Merge pull request #2138 from gthao313/kubelet-setting

Add a new Kubelet setting podPidsLimit

README.md

@@ -383,6 +383,7 @@ The following settings are optional and allow you to further configure your clus
 * `settings.kubernetes.cpu-manager-reconcile-period`: Specifies the CPU manager reconcile period, which controls how often updated CPU assignments are written to cgroupfs. The value is a duration like `30s` for 30 seconds or `1h5m` for 1 hour and 5 minutes.
 * `settings.kubernetes.topology-manager-policy`: Specifies the topology manager policy. Possible values are `none`, `restricted`, `best-effort`, and `single-numa-node`. Defaults to `none`.
 * `settings.kubernetes.topology-manager-scope`: Specifies the topology manager scope. Possible values are `container` and `pod`. Defaults to `container`. If you want to group all containers in a pod to a common set of NUMA nodes, you can set this setting to `pod`.
+* `settings.kubernetes.pod-pids-limit`: The maximum number of processes per pod.
 
 You can also optionally specify static pods for your node with the following settings.
 Static pods can be particularly useful when running in standalone mode.

Release.toml

@@ -117,4 +117,5 @@ version = "1.7.2"
 "(1.7.2, 1.8.0)" = [
     "migrate_v1.8.0_boot-setting.lz4",
     "migrate_v1.8.0_boot-setting-metadata.lz4",
+    "migrate_v1.8.0_kubelet-pod-pids-limit.lz4",
 ]

packages/kubernetes-1.19/kubelet-config

@@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}}
 {{#if settings.kubernetes.topology-manager-policy}}
 topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{/if}}
+{{#if settings.kubernetes.pod-pids-limit includeZero=true}}
+podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
+{{/if}}
 resolvConf: "/etc/resolv.conf"
 hairpinMode: hairpin-veth
 readOnlyPort: 0

packages/kubernetes-1.20/kubelet-config

@@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}}
 {{#if settings.kubernetes.topology-manager-policy}}
 topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{/if}}
+{{#if settings.kubernetes.pod-pids-limit includeZero=true}}
+podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
+{{/if}}
 resolvConf: "/etc/resolv.conf"
 hairpinMode: hairpin-veth
 readOnlyPort: 0

packages/kubernetes-1.21/kubelet-config

@@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}}
 {{#if settings.kubernetes.topology-manager-policy}}
 topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{/if}}
+{{#if settings.kubernetes.pod-pids-limit includeZero=true}}
+podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
+{{/if}}
 resolvConf: "/etc/resolv.conf"
 hairpinMode: hairpin-veth
 readOnlyPort: 0

packages/kubernetes-1.22/kubelet-config

@@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}}
 {{#if settings.kubernetes.topology-manager-policy}}
 topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}}
 {{/if}}
+{{#if settings.kubernetes.pod-pids-limit includeZero=true}}
+podPidsLimit: {{settings.kubernetes.pod-pids-limit}}
+{{/if}}
 resolvConf: "/etc/resolv.conf"
 hairpinMode: hairpin-veth
 readOnlyPort: 0

sources/Cargo.toml

@@ -50,6 +50,7 @@ members = [
     "api/migration/migrations/v1.7.0/public-control-container-v0-6-0",
     "api/migration/migrations/v1.8.0/boot-setting",
     "api/migration/migrations/v1.8.0/boot-setting-metadata",
+    "api/migration/migrations/v1.8.0/kubelet-pod-pids-limit",
 
     "bottlerocket-release",
 

sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "kubelet-pod-pids-limit"
+version = "0.1.0"
+authors = ["Tianhao Geng <tianhg@amazon.com>"]
+license = "Apache-2.0 OR MIT"
+edition = "2018"
+publish = false
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[dependencies]
+migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"}

sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/src/main.rs

@@ -0,0 +1,22 @@
+#![deny(rust_2018_idioms)]
+
+use migration_helpers::common_migrations::AddPrefixesMigration;
+use migration_helpers::{migrate, Result};
+use std::process;
+
+/// We added a new setting for configuring pod-pids-limit, `settings.kubernetes.pod-pids-limit`
+fn run() -> Result<()> {
+    migrate(AddPrefixesMigration(vec![
+        "settings.kubernetes.pod-pids-limit",
+    ]))
+}
+
+// Returning a Result from main makes it print a Debug representation of the error, but with Snafu
+// we have nice Display representations of the error, so we wrap "main" (run) and print any error.
+// /~https://github.com/shepmaster/snafu/issues/110
+fn main() {
+    if let Err(e) = run() {
+        eprintln!("{}", e);
+        process::exit(1);
+    }
+}

sources/models/src/lib.rs

@@ -196,6 +196,7 @@ struct KubernetesSettings {
     cpu_manager_reconcile_period: KubernetesDurationValue,
     topology_manager_scope: TopologyManagerScope,
     topology_manager_policy: TopologyManagerPolicy,
+    pod_pids_limit: i64,
 
     // Settings where we generate a value based on the runtime environment.  The user can specify a
     // value to override the generated one, but typically would not.