the pids consumed per pod (example when running a CI system). By default, we do not set any maximum limit, If an administrator wants to enable this, they should enable `SupportPodPidsLimit=true` in the `--feature-gates=` parameter to kubelet and specify the limit using the `--pod-max-pids` parameter. The limit set is the total count of all processes running in all containers in the pod. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #43783 **Special notes for your reviewer**: **Release note**: ```release-note New alpha feature to limit the number of processes running in a pod. Cluster administrators will be able to place limits by using the new kubelet command line parameter --pod-max-pids. Note that since this is a alpha feature they will need to enable the "SupportPodPidsLimit" feature. ``` |
||
|---|---|---|
| .. | ||
| apis | ||
| cadvisor | ||
| certificate | ||
| checkpoint | ||
| client | ||
| cm | ||
| config | ||
| configmap | ||
| container | ||
| custommetrics | ||
| dockershim | ||
| envvars | ||
| events | ||
| eviction | ||
| gpu | ||
| images | ||
| kubeletconfig | ||
| kuberuntime | ||
| leaky | ||
| lifecycle | ||
| metrics | ||
| mountpod | ||
| network | ||
| pleg | ||
| pod | ||
| preemption | ||
| prober | ||
| qos | ||
| remote | ||
| rkt | ||
| rktshim | ||
| secret | ||
| server | ||
| stats | ||
| status | ||
| sysctl | ||
| types | ||
| util | ||
| volumemanager | ||
| winstats | ||
| BUILD | ||
| OWNERS | ||
| active_deadline.go | ||
| active_deadline_test.go | ||
| doc.go | ||
| kubelet.go | ||
| kubelet_getters.go | ||
| kubelet_getters_test.go | ||
| kubelet_network.go | ||
| kubelet_network_test.go | ||
| kubelet_node_status.go | ||
| kubelet_node_status_test.go | ||
| kubelet_pods.go | ||
| kubelet_pods_test.go | ||
| kubelet_pods_windows_test.go | ||
| kubelet_resources.go | ||
| kubelet_resources_test.go | ||
| kubelet_test.go | ||
| kubelet_volumes.go | ||
| kubelet_volumes_test.go | ||
| oom_watcher.go | ||
| oom_watcher_test.go | ||
| pod_container_deletor.go | ||
| pod_container_deletor_test.go | ||
| pod_workers.go | ||
| pod_workers_test.go | ||
| reason_cache.go | ||
| reason_cache_test.go | ||
| runonce.go | ||
| runonce_test.go | ||
| runtime.go | ||
| util.go | ||
| volume_host.go | ||