envbox is an image that enables creating non-privileged containers capable of running system-level software (e.g. dockerd, systemd, etc) in Kubernetes.
GNU Affero General Public License v3.0
34
stars
8
forks
source link
bug: envbox fails to start if CGroupV2 is enabled #28
When running envbox in a CGroupV2-enabled environment, envbox fails to start with the following error:
{"output":"Failed to run envbox: run: read CPU quota: read cpu.cfs_period_us outside container: open /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us: no such file or directory","time":"2023-05-08T11:07:47.613238439Z","type":"error"}
This particular piece of code copies the CGroup CPU limit into the inner container. This is important for applications running inside the container to know how many resources they have to work with (in particular, the JRE is CGroup-aware).
Unfortunately, this was written before CGroupV2 became widespread on Kubernetes, and will need to be updated to be CGroupV2-compatible.
Problem:
When running envbox in a CGroupV2-enabled environment, envbox fails to start with the following error:
This particular piece of code copies the CGroup CPU limit into the inner container. This is important for applications running inside the container to know how many resources they have to work with (in particular, the JRE is CGroup-aware).
Unfortunately, this was written before CGroupV2 became widespread on Kubernetes, and will need to be updated to be CGroupV2-compatible.