How to change pids_limit value in OpenShift 4.x

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatshut down

In the OpenShift 4.x environment, each running container will be limited to the default maximum PID value: 1024. If you need to run an application with more than 1024 processes in a container, you need the OpenShift container platform cluster operator to adjust the default maximum PID value to a larger number.

pids_limit It is the maximum number of processes allowed in the container. You can check it by running the following command in the OpenShift node:

$ sudo crio-status config | grep pid
pids_limit = 1024

In OpenShift, it is not recommended to change the value directly by editing Configuration file file:

$ grep  pids_limit /etc/crio/crio.conf
pids_limit = 1024

It is recommended to take the correct method according to the OCP version used. I am running OpenShift 4.4 and in this version, ContainerRuntimeConfig Introduced custom resources.You can check KCS Article 5133191.

Create ContainerRuntimeConfig custom resource to configure cri-o pidsLimit

cat <<EOF > custom-pidslimit.yaml
kind: ContainerRuntimeConfig
 name: custom-pidslimit
     custom-crio: custom-pidslimit
   pidsLimit: 4096

You can update the configuration file before applying:

vim custom-pidslimit.yaml

Application configuration:

$ oc create -f custom-pidslimit.yaml created

Verify resource has been created

$ oc get ctrcfg
NAME               AGE
custom-pidslimit   44s

After creating a custom resource, we need to promote the pidslimit change to all worker nodes in the cluster.

Let us add custom-crio under the label in the machineConfigPool configuration: custom-pidslimit

$ oc edit machineconfigpool worker
kind: MachineConfigPool
  creationTimestamp: "2020-07-15T08:29:58Z"
  generation: 7
    custom-crio: custom-pidslimit      #add this line

Check to make sure that a new 99-worker-XXX-containerruntime is created and a new rendered worker is created:

$ oc get machineconfigs | grep containerruntime
99-worker-261cdd8d-c387-4f61-b1ce-b9ab2d025f09-containerruntime   601c2285f497bf7c73d84737b9977a0e697cb86a   2.2.0             93s

Now, the changes should be rolled out to every node in the work pool through the new rendering work computer configuration.

You can verify by checking whether the latest render-worker machine-config has been successfully deployed to the pool:

$ oc get mcp
master   rendered-master-238bb9ffd94d526621cba8ee876c3ac8   True      False      False      5              5                   5                     0                      216d
worker   rendered-worker-6c236aa19af4d88fa0acdbc8f6ff53f3   False     True       True       10             0                   0                     7                      216d

After restarting the worker node, you can log in and confirm the current settings:

$ oc debug node/<workernode>
sh-4.4# chroot /host
sh-4.4# grep pids_limit /etc/crio/crio.conf

Hope this short guide helps to change the default value pids_limit In your OpenShift 4.x cluster.


More guides about OpenShift:

Deploy Ubuntu Pod in Kubernetes | OpenShift

Configure static IPv4 address in OpenShift 4.x CoreOS server

How to list and approve pending CSRs in OpenShift 4.x

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatshut down