Config root_maxkeys to 1000000, root_maxbytes to 25000000

2025-07-22 11:21:47 +00:00 · 2016-05-20 15:52:35 -07:00 · 2016-05-20 15:52:35 -07:00 · 303d5a16cb
commit 303d5a16cb
parent 025b017277
1 changed files with 17 additions and 0 deletions
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@ -21,6 +21,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"math/rand"
 	"net"
 	"net/http"
@ -668,6 +669,22 @@ func RunKubelet(kcfg *KubeletConfig) error {

 	util.ApplyRLimitForSelf(kcfg.MaxOpenFiles)

+	// TODO(dawnchen): remove this once we deprecated old debian containervm images.
+	// This is a workaround for issue: https://github.com/opencontainers/runc/issues/726
+	// The current chosen number is consistent with most of other os dist.
+	const maxkey_path = "/proc/sys/kernel/keys/root_maxkeys"
+	glog.Infof("Setting keys quota in %s to %d", maxkey_path, 1000000)
+	err = ioutil.WriteFile(maxkey_path, []byte(fmt.Sprintf("%d", uint32(1000000))), 0644)
+	if err != nil {
+		return fmt.Errorf("failed to update %s: %v", maxkey_path, err)
+	}
+	const maxbyte_path = "/proc/sys/kernel/keys/root_maxbytes"
+	glog.Infof("Setting keys bytes in %s to %d", maxbyte_path, 25000000)
+	err = ioutil.WriteFile(maxbyte_path, []byte(fmt.Sprintf("%d", uint32(25000000))), 0644)
+	if err != nil {
+		return fmt.Errorf("failed to update %s: %v", maxbyte_path, err)
+	}
+
 	// process pods and exit.
 	if kcfg.Runonce {
 		if _, err := k.RunOnce(podCfg.Updates()); err != nil {