Skip to content

Commit

Permalink
Merge pull request #10512 from hetong07/cgroup_memory_fix
Browse files Browse the repository at this point in the history 
 cgroup v2: skip setting --memory limits when not configurable.
  • Loading branch information
@medyagh
medyagh authored Feb 19, 2021
2 parents 96c5b6a + 556a8d7 commit 0edb126
Showing 1 changed file with 24 additions and 5 deletions.
29 changes: 24 additions & 5 deletions pkg/drivers/kic/oci/oci.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,14 +107,28 @@ func PrepareContainerNode(p CreateParams) error {
return nil
}

func hasMemoryCgroup() bool {
memcg := true
if runtime.GOOS == "linux" {
var memory string
if cgroup2, err := IsCgroup2UnifiedMode(); err == nil && cgroup2 {
memory = "/sys/fs/cgroup/memory/memsw.limit_in_bytes"
}
if _, err := os.Stat(memory); os.IsNotExist(err) {
klog.Warning("Your kernel does not support memory limit capabilities or the cgroup is not mounted.")
out.WarningT("Cgroup v2 does not allow setting memory, if you want to set memory, please modify your Grub as instructed in https://docs.docker.com/engine/install/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities")
memcg = false
}
}
return memcg
}

func hasMemorySwapCgroup() bool {
memcgSwap := true
if runtime.GOOS == "linux" {
var memoryswap string
if cgroup2, err := IsCgroup2UnifiedMode(); err == nil && cgroup2 {
memoryswap = "/sys/fs/cgroup/memory/memory.swap.max"
} else {
memoryswap = "/sys/fs/cgroup/memory/memsw.limit_in_bytes"
}
if _, err := os.Stat(memoryswap); os.IsNotExist(err) {
// requires CONFIG_MEMCG_SWAP_ENABLED or cgroup_enable=memory in grub
Expand Down Expand Up @@ -171,6 +185,7 @@ func CreateContainerNode(p CreateParams) error {
}

memcgSwap := hasMemorySwapCgroup()
memcg := hasMemoryCgroup()

// https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
var virtualization string
Expand All @@ -179,19 +194,23 @@ func CreateContainerNode(p CreateParams) error {
runArgs = append(runArgs, "--volume", fmt.Sprintf("%s:/var:exec", p.Name))

if memcgSwap {
runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory))
// Disable swap by setting the value to match
runArgs = append(runArgs, fmt.Sprintf("--memory-swap=%s", p.Memory))
}

if memcg {
runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory))
}

virtualization = "podman" // VIRTUALIZATION_PODMAN
}
if p.OCIBinary == Docker {
runArgs = append(runArgs, "--volume", fmt.Sprintf("%s:/var", p.Name))
// ignore apparmore github actions docker: https://github.com/kubernetes/minikube/issues/7624
runArgs = append(runArgs, "--security-opt", "apparmor=unconfined")

runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory))
if memcg {
runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory))
}
if memcgSwap {
// Disable swap by setting the value to match
runArgs = append(runArgs, fmt.Sprintf("--memory-swap=%s", p.Memory))
Expand Down

0 comments on commit 0edb126

Please sign in to comment.