From 970c369f31f0be55ffde0f3a7d9caee89dbca651 Mon Sep 17 00:00:00 2001 From: derekwaynecarr Date: Mon, 5 Oct 2015 13:28:53 -0400 Subject: [PATCH] Kubelet sets kernel overcommit_memory flag --- pkg/kubelet/container_manager_linux.go | 28 ++++++++++++++++ pkg/proxy/iptables/proxier.go | 26 +++------------ pkg/util/sysctl/sysctl.go | 44 ++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 22 deletions(-) create mode 100644 pkg/util/sysctl/sysctl.go diff --git a/pkg/kubelet/container_manager_linux.go b/pkg/kubelet/container_manager_linux.go index 24a2b7ef3ef..318cc8a41bd 100644 --- a/pkg/kubelet/container_manager_linux.go +++ b/pkg/kubelet/container_manager_linux.go @@ -38,6 +38,7 @@ import ( "k8s.io/kubernetes/pkg/util/mount" "k8s.io/kubernetes/pkg/util/oom" "k8s.io/kubernetes/pkg/util/sets" + utilsysctl "k8s.io/kubernetes/pkg/util/sysctl" ) const ( @@ -141,10 +142,37 @@ func createManager(containerName string) *fs.Manager { } } +const sysctlVmOvercommitMemory = "vm/overcommit_memory" + +// disableKernelMemoryOvercommitHandling tells the kernel to perform no memory over-commit handling. +// Under this setting, the potential for memory overload is increased, but so is performance for +// memory-intensive tasks +// sets /proc/sys/vm/overcommit_memory to 1 +func disableKernelMemoryOvercommitHandling() error { + val, err := utilsysctl.GetSysctl(sysctlVmOvercommitMemory) + if err != nil { + return err + } + if val == 1 { + return nil + } + glog.V(2).Infof("Updating kernel memory overcommit flag from %v to %v", val, 1) + err = utilsysctl.SetSysctl(sysctlVmOvercommitMemory, 1) + if err != nil { + return err + } + return nil +} + func (cm *containerManagerImpl) setupNode() error { if err := validateSystemRequirements(cm.mountUtil); err != nil { return err } + + if err := disableKernelMemoryOvercommitHandling(); err != nil { + return err + } + systemContainers := []*systemContainer{} if cm.dockerDaemonContainerName != "" { cont := newSystemContainer(cm.dockerDaemonContainerName) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 5ec7a99bf65..a45f2dcd441 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -25,9 +25,7 @@ import ( "crypto/sha256" "encoding/base32" "fmt" - "io/ioutil" "net" - "path" "reflect" "strconv" "strings" @@ -43,6 +41,7 @@ import ( utilexec "k8s.io/kubernetes/pkg/util/exec" utiliptables "k8s.io/kubernetes/pkg/util/iptables" "k8s.io/kubernetes/pkg/util/slice" + utilsysctl "k8s.io/kubernetes/pkg/util/sysctl" ) // iptablesMinVersion is the minimum version of iptables for which we will use the Proxier @@ -90,7 +89,7 @@ func ShouldUseIptablesProxier() (bool, error) { // Check for the required sysctls. We don't care about the value, just // that it exists. If this Proxier is chosen, we'll iniialize it as we // need. - _, err = getSysctl(sysctlRouteLocalnet) + _, err = utilsysctl.GetSysctl(sysctlRouteLocalnet) if err != nil { return false, err } @@ -98,26 +97,9 @@ func ShouldUseIptablesProxier() (bool, error) { return true, nil } -const sysctlBase = "/proc/sys" const sysctlRouteLocalnet = "net/ipv4/conf/all/route_localnet" const sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables" -func getSysctl(sysctl string) (int, error) { - data, err := ioutil.ReadFile(path.Join(sysctlBase, sysctl)) - if err != nil { - return -1, err - } - val, err := strconv.Atoi(strings.Trim(string(data), " \n")) - if err != nil { - return -1, err - } - return val, nil -} - -func setSysctl(sysctl string, newVal int) error { - return ioutil.WriteFile(path.Join(sysctlBase, sysctl), []byte(strconv.Itoa(newVal)), 0640) -} - // internal struct for string service information type serviceInfo struct { clusterIP net.IP @@ -180,7 +162,7 @@ var _ proxy.ProxyProvider = &Proxier{} // will not terminate if a particular iptables call fails. func NewProxier(ipt utiliptables.Interface, exec utilexec.Interface, syncPeriod time.Duration, masqueradeAll bool) (*Proxier, error) { // Set the route_localnet sysctl we need for - if err := setSysctl(sysctlRouteLocalnet, 1); err != nil { + if err := utilsysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err) } @@ -188,7 +170,7 @@ func NewProxier(ipt utiliptables.Interface, exec utilexec.Interface, syncPeriod // because we'll catch the error on the sysctl, which is what we actually // care about. exec.Command("modprobe", "br-netfilter").CombinedOutput() - if err := setSysctl(sysctlBridgeCallIptables, 1); err != nil { + if err := utilsysctl.SetSysctl(sysctlBridgeCallIptables, 1); err != nil { glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIptables, err) } diff --git a/pkg/util/sysctl/sysctl.go b/pkg/util/sysctl/sysctl.go new file mode 100644 index 00000000000..50308204ac2 --- /dev/null +++ b/pkg/util/sysctl/sysctl.go @@ -0,0 +1,44 @@ +/* +Copyright 2015 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package sysctl + +import ( + "io/ioutil" + "path" + "strconv" + "strings" +) + +const sysctlBase = "/proc/sys" + +// GetSysctl returns the value for the specified sysctl setting +func GetSysctl(sysctl string) (int, error) { + data, err := ioutil.ReadFile(path.Join(sysctlBase, sysctl)) + if err != nil { + return -1, err + } + val, err := strconv.Atoi(strings.Trim(string(data), " \n")) + if err != nil { + return -1, err + } + return val, nil +} + +// SetSysctl modifies the specified sysctl flag to the new value +func SetSysctl(sysctl string, newVal int) error { + return ioutil.WriteFile(path.Join(sysctlBase, sysctl), []byte(strconv.Itoa(newVal)), 0640) +}