From 3bb9542606fcc50c2debd188824d0e6b53d94d6b Mon Sep 17 00:00:00 2001 From: h9-HSFRQDH <108324226+h9-HSFRQDH@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:20:48 +0800 Subject: [PATCH] Adding support for node & pod pid limit (#9038) --- roles/kubernetes/node/defaults/main.yml | 8 ++++++++ .../node/templates/kubelet-config.v1beta1.yaml.j2 | 13 +++++++++++++ 2 files changed, 21 insertions(+) diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 73e0898f5..7a1332bc0 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -26,20 +26,24 @@ kubelet_fail_swap_on: true kube_memory_reserved: 256Mi kube_cpu_reserved: 100m # kube_ephemeral_storage_reserved: 2Gi +# kube_pid_reserved: 1000 # Reservation for master hosts kube_master_memory_reserved: 512Mi kube_master_cpu_reserved: 200m # kube_master_ephemeral_storage_reserved: 2Gi +# kube_master_pid_reserved: 1000 # Set to true to reserve resources for system daemons system_reserved: false system_memory_reserved: 512Mi system_cpu_reserved: 500m # system_ephemeral_storage_reserved: 2Gi +# system_pid_reserved: 1000 # Reservation for master hosts system_master_memory_reserved: 256Mi system_master_cpu_reserved: 250m # system_master_ephemeral_storage_reserved: 2Gi +# system_master_pid_reserved: 1000 ## Eviction Thresholds to avoid system OOMs # https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#eviction-thresholds @@ -92,6 +96,10 @@ kube_apiserver_node_port_range: "30000-32767" # default is equal to application default kubelet_max_pods: 110 +# Sets the maximum number of processes running per Pod +# Default value -1 = unlimited +kubelet_pod_pids_limit: -1 + ## Support parameters to be passed to kubelet via kubelet-config.yaml kubelet_config_extra_args: {} diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 index de1b74b64..a010fbe0e 100644 --- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 +++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 @@ -27,6 +27,7 @@ cgroupDriver: {{ kubelet_cgroup_driver | default('systemd') }} containerLogMaxFiles: {{ kubelet_logfiles_max_nr }} containerLogMaxSize: {{ kubelet_logfiles_max_size }} maxPods: {{ kubelet_max_pods }} +podPidsLimit: {{ kubelet_pod_pids_limit }} address: {{ kubelet_bind_address }} readOnlyPort: {{ kube_read_only_port }} healthzPort: {{ kubelet_healthz_port }} @@ -66,12 +67,18 @@ kubeReserved: {% if kube_master_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ kube_master_ephemeral_storage_reserved }} {% endif %} +{% if kube_master_pid_reserved is defined %} + pid: {{ kube_master_pid_reserved }} +{% endif %} {% else %} cpu: {{ kube_cpu_reserved }} memory: {{ kube_memory_reserved }} {% if kube_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ kube_ephemeral_storage_reserved }} {% endif %} +{% if kube_pid_reserved is defined %} + pid: {{ kube_pid_reserved }} +{% endif %} {% endif %} {% if system_reserved is defined and system_reserved %} systemReserved: @@ -81,12 +88,18 @@ systemReserved: {% if system_master_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ system_master_ephemeral_storage_reserved }} {% endif %} +{% if system_master_pid_reserved is defined %} + pid: {{ system_master_pid_reserved }} +{% endif %} {% else %} cpu: {{ system_cpu_reserved }} memory: {{ system_memory_reserved }} {% if system_ephemeral_storage_reserved is defined %} ephemeral-storage: {{ system_ephemeral_storage_reserved }} {% endif %} +{% if system_pid_reserved is defined %} + pid: {{ system_pid_reserved }} +{% endif %} {% endif %} {% endif %} {% if is_kube_master|bool and eviction_hard_control_plane is defined and eviction_hard_control_plane %}