Set nofile ulimit for loadbalancer container (#16)

mesosphere · Jun 27, 2023 · 14e8e52 · 14e8e52
1 parent 2139dfe
commit 14e8e52
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 2 deletions.
diff --git a/test/go.mod b/test/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/docker/docker v20.10.24+incompatible
 	github.com/docker/go-connections v0.4.0
+	github.com/docker/go-units v0.4.0
 	github.com/flatcar/ignition v0.36.2
 	github.com/go-logr/logr v1.2.3
 	github.com/onsi/ginkgo/v2 v2.9.2
@@ -47,7 +48,6 @@ require (
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/go-units v0.4.0 // indirect
 	github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect

diff --git a/test/infrastructure/container/docker.go b/test/infrastructure/container/docker.go
@@ -397,6 +397,7 @@ func (d *dockerRuntime) RunContainer(ctx context.Context, runConfig *RunContaine
 		PortBindings:  nat.PortMap{},
 		RestartPolicy: dockercontainer.RestartPolicy{Name: restartPolicy, MaximumRetryCount: restartMaximumRetryCount},
 		Init:          pointer.Bool(false),
+		Resources:     runConfig.Resources,
 	}
 	networkConfig := network.NetworkingConfig{}
 

diff --git a/test/infrastructure/container/interface.go b/test/infrastructure/container/interface.go
@@ -21,6 +21,8 @@ import (
 	"fmt"
 	"io"
 
+	dockercontainer "github.com/docker/docker/api/types/container"
+
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
@@ -98,6 +100,8 @@ type RunContainerInput struct {
 	// RestartPolicy to use for the container.
 	// If not set, defaults to "unless-stopped".
 	RestartPolicy string
+	// Resource limits and settings for the container.
+	Resources dockercontainer.Resources
 }
 
 // ExecContainerInput contains values for running exec on a container.

diff --git a/test/infrastructure/docker/internal/docker/kind_manager.go b/test/infrastructure/docker/internal/docker/kind_manager.go
@@ -20,6 +20,8 @@ import (
 	"context"
 	"fmt"
 
+	dockercontainer "github.com/docker/docker/api/types/container"
+	"github.com/docker/go-units"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/kind/pkg/apis/config/v1alpha4"
 	"sigs.k8s.io/kind/pkg/cluster/constants"
@@ -54,6 +56,7 @@ type nodeCreateOpts struct {
 	PortMappings []v1alpha4.PortMapping
 	Labels       map[string]string
 	IPFamily     clusterv1.ClusterIPFamily
+	Resources    dockercontainer.Resources
 }
 
 // CreateControlPlaneNode will create a new control plane container.
@@ -111,13 +114,26 @@ func (m *Manager) CreateExternalLoadBalancerNode(ctx context.Context, name, imag
 		ContainerPort: ControlPlanePort,
 		Protocol:      v1alpha4.PortMappingProtocolTCP,
 	}}
+
+	// load balancer resource limits
+	resources := dockercontainer.Resources{
+		Ulimits: []*units.Ulimit{
+			{
+				Name: "nofile",
+				Soft: 65536,
+				Hard: 65536,
+			},
+		},
+	}
+
 	createOpts := &nodeCreateOpts{
 		Name:         name,
 		Image:        image,
 		ClusterName:  clusterName,
 		Role:         constants.ExternalLoadBalancerNodeRoleValue,
 		PortMappings: portMappings,
 		EntryPoint:   haproxyEntrypoint,
+		Resources:    resources,
 	}
 	node, err := createNode(ctx, createOpts)
 	if err != nil {
@@ -157,7 +173,8 @@ func createNode(ctx context.Context, opts *nodeCreateOpts) (*types.Node, error)
 			"/tmp": "", // various things depend on working /tmp
 			"/run": "", // systemd wants a writable /run
 		},
-		IPFamily: opts.IPFamily,
+		Resources: opts.Resources,
+		IPFamily:  opts.IPFamily,
 	}
 	if opts.Role == constants.ControlPlaneNodeRoleValue {
 		runOptions.EnvironmentVars = map[string]string{