How to restrict core file size in container on k8s cluster with containerd?

Question

I want to restrict the size of core file for every container on my k8s cluster.
My k8s cluster is v1.20 and using containerd 1.5

I tried to build docker file with command ulimit -c 0

But when the container is created and I send a command ulimit -c then the reply is unlimited

I also tried to mount /etc/security/limits.conf on the pod

# /etc/security/limits.conf  

\* hard core 0  
\* soft core 0

But it didn't work.

I also tried to change containerd's config at /usr/lib/systemd/system/containerd.service
I changed LimitCore=0 and

systemctl restart containerd
systemctl daemon-reload

But when I check the ulimit -c on the pod, it consistently replies unlimited even if I restart the pod.

Please don't ask why do you want to set core file size 0, there are some issues about it.

Let me know if anyone knows the answers thanks!

score 0 · Answer 1 · answered May 03 '22 at 08:18

0

Sorry, I got to know.....

The order was wrong....

I should have run systemctl daemon-reload and then systemctl restart containerd

answered May 03 '22 at 08:18

JAESANGPARK

Please update your original question instead of creating an answer commenting the mistake. – Dos May 04 '22 at 09:40

score 0 · Answer 2 · answered Aug 19 '22 at 21:27

0

For self managed EKS worker nodes, run this before running bootstrap.sh in your userdata:

sed -i 's/LimitCORE=infinity/LimitCORE=0/g' /usr/lib/systemd/system/containerd.service
systemctl daemon-reload

answered Aug 19 '22 at 21:27

pheonix991

2 Answers2