search

canonical / k8s-snap

Canonical Kubernetes is an opinionated and CNCF conformant Kubernetes operated by Snaps and Charms, which come together to bring simplified operations and an enhanced security posture on any infrastructure.
GNU General Public License v3.0
40 stars 12 forks source link

Need to manually set LimitNOFILE in the containerd service file #718

Open playworker opened 1 week ago

playworker commented 1 week ago

Summary

I think it's related to this issue from 2019: https://github.com/containerd/containerd/issues/3201

I had some issues with both Kasten and Cilium pods reporting Too Many Open Files, when checking in a running pod the limit was showing as 1024, in order to increase this I needed to manually add an override for the snap.k8s.containerd service file and add the line LimitNOFILE=1048576 to the [Service] section.

What Should Happen Instead?

I feel like maybe this should be included in the default service file, Cilium seems to need this and that seems to be the chosen CNI. Apologies if I've misunderstood something though :)

Reproduction Steps

  1. Bootstrap a cluster
  2. Add some workloads
  3. Monitor Cilium pods for errors

System information

n/a

Can you suggest a fix?

No response

Are you interested in contributing with a fix?

No response

berkayoz commented 1 week ago

Hey @playworker,

Thank you for reporting this issue. I haven't seen anything related to Cilium specifically requiring this option or causing issues related to this. Could this be related to the workload that might exhausting the limit here?

We'll check upstream defaults/recommendation and adjust this accordingly if needed.