← Back to Index

openshift 4.3 enable SupportPodPidsLimit

默认 /sys/fs/cgroup/pids/pids.max 是1024, 有些业务是要求突破这个值。如果不放松限制，会有 “read init-p: connection reset by peer” 这种错误，无法rsh进pod. 而且客户的java程序可能会出现线程创建失败的问题。

解决问题的思路，不要按照文档，开启集群的PodPidsLimit功能，而是用mc放开crio.conf里面的pid限制。

https://www.redhat.com/en/blog/red-hat-openshift-container-platform-4-now-defaults-cri-o-underlying-container-engine

https://docs.openshift.com/container-platform/4.3/nodes/clusters/nodes-cluster-enabling-features.html

https://blog.spider.im/post/pid-limit-in-k8s/

这个pids系统限制的是线程+进程数，可以理解成pstree -pl看到的数量

https://docs.openshift.com/container-platform/4.3/scalability_and_performance/recommended-host-practices.html

https://github.com/openshift/machine-config-operator/blob/master/pkg/apis/machineconfiguration.openshift.io/v1/types.go

https://github.com/openshift/machine-config-operator/blob/master/vendor/k8s.io/kubelet/config/v1beta1/types.go

https://github.com/cri-o/cri-o/issues/1921

正确

直接覆盖 /etc/crio/crio.conf


        # check current pids limit
        
        crictl ps | awk '{print $1}' | xargs -I DEMO crictl exec DEMO cat /sys/fs/cgroup/pids/pids.max
        
        oc label mcp worker custom-kubelet-pod-pids-limit=true
        
        cat << EOF > crio.yaml
        apiVersion: machineconfiguration.openshift.io/v1
        kind: ContainerRuntimeConfig
        metadata:
         name: set-log-and-pid
        spec:
         machineConfigPoolSelector:
           matchLabels:
             custom-kubelet-pod-pids-limit: 'true'
         containerRuntimeConfig:
           pidsLimit: 10240
        EOF
        oc apply -f crio.yaml
        
        oc delete -f crio.yaml

错误


        # PodPidsLimit
        
        oc label mcp worker custom-kubelet-pod-pids-limit=true
        
        cat << EOF > PodPidsLimit.yaml
        apiVersion: machineconfiguration.openshift.io/v1
        kind: KubeletConfig
        metadata:
          name: pod-pids-limit
        spec:
          machineConfigPoolSelector:
            matchLabels:
              custom-kubelet-pod-pids-limit: 'true'
          kubeletConfig:
            PodPidsLimit: 4096
        EOF
        oc apply -f PodPidsLimit.yaml
        
        oc delete -f PodPidsLimit.yaml
        
        cat << EOF > PodPidsLimit.yaml
        apiVersion: machineconfiguration.openshift.io/v1
        kind: KubeletConfig
        metadata:
          name: pod-pids-limit
        spec:
          machineConfigPoolSelector:
            matchLabels:
              custom-kubelet-pod-pids-limit: 'true'
          kubeletConfig:
            PodPidsLimit: 10240
        EOF
        oc apply -f PodPidsLimit.yaml