From c17682d82572e2cc89a289ed4d17a9d860a83aa4 Mon Sep 17 00:00:00 2001 From: Tianhao Geng Date: Mon, 16 May 2022 23:00:43 +0000 Subject: [PATCH 1/2] kubelet: add setting for configuring PodPidsLimit --- README.md | 1 + packages/kubernetes-1.19/kubelet-config | 3 +++ packages/kubernetes-1.20/kubelet-config | 3 +++ packages/kubernetes-1.21/kubelet-config | 3 +++ packages/kubernetes-1.22/kubelet-config | 3 +++ sources/models/src/lib.rs | 1 + 6 files changed, 14 insertions(+) diff --git a/README.md b/README.md index c441020e481..7d389086082 100644 --- a/README.md +++ b/README.md @@ -383,6 +383,7 @@ The following settings are optional and allow you to further configure your clus * `settings.kubernetes.cpu-manager-reconcile-period`: Specifies the CPU manager reconcile period, which controls how often updated CPU assignments are written to cgroupfs. The value is a duration like `30s` for 30 seconds or `1h5m` for 1 hour and 5 minutes. * `settings.kubernetes.topology-manager-policy`: Specifies the topology manager policy. Possible values are `none`, `restricted`, `best-effort`, and `single-numa-node`. Defaults to `none`. * `settings.kubernetes.topology-manager-scope`: Specifies the topology manager scope. Possible values are `container` and `pod`. Defaults to `container`. If you want to group all containers in a pod to a common set of NUMA nodes, you can set this setting to `pod`. +* `settings.kubernetes.pod-pids-limit`: The maximum number of processes per pod. You can also optionally specify static pods for your node with the following settings. Static pods can be particularly useful when running in standalone mode. diff --git a/packages/kubernetes-1.19/kubelet-config b/packages/kubernetes-1.19/kubelet-config index 0c87ff202e1..57c3e944b44 100644 --- a/packages/kubernetes-1.19/kubelet-config +++ b/packages/kubernetes-1.19/kubelet-config @@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}} {{#if settings.kubernetes.topology-manager-policy}} topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}} {{/if}} +{{#if settings.kubernetes.pod-pids-limit includeZero=true}} +podPidsLimit: {{settings.kubernetes.pod-pids-limit}} +{{/if}} resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth readOnlyPort: 0 diff --git a/packages/kubernetes-1.20/kubelet-config b/packages/kubernetes-1.20/kubelet-config index 0c87ff202e1..57c3e944b44 100644 --- a/packages/kubernetes-1.20/kubelet-config +++ b/packages/kubernetes-1.20/kubelet-config @@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}} {{#if settings.kubernetes.topology-manager-policy}} topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}} {{/if}} +{{#if settings.kubernetes.pod-pids-limit includeZero=true}} +podPidsLimit: {{settings.kubernetes.pod-pids-limit}} +{{/if}} resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth readOnlyPort: 0 diff --git a/packages/kubernetes-1.21/kubelet-config b/packages/kubernetes-1.21/kubelet-config index 0c87ff202e1..57c3e944b44 100644 --- a/packages/kubernetes-1.21/kubelet-config +++ b/packages/kubernetes-1.21/kubelet-config @@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}} {{#if settings.kubernetes.topology-manager-policy}} topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}} {{/if}} +{{#if settings.kubernetes.pod-pids-limit includeZero=true}} +podPidsLimit: {{settings.kubernetes.pod-pids-limit}} +{{/if}} resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth readOnlyPort: 0 diff --git a/packages/kubernetes-1.22/kubelet-config b/packages/kubernetes-1.22/kubelet-config index 0c87ff202e1..57c3e944b44 100644 --- a/packages/kubernetes-1.22/kubelet-config +++ b/packages/kubernetes-1.22/kubelet-config @@ -86,6 +86,9 @@ topologyManagerScope: {{settings.kubernetes.topology-manager-scope}} {{#if settings.kubernetes.topology-manager-policy}} topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}} {{/if}} +{{#if settings.kubernetes.pod-pids-limit includeZero=true}} +podPidsLimit: {{settings.kubernetes.pod-pids-limit}} +{{/if}} resolvConf: "/etc/resolv.conf" hairpinMode: hairpin-veth readOnlyPort: 0 diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index 87fa4218df2..f7ac0009e5a 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -196,6 +196,7 @@ struct KubernetesSettings { cpu_manager_reconcile_period: KubernetesDurationValue, topology_manager_scope: TopologyManagerScope, topology_manager_policy: TopologyManagerPolicy, + pod_pids_limit: i64, // Settings where we generate a value based on the runtime environment. The user can specify a // value to override the generated one, but typically would not. From fbc65856ab0b9d333eb59db415952c6787d2cf75 Mon Sep 17 00:00:00 2001 From: Tianhao Geng Date: Tue, 17 May 2022 01:02:15 +0000 Subject: [PATCH 2/2] migrations: add migration for kubelet setting `pod-pids-limit` Adds a migration for a new setting `kubelet-pod-pids-limit`. --- Release.toml | 1 + sources/Cargo.lock | 7 ++++++ sources/Cargo.toml | 1 + .../v1.8.0/kubelet-pod-pids-limit/Cargo.toml | 12 ++++++++++ .../v1.8.0/kubelet-pod-pids-limit/src/main.rs | 22 +++++++++++++++++++ 5 files changed, 43 insertions(+) create mode 100644 sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/Cargo.toml create mode 100644 sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/src/main.rs diff --git a/Release.toml b/Release.toml index 5a0094264a3..dcab3d3e38e 100644 --- a/Release.toml +++ b/Release.toml @@ -117,4 +117,5 @@ version = "1.7.2" "(1.7.2, 1.8.0)" = [ "migrate_v1.8.0_boot-setting.lz4", "migrate_v1.8.0_boot-setting-metadata.lz4", + "migrate_v1.8.0_kubelet-pod-pids-limit.lz4", ] diff --git a/sources/Cargo.lock b/sources/Cargo.lock index 9ba9fa7c39c..8b6f352c4f3 100644 --- a/sources/Cargo.lock +++ b/sources/Cargo.lock @@ -1772,6 +1772,13 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "kubelet-pod-pids-limit" +version = "0.1.0" +dependencies = [ + "migration-helpers", +] + [[package]] name = "language-tags" version = "0.3.2" diff --git a/sources/Cargo.toml b/sources/Cargo.toml index 2169213041d..b57604ea539 100644 --- a/sources/Cargo.toml +++ b/sources/Cargo.toml @@ -50,6 +50,7 @@ members = [ "api/migration/migrations/v1.7.0/public-control-container-v0-6-0", "api/migration/migrations/v1.8.0/boot-setting", "api/migration/migrations/v1.8.0/boot-setting-metadata", + "api/migration/migrations/v1.8.0/kubelet-pod-pids-limit", "bottlerocket-release", diff --git a/sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/Cargo.toml b/sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/Cargo.toml new file mode 100644 index 00000000000..438ae02af1d --- /dev/null +++ b/sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "kubelet-pod-pids-limit" +version = "0.1.0" +authors = ["Tianhao Geng "] +license = "Apache-2.0 OR MIT" +edition = "2018" +publish = false +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[dependencies] +migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/src/main.rs b/sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/src/main.rs new file mode 100644 index 00000000000..11e5a1215d1 --- /dev/null +++ b/sources/api/migration/migrations/v1.8.0/kubelet-pod-pids-limit/src/main.rs @@ -0,0 +1,22 @@ +#![deny(rust_2018_idioms)] + +use migration_helpers::common_migrations::AddPrefixesMigration; +use migration_helpers::{migrate, Result}; +use std::process; + +/// We added a new setting for configuring pod-pids-limit, `settings.kubernetes.pod-pids-limit` +fn run() -> Result<()> { + migrate(AddPrefixesMigration(vec![ + "settings.kubernetes.pod-pids-limit", + ])) +} + +// Returning a Result from main makes it print a Debug representation of the error, but with Snafu +// we have nice Display representations of the error, so we wrap "main" (run) and print any error. +// /~https://github.com/shepmaster/snafu/issues/110 +fn main() { + if let Err(e) = run() { + eprintln!("{}", e); + process::exit(1); + } +}