K
Q

Possible OOM in GCP container – how to debug?

8/12/2017

I have celery running in a docker container on GCP with Kubernetes. Its workers have recently started to get kill -9'd – this looks like it has something to do with OOMKiller. There are no OOM events in kubectl get events, which is something to be expected if these events only appear when a pod has trespassed resources.limits.memory value.

So, my theory is that celery process getting killed is a work of linux' own OOMKiller. This doesn't make sense though: if so much memory is consumed that OOMKiller enters the stage, how is it possible that this pod was scheduled in the first place? (assuming that Kubernetes does not allow scheduling of new pods if the sum of resources.limits.memory exceeds the amount of memory available to the system).

However, I am not aware of any other plausible reason for these SIGKILLs than OOMKiller.

An example of celery error (there is one for every worker):

[2017-08-12 07:00:12,124: ERROR/MainProcess] Process 'ForkPoolWorker-7' pid:16 exited with 'signal 9 (SIGKILL)'
[2017-08-12 07:00:12,208: ERROR/MainProcess] Task handler raised error: WorkerLostError('Worker exited prematurely: signal 9 (SIGKILL).',)
-- Pavel
celery
docker
google-cloud-platform
kubernetes
linux

Similar Questions

Snapshotting on google cloud/Kubernetes when using storageClass persistent volumes
Kubernetes: Expose only single pod of StatefulSet
Can't connect to mysql pod in Kubernetes when using Secrets for password (Access denied)
the meaning of srv records of kube-dns

1 Answer

8/14/2017

Containers can be OOMKilled for two reasons.

  1. If they exceed the memory limits of set for them. Limits are specified on a per container basis and if the container uses more memory than the limit it will be OOMKilled. From the process's point of view this is the same as if the system ran out of memory.

  2. If the system runs out of memory. There are two kinds of resource specifications in Kubernetes: requests and limits. Limits specify the maximum amount of memory the container can use before being OOMKilled. Requests are used to schedule Pods and default to the limits if not specified. Requests must be less than or equal to container limits. That means that containers could be overcommitted on nodes and OOMKilled if multiple containers are using more memory than their respective requests at the same time.

    For instance, if both process A and process B have request of 1GB and limit of 2GB, they can both be scheduled on a node that has 2GB of memory because requests are what is used for scheduling. Having requests less than the limit generally means that the container can burst up to 2GB but will usually use less than 1GB. Now, if both burst above 1GB at the same time the system can run out of memory and one container will get OOMKilled while still being below the limit set on the container.

You can debug whether the container is being OOMKilled by examining the containerStatuses field on the Pod.

$ kubectl get pod X -o json | jq '.status.containerStatuses'

If the pod was OOMKilled it will usually say something to that effect in the lastState field. In your case it looks like it may have been an OOM error based on issues filed against celery (like this one).

-- Ian Lewis
Source: StackOverflow