From 303d5a16cb8f2ad2f36c231647d2561c9fc275d6 Mon Sep 17 00:00:00 2001
From: Dawn Chen <dawnchen@google.com>
Date: Fri, 20 May 2016 15:52:35 -0700
Subject: [PATCH] Config root_maxkeys to 1000000, root_maxbytes to 25000000

---
 cmd/kubelet/app/server.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go
index 6e852cd5aed..f18457a8182 100644
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@@ -21,6 +21,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"math/rand"
 	"net"
 	"net/http"
@@ -668,6 +669,22 @@ func RunKubelet(kcfg *KubeletConfig) error {
 
 	util.ApplyRLimitForSelf(kcfg.MaxOpenFiles)
 
+	// TODO(dawnchen): remove this once we deprecated old debian containervm images.
+	// This is a workaround for issue: https://github.com/opencontainers/runc/issues/726
+	// The current chosen number is consistent with most of other os dist.
+	const maxkey_path = "/proc/sys/kernel/keys/root_maxkeys"
+	glog.Infof("Setting keys quota in %s to %d", maxkey_path, 1000000)
+	err = ioutil.WriteFile(maxkey_path, []byte(fmt.Sprintf("%d", uint32(1000000))), 0644)
+	if err != nil {
+		return fmt.Errorf("failed to update %s: %v", maxkey_path, err)
+	}
+	const maxbyte_path = "/proc/sys/kernel/keys/root_maxbytes"
+	glog.Infof("Setting keys bytes in %s to %d", maxbyte_path, 25000000)
+	err = ioutil.WriteFile(maxbyte_path, []byte(fmt.Sprintf("%d", uint32(25000000))), 0644)
+	if err != nil {
+		return fmt.Errorf("failed to update %s: %v", maxbyte_path, err)
+	}
+
 	// process pods and exit.
 	if kcfg.Runonce {
 		if _, err := k.RunOnce(podCfg.Updates()); err != nil {