简体   繁体   English

如何在Kubernetes Pod中设置pid限制?

[英]How to set pid limit in Kubernetes pod?

I am looking for a way to limit the number of pids in the Kubernetes pod. 我正在寻找一种限制Kubernetes窗格中的pid数量的方法。

The following issue seems to be closed (already implemented) long time ago. 下列问题似乎很久以前已经解决(已经实施)。

https://github.com/kubernetes/kubernetes/issues/43783 https://github.com/kubernetes/kubernetes/issues/43783

But nothing seems to be there in the reference yet.. 但是参考文献中似乎还没有任何内容。

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/ https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/

The pull request also seems to be merged 拉取请求似乎也已合并

https://github.com/kubernetes/kubernetes/commit/bf111161b7aa4a47cc42ee6061b6bd3e45872cc4 https://github.com/kubernetes/kubernetes/commit/bf111161b7aa4a47cc42ee6061b6bd3e45872cc4

I would like to know if we can use this feature now. 我想知道我们现在是否可以使用此功能。 If so, how and where to set it in the yaml file? 如果是这样,如何在yaml文件中进行设置?

The parameter (PodPidsLimit) is part of the kubelet configuration: https://godoc.org/k8s.io/kubernetes/pkg/kubelet/apis/config#KubeletConfiguration 参数(PodPidsLimit)是kubelet配置的一部分: https ://godoc.org/k8s.io/kubernetes/pkg/kubelet/apis/config#KubeletConfiguration

To see current configuration and if the parameter is available in your current version: https://kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/#generate-the-configuration-file 要查看当前配置以及该参数在当前版本中是否可用: https : //kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/#generate-the-configuration-file

Keep in mind that this means you can't configure the limit in a pod, you need set the limits for all the pods in the node 请记住,这意味着您无法在Pod中配置限制,需要为节点中的所有Pod设置限制

You can configure that limit in the Kubelet by enabling the SupportPodPidsLimit feature gate as here 您可以通过启用SupportPodPidsLimit功能门在Kubelet中配置该限制,如下所示

--pod-max-pids=<specify_pids_limit> --feature-gates=SupportPodPidsLimit=true

Check here to know about the feature gates 点击此处了解功能门

Update : 更新:

kubeadm supports different feature gates from the one supported by Kubelet. kubeadm支持的功能门不同于Kubelet支持的功能门。 The kubeadm version I am using : 我正在使用的kubeadm版本:

kubeadm version: &version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:20:34Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

To support the above feature gate you need to follow these steps : 要支持上述功能门,您需要执行以下步骤:

create a file called config.yaml and write like this to the file: 创建一个名为config.yaml的文件,并将其写入以下文件:

apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
featureGates:
   SupportPodPidsLimit: true

and then run the init command like this: 然后像这样运行init命令:

   kubeadm init --config=config.yaml

Check the config file of Kubelet which is stored in /var/lib/kubelet/config.yaml 检查存储在/var/lib/kubelet/config.yaml的Kubelet的配置文件

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM