How do I set ulimit for containers in Kubernetes?

Question

How do I set ulimit for containers in Kubernetes? (specifically ulimit -u)

Answer 1

It appears that you can't currently set a ulimit but it is an open issue: https://github.com/kubernetes/kubernetes/issues/3595

Answer 2

In Kubernetes cluster (AWS EKS) you can change the ulimit for a docker container by modifying the /etc/docker/daemon.json in the node where your container is running.

Add following lines to /etc/docker/daemon.json

"default-ulimits": { "nofile": { "Name": "nofile", "Hard": 128000, "Soft": 128000 } }

and finally restart the docker service on that node by executing following command.

service docker restart

Answer 3

Above all not working for me.

I done the following (it works on ubuntu:18.04 and centos/7):

sudo nano /usr/lib/systemd/system/docker.service

Added

--default-ulimit memlock=-1:-1

To line

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

This line must looks like:

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --default-ulimit memlock=-1:-1

And then you MUST reload rightly: firstly run command

sudo systemctl daemon-reload

And then run command

sudo systemctl restart docker.service

To check work it or not works, run command

docker run busybox:1.28 cat /proc/1/limits

You must see unlimited max lock memory like about this:

...
Max locked memory         unlimited            unlimited            bytes
...

And elasticsearch starts to work!!!!

Answer 4

If you are able to ssh into the kubernetes cluster, you can modify the docker.service file.

• For an amazon EKS cluster, the file is located at /usr/lib/systemd/system/docker.service.

• Append the property LimitMEMLOCK=Infinity in the file and then restart the docker service.

  sudo service docker restart

This would spin up docker containers with an infinite memlock value. Probably equivalent to

docker run -ulimit memlock=-1:-1 <docker image>