Set nofile ulimit for loadbalancer container (#16)

test/go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/docker/docker v20.10.24+incompatible
 	github.com/docker/go-connections v0.4.0
+	github.com/docker/go-units v0.4.0
 	github.com/flatcar/ignition v0.36.2
 	github.com/go-logr/logr v1.2.3
 	github.com/onsi/ginkgo/v2 v2.9.2
@@ -47,7 +48,6 @@ require (
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/go-units v0.4.0 // indirect
 	github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect

test/infrastructure/container/docker.go

@@ -400,6 +400,7 @@ func (d *dockerRuntime) RunContainer(ctx context.Context, runConfig *RunContaine
 		PortBindings:  nat.PortMap{},
 		RestartPolicy: dockercontainer.RestartPolicy{Name: restartPolicy, MaximumRetryCount: restartMaximumRetryCount},
 		Init:          pointer.Bool(false),
+		Resources:     runConfig.Resources,
 	}
 	networkConfig := network.NetworkingConfig{}
 

test/infrastructure/container/interface.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"io"
 
+	dockercontainer "github.com/docker/docker/api/types/container"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/test/infrastructure/kind"
 )
@@ -101,6 +102,8 @@ type RunContainerInput struct {
 	RestartPolicy string
 	// Defines how the kindest/node image must be started.
 	KindMode kind.Mode
+	// Resource limits and settings for the container.
+	Resources dockercontainer.Resources
 }
 
 // ExecContainerInput contains values for running exec on a container.

test/infrastructure/docker/internal/docker/manager.go

@@ -20,6 +20,8 @@ import (
 	"context"
 	"fmt"
 
+	dockercontainer "github.com/docker/docker/api/types/container"
+	"github.com/docker/go-units"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/kind/pkg/apis/config/v1alpha4"
 	"sigs.k8s.io/kind/pkg/cluster/constants"
@@ -55,6 +57,7 @@ type nodeCreateOpts struct {
 	Labels       map[string]string
 	IPFamily     clusterv1.ClusterIPFamily
 	KindMapping  kind.Mapping
+	Resources    dockercontainer.Resources
 }
 
 // CreateControlPlaneNode will create a new control plane container.
@@ -112,6 +115,18 @@ func (m *Manager) CreateExternalLoadBalancerNode(ctx context.Context, name, imag
 		ContainerPort: ControlPlanePort,
 		Protocol:      v1alpha4.PortMappingProtocolTCP,
 	}}
+
+	// load balancer resource limits
+	resources := dockercontainer.Resources{
+		Ulimits: []*units.Ulimit{
+			{
+				Name: "nofile",
+				Soft: 65536,
+				Hard: 65536,
+			},
+		},
+	}
+
 	createOpts := &nodeCreateOpts{
 		Name:         name,
 		ClusterName:  clusterName,
@@ -124,6 +139,7 @@ func (m *Manager) CreateExternalLoadBalancerNode(ctx context.Context, name, imag
 			Image: image,
 			Mode:  kind.ModeNone,
 		},
+		Resources: resources,
 	}
 	node, err := createNode(ctx, createOpts)
 	if err != nil {
@@ -163,8 +179,9 @@ func createNode(ctx context.Context, opts *nodeCreateOpts) (*types.Node, error)
 			"/tmp": "", // various things depend on working /tmp
 			"/run": "", // systemd wants a writable /run
 		},
-		IPFamily: opts.IPFamily,
-		KindMode: opts.KindMapping.Mode,
+		IPFamily:  opts.IPFamily,
+		KindMode:  opts.KindMapping.Mode,
+		Resources: opts.Resources,
 	}
 	if opts.Role == constants.ControlPlaneNodeRoleValue {
 		runOptions.EnvironmentVars = map[string]string{