Reputation: 672
How do I set ulimit for containers in Kubernetes?
How do I set ulimit for containers in Kubernetes? (specifically ulimit -u)
Upvotes: 35
Views: 69447
Answers (5)
Reputation: 2971
If you are able to ssh into the kubernetes cluster, you can modify the docker.service file.
For an amazon EKS cluster, the file is located at
/usr/lib/systemd/system/docker.service.Append the property
LimitMEMLOCK=Infinityin the file and then restart the docker service.sudo service docker restart
This would spin up docker containers with an infinite memlock value. Probably the equivalent command with docker cli is:
docker run --ulimit memlock=-1:-1 <docker image>
Upvotes: 5
Reputation: 92
If you use the Kubernetes you never need memlock!!!!
If you use ElasticSearch in Kubernetes, Then configure it with the following environment variable:
bootstrap.memory_lock=false
FALSE!!!
You need NOT set memlock in Kubernetes because Kubernetes does NOT run with swap-file.
Some applications (for example ElasticSearch) do not work correctly if some RAM given to them by the operating system is flushed to disk into the swap file. Therefore, these applications require you to block memory from being flushed to disk.
If swap-file is disabled in the operating system, then these applications will never encounter this problem. This is exactly the situation with Kubernetes, because it requires disabling the swap-file while install.
If you're using Kubernetes, then you do NOT need to block the memory flush to disk, as this will never happen.
Upvotes: -2
Reputation: 92
Above all not working for me.
I done the following (it works on ubuntu:18.04 and centos/7):
sudo nano /usr/lib/systemd/system/docker.service
Added
--default-ulimit memlock=-1:-1
To line
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
This line must looks like:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --default-ulimit memlock=-1:-1
And then you MUST reload rightly: firstly run command
sudo systemctl daemon-reload
And then run command
sudo systemctl restart docker.service
To check work it or not works, run command
docker run busybox:1.28 cat /proc/1/limits
You must see unlimited max lock memory like about this:
...
Max locked memory unlimited unlimited bytes
...
And elasticsearch starts to work!!!!
Upvotes: 3
Reputation: 91
In Kubernetes cluster (AWS EKS) you can change the ulimit for a docker container by modifying the /etc/docker/daemon.json in the node where your container is running.
Add following lines to /etc/docker/daemon.json
"default-ulimits": { "nofile": { "Name": "nofile", "Hard": 128000, "Soft": 128000 } }
and finally restart the docker service on that node by executing following command.
service docker restart
Upvotes: 4
Reputation: 658
It appears that you can't currently set a ulimit but it is an open issue: https://github.com/kubernetes/kubernetes/issues/3595
Upvotes: 11
Related Questions
- Kubernetes: get actual resource limits from within container
- Configure resource limits in a pod via cli
- how to explicitly remove cpu limits for a container?
- How to set limit for kubelet of kubernetes?
- how to set container ulimits in Container-Optimized OS
- How to add resource and limits on Kubernetes Engine on Google Cloud Platform
- Pass ulimit to dockerd
- kubernetes node shows limit, but no limit set
- Kubernetes node ulimit settings
- "Limits" property ignored when deploying a container in a Kubernetes cluster