Enabling sangbox_cgroup_only causes the creation of pods with small memory.limits settings to fail

kata-containers / runtime

Kata Containers version 1.x runtime (for version 2.x see https://github.com/kata-containers/kata-containers).

https://katacontainers.io/

Apache License 2.0

2.1k stars 377 forks source link

Enabling sangbox_cgroup_only causes the creation of pods with small memory.limits settings to fail #3145

Closed Bevisy closed 3 years ago

Bevisy commented 3 years ago

Enabling sandbox_cgroup_only will add VM processes etc. to the pod's cgroups, when setting Pod a small resource.limits.memory, e.g. 50MiB, will cause the VM to fail to start. Or set a larger value, for example 2GiB, the container will be OOM during actual use, even if the container is not used to the limit value. Should we consider adding vm's quota to cgroupfs?

jodh-intel commented 3 years ago

/cc @devimc.

ariel-adam commented 3 years ago

@Bevisy could you please provide the relevant logs so we can see what's going on? Running kata-collect-data.sh

devimc commented 3 years ago

this is is expected since kata needs more than 50M of ram to run, please consider using Pod Overhead https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/