How to set max locked memory in a pod running as non root

Question

Previously my kubernetes pod was running as root and I was running ulimit -l <MLOCK_AMOUNT> in its startup script before starting its main program in foreground. However, I can no more run my pod as root, would you please know how can I set this limit now?

score 2 · Accepted Answer · answered May 12 '21 at 22:29

To be able to set it per specific Pod, the way you did it before, unfortunatelly you need privilege escalation i.e. run your container as root.

As far as I understand you're interested in setting it only per specific Pod, not globally, right ? Because it can be done by changing docker configuration on a specific kubernetes node.

This topic has already been raised in another thread and as you may read in James Brown's answer:

It appears that you can't currently set a ulimit but it is an open issue: https://github.com/kubernetes/kubernetes/issues/3595

score 0 · Answer 2 · answered May 12 '21 at 07:01

0

kind: Pod
....
spec:
  containers:
  - name: prc
    image: prc/stable
    resources:
      limits:
        memory: "1Gi"
      requests:
        memory: "200Mi"

answered May 12 '21 at 07:01

David

302
1
4

Sorry but I do not agree, I do not want to set up maximum allocatable memory but maximum locked memory (i.e. prevent use of swap for in-memory data) – Fabrice Jammes May 12 '21 at 21:25
1

Starting with Kubernetes v1.8.0, the Kubelet will fail to start up if the nodes have swap memory enabled. – David May 13 '21 at 09:41

How to set max locked memory in a pod running as non root

2 Answers2