From 192790c52fed05a865ef5e5e35f57236cd23e9c1 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 23 Aug 2018 14:14:44 +0900 Subject: [PATCH] kube-proxy: allow running in userns Ignore an error during setting RLIMIT_NOFILE. Signed-off-by: Akihiro Suda --- pkg/proxy/userspace/proxier.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/proxy/userspace/proxier.go b/pkg/proxy/userspace/proxier.go index b9c14d28a4e..381fa842a2f 100644 --- a/pkg/proxy/userspace/proxier.go +++ b/pkg/proxy/userspace/proxier.go @@ -26,14 +26,17 @@ import ( "sync/atomic" "time" + libcontaineruserns "github.com/opencontainers/runc/libcontainer/userns" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" utilerrors "k8s.io/apimachinery/pkg/util/errors" utilnet "k8s.io/apimachinery/pkg/util/net" "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/sets" + utilfeature "k8s.io/apiserver/pkg/util/feature" servicehelper "k8s.io/cloud-provider/service/helpers" "k8s.io/klog/v2" + kubefeatures "k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/proxy" "k8s.io/kubernetes/pkg/proxy/config" utilproxy "k8s.io/kubernetes/pkg/proxy/util" @@ -231,7 +234,11 @@ func NewCustomProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptab err = setRLimit(64 * 1000) if err != nil { - return nil, fmt.Errorf("failed to set open file handler limit: %v", err) + if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.KubeletInUserNamespace) && libcontaineruserns.RunningInUserNS() { + klog.V(2).InfoS("Failed to set open file handler limit to 64000 (running in UserNS, ignoring)", "err", err) + } else { + return nil, fmt.Errorf("failed to set open file handler limit to 64000: %w", err) + } } proxyPorts := newPortAllocator(pr)