From 303d5a16cb8f2ad2f36c231647d2561c9fc275d6 Mon Sep 17 00:00:00 2001 From: Dawn Chen Date: Fri, 20 May 2016 15:52:35 -0700 Subject: [PATCH] Config root_maxkeys to 1000000, root_maxbytes to 25000000 --- cmd/kubelet/app/server.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 6e852cd5aed..f18457a8182 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -21,6 +21,7 @@ import ( "crypto/tls" "errors" "fmt" + "io/ioutil" "math/rand" "net" "net/http" @@ -668,6 +669,22 @@ func RunKubelet(kcfg *KubeletConfig) error { util.ApplyRLimitForSelf(kcfg.MaxOpenFiles) + // TODO(dawnchen): remove this once we deprecated old debian containervm images. + // This is a workaround for issue: https://github.com/opencontainers/runc/issues/726 + // The current chosen number is consistent with most of other os dist. + const maxkey_path = "/proc/sys/kernel/keys/root_maxkeys" + glog.Infof("Setting keys quota in %s to %d", maxkey_path, 1000000) + err = ioutil.WriteFile(maxkey_path, []byte(fmt.Sprintf("%d", uint32(1000000))), 0644) + if err != nil { + return fmt.Errorf("failed to update %s: %v", maxkey_path, err) + } + const maxbyte_path = "/proc/sys/kernel/keys/root_maxbytes" + glog.Infof("Setting keys bytes in %s to %d", maxbyte_path, 25000000) + err = ioutil.WriteFile(maxbyte_path, []byte(fmt.Sprintf("%d", uint32(25000000))), 0644) + if err != nil { + return fmt.Errorf("failed to update %s: %v", maxbyte_path, err) + } + // process pods and exit. if kcfg.Runonce { if _, err := k.RunOnce(podCfg.Updates()); err != nil {