Set nofile ulimit for loadbalancer container

kubernetes-sigs · Oct 5, 2022 · f51da8b · f51da8b
1 parent c6cbae8
commit f51da8b
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/test/infrastructure/container/docker.go b/test/infrastructure/container/docker.go
@@ -384,6 +384,7 @@ func (d *dockerRuntime) RunContainer(ctx context.Context, runConfig *RunContaine
 		Tmpfs:         runConfig.Tmpfs,
 		PortBindings:  nat.PortMap{},
 		RestartPolicy: dockercontainer.RestartPolicy{Name: "unless-stopped"},
+		Resources:     runConfig.Resources,
 	}
 	networkConfig := network.NetworkingConfig{}
 

diff --git a/test/infrastructure/container/interface.go b/test/infrastructure/container/interface.go
@@ -21,6 +21,8 @@ import (
 	"fmt"
 	"io"
 
+	dockercontainer "github.com/docker/docker/api/types/container"
+
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
@@ -95,6 +97,8 @@ type RunContainerInput struct {
 	PortMappings []PortMapping
 	// IPFamily is the IP version to use.
 	IPFamily clusterv1.ClusterIPFamily
+	// Resource limits and settings for the container.
+	Resources dockercontainer.Resources
 }
 
 // ExecContainerInput contains values for running exec on a container.

diff --git a/test/infrastructure/docker/internal/docker/kind_manager.go b/test/infrastructure/docker/internal/docker/kind_manager.go
@@ -21,6 +21,8 @@ import (
 	"fmt"
 	"net"
 
+	dockercontainer "github.com/docker/docker/api/types/container"
+	"github.com/docker/go-units"
 	"github.com/pkg/errors"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/kind/pkg/apis/config/v1alpha4"
@@ -52,6 +54,7 @@ type nodeCreateOpts struct {
 	PortMappings []v1alpha4.PortMapping
 	Labels       map[string]string
 	IPFamily     clusterv1.ClusterIPFamily
+	Resources    dockercontainer.Resources
 }
 
 // CreateControlPlaneNode will create a new control plane container.
@@ -116,20 +119,32 @@ func (m *Manager) CreateExternalLoadBalancerNode(ctx context.Context, name, imag
 		}
 		port = p
 	}
-
 	// load balancer port mapping
 	portMappings := []v1alpha4.PortMapping{{
 		ListenAddress: listenAddress,
 		HostPort:      port,
 		ContainerPort: ControlPlanePort,
 		Protocol:      v1alpha4.PortMappingProtocolTCP,
 	}}
+
+	// load balancer resource limits
+	resources := dockercontainer.Resources{
+		Ulimits: []*units.Ulimit{
+			{
+				Name: "nofile",
+				Soft: 65536,
+				Hard: 65536,
+			},
+		},
+	}
+
 	createOpts := &nodeCreateOpts{
 		Name:         name,
 		Image:        image,
 		ClusterName:  clusterName,
 		Role:         constants.ExternalLoadBalancerNodeRoleValue,
 		PortMappings: portMappings,
+		Resources:    resources,
 	}
 	node, err := createNode(ctx, createOpts)
 	if err != nil {
@@ -168,7 +183,8 @@ func createNode(ctx context.Context, opts *nodeCreateOpts) (*types.Node, error)
 			"/tmp": "", // various things depend on working /tmp
 			"/run": "", // systemd wants a writable /run
 		},
-		IPFamily: opts.IPFamily,
+		Resources: opts.Resources,
+		IPFamily:  opts.IPFamily,
 	}
 	log.V(6).Info("Container run options: %+v", runOptions)