堆栈内存溢出
  简体   繁体   English

将控制组规则应用于Kubernetes集群中的特定(或所有)Docker容器

[英]Apply control group rule to specific (or all) Docker containers in Kubernetes cluster

 原文  2019-06-24 14:14:47       docker/ kubernetes/ cgroups

问题描述

By default Docker containers are unprivileged. 默认情况下,Docker容器是非特权的。 Of course devices can be added individually with docker run --device /dev/abc0 but this cannot yet be done in Kubernetes. 当然可以使用docker run --device /dev/abc0单独添加设备,但这还不能在Kubernetes中完成。

In any event I have an arbitrary number of devices per node, which makes it easier to map /dev and to enable a cgroup rule: docker run -v /dev:/dev --device-cgroup-rule='c 123:* rmw' . 无论如何,每个节点都有一个任意数量的设备,这使得映射/dev和启用cgroup规则变得更容易: docker run -v /dev:/dev --device-cgroup-rule='c 123:* rmw' How can I pass this --device-cgroup-rule to specific or all Docker containers controlled by Kubernetes? 如何将这个--device-cgroup-rule传递给Kubernetes控制的特定或所有Docker容器? Can a RuntimeClass help? RuntimeClass可以帮助吗? A system-level cgroup config? 系统级cgroup配置?

1 个解决方案

解决方案1
 0  2019-07-16 09:50:22

If I understand you correctly you should focus on Kublet, it's support for several container runtimes and it's integration with Docker. 如果我理解正确你应该专注于Kublet,它支持几个容器运行时并且它与Docker集成。

According to this documentation , there are plenty of options to choose from, like: 根据此文档 ,有很多选项可供选择,例如: 

 --cgroup-driver string

Driver that the kubelet uses to manipulate cgroups on the host. kubelet用于操作主机上的cgroup的驱动程序。 

 --cgroup-root string

Optional root cgroup to use for pods. 用于pod的可选根cgroup。 This is handled by the container runtime on a best effort basis. 这由容器运行时以尽力而为的方式处理。 Default: '', which means use the container runtime default. 默认值:'',表示使用容器运行时默认值。 

 --enforce-node-allocatable stringSlice

A comma separated list of levels of node allocatable enforcement to be enforced by kubelet. 由kubelet强制执行的以逗号分隔的节点可分配强制级别列表。 Acceptable options are 'pods', 'system-reserved' & 'kube-reserved'. 可接受的选项是'pods','system-reserved'和'kube-reserved'。 If the latter two options are specified, ' --system-reserved-cgroup ' & ' --kube-reserved-cgroup ' must also be set respectively. 如果指定后两个选项,则还必须分别设置' --system-reserved-cgroup '和' --kube-reserved-cgroup '。 See /docs/tasks/administer-cluster/reserve-compute-resources/ for more details. 有关更多详细信息,请参阅/docs/tasks/administer-cluster/reserve-compute-resources/ (default [pods]) (默认[pods]) 

 --runtime-cgroups string

Optional absolute name of cgroups to create and run the runtime in. 用于创建和运行运行时的cgroup的可选绝对名称。

Please look into them and verify if they satisfy your needs. 请查看它们并验证它们是否满足您的需求。

Please let me know if that helped. 如果有帮助,请告诉我。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在AWS上使用Kubernetes创建和运行docker容器集群 - Creating and running docker containers cluster with Kubernetes on AWS 是否可以使用特定的自定义规则在Kubernetes / Docker中运行新容器? - Is it possible to specific custom rules for running new containers in Kubernetes/Docker? 如何将 Windows docker 容器部署到 docker-for-desktop Kubernetes 集群? 拉取访问被拒绝 - How do I deploy Windows docker containers to docker-for-desktop Kubernetes cluster? pull access denied Kubernetes Pod中的Docker容器无法通信 - Docker Containers in Kubernetes pod not communicating 代理背后的Kubernetes Docker容器 - Kubernetes Docker Containers behind proxy 如何将我的应用程序与运行Docker容器的Kubernetes集群集成在一起? - How can I integrate my application with Kubernetes cluster running Docker containers? Docker 在 Kube.netes 集群中的 Docker 内 - Docker inside Docker in a Kubernetes Cluster 适用于Windows的带有Kubernetes和Windows容器的Docker - Docker for Windows with Kubernetes and Windows Containers 在docker容器上运行hadoop集群 - Run a hadoop cluster on docker containers 有 Kubernetes/Docker 的有状态容器可能吗? - Stateful Containers with Kubernetes/Docker is it possible?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM