K
Q

How to set pid limit in Kubernetes pod?

5/23/2019

I am looking for a way to limit the number of pids in the Kubernetes pod.

The following issue seems to be closed (already implemented) long time ago.

https://github.com/kubernetes/kubernetes/issues/43783

But nothing seems to be there in the reference yet..

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/

The pull request also seems to be merged

https://github.com/kubernetes/kubernetes/commit/bf111161b7aa4a47cc42ee6061b6bd3e45872cc4

I would like to know if we can use this feature now. If so, how and where to set it in the yaml file?

-- JavaTechnical
kubernetes

Similar Questions

OAuth2 with Grafana in Kubernetes - Configuration
PVC going empty after pod initialisation time GCP lost+found storage issue
Can you force GKE node autoscaling and how long should autoscaling take?
Jenkins (running in Kubernetes) can't resolve Git repository

2 Answers

5/23/2019

You can configure that limit in the Kubelet by enabling the SupportPodPidsLimit feature gate as here

--pod-max-pids=<specify_pids_limit> --feature-gates=SupportPodPidsLimit=true

Check here to know about the feature gates

Update :

kubeadm supports different feature gates from the one supported by Kubelet. The kubeadm version I am using :

kubeadm version: &version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.2", GitCommit:"66049e3b21efe110454d67df4fa62b08ea79a19b", GitTreeState:"clean", BuildDate:"2019-05-16T16:20:34Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

To support the above feature gate you need to follow these steps :

create a file called config.yaml and write like this to the file:

apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
featureGates:
   SupportPodPidsLimit: true

and then run the init command like this:

   kubeadm init --config=config.yaml

Check the config file of Kubelet which is stored in /var/lib/kubelet/config.yaml

-- Anshul Jindal
Source: StackOverflow
5/23/2019

The parameter (PodPidsLimit) is part of the kubelet configuration: https://godoc.org/k8s.io/kubernetes/pkg/kubelet/apis/config#KubeletConfiguration

To see current configuration and if the parameter is available in your current version: https://kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/#generate-the-configuration-file

Keep in mind that this means you can't configure the limit in a pod, you need set the limits for all the pods in the node

-- Chus
Source: StackOverflow