preamble
Recently a new colleague asked me a question, obviously through the limit to the container memory limit of 4G, why into the container to see the host's memory is still 32G
▶ docker run -it --rm -m 512m ubuntu:18.04 bash
root@ae00bec75ad7:/# free -m
total used free shared buff/cache available
Mem: 31954 11482 8487 1708 11983 18305
Swap: 2047 0 2047
This question brought back a bubble of memories of the details of the knowledge mentioned in the previous study of "Deep Dive into kubernetes".
environmental preparation
| subassemblies | releases |
|---|---|
| operating system | Ubuntu 22.04.4 LTS |
| lxcfs | 4.0.3 |
| k8s | v1.26.3 |
Introduction to the principle of lxcfs
-
freeis from/procThe file system fetches the data, but when the container starts up the/procis still the mapped host, so thefreeThe information displayed must be the host's - utilization
lxcfsThis problem can be solved, essentially by docker booting the limitations imposed on cpu, memory behavior, manually mounting theproc(modified) filesystems into the container - The project is still being updated:lxcfs, from the documentation, the supported file systems are these:
/proc/cpuinfo
/proc/diskstats
/proc/meminfo
/proc/stat
/proc/swaps
/proc/uptime
/proc/slabinfo
/sys/devices/system/cpu/online
Installing lxcfs
1) Install the lxcfs tool directly using apt
▶ sudo apt install lxcfs
2) Deploy to the corresponding directory
sudo mkdir -p /var/lib/lxcfs
sudo lxcfs /var/lib/lxcfs &
After deployment, lxcfs is working as a background process
The docker uses
1. Routine start-up
▶ docker run -it --rm -m 512m ubuntu:18.04 bash
root@ae00bec75ad7:/# free -m
total used free shared buff/cache available
Mem: 31954 11482 8487 1708 11983 18305
Swap: 2047 0 2047
2. docker using lxcfs
Install lxcfs first
▶ sudo apt install lxcfs
▶ docker run -it --rm -m 512m \
-v /var/lib/lxcfs/proc/meminfo:/proc/meminfo:rw \
ubuntu:18.04 bash
root@56e3c146ba4e:/# free -m
total used free shared buff/cache available
Mem: 512 1 510 0 0 510
Swap: 0 0 0
With lxcfs, get docker to correctly recognize the restricted memory
k8s usage
1. Routine start-up
▶ echo '
apiVersion: v1
kind: Pod
metadata:
name: wilson-test
spec:
containers:
- image: ubuntu:18.04
imagePullPolicy: IfNotPresent
command: ["sleep", "33333"]
name: wilson-test
resources:
limits:
memory: 128Mi
requests:
memory: 64Mi
' | kubectl apply -f -
pod/wilson-test created
▶ kubectl get pod
NAME READY STATUS RESTARTS AGE
wilson-test 1/1 Running 0 3s
▶ kubectl exec -it wilson-test -- free -m
total used free shared buff/cache available
Mem: 31954 11034 6384 1568 14534 18893
Swap: 2047 0 2047
Using lxcfs
▶ echo '
apiVersion: v1
kind: Pod
metadata:
name: wilson-test
spec:
containers:
- image: ubuntu:18.04
imagePullPolicy: IfNotPresent
command: ["sleep", "33333"]
name: wilson-test
resources:
limits:
memory: 128Mi
requests:
memory: 64Mi
volumeMounts:
- mountPath: /proc/meminfo
name: lxcfs-proc-meminfo
readOnly: true
volumes:
- hostPath:
path: /var/lib/lxcfs/proc/meminfo
type: ""
name: lxcfs-proc-meminfo
' | kubectl apply -f -
pod/wilson-test created
▶ kubectl get pod
NAME READY STATUS RESTARTS AGE
wilson-test 1/1 Running 0 2s
▶ kubectl exec -it wilson-test -- free -m
total used free shared buff/cache available
Mem: 128 0 127 0 0 127
Swap: 2047 0 2047
memory limit128malready in force
k8s auto inject lxcfs preset
1. Using k8s preset
- kubernetes v1.20 removed preset.
- Some big guy on github made it back with a CRD.podpresetBut it hasn't been updated in 3 years.
2. Use of k8sAdmission Controller
You can also find the big guy ready-made at githublxcfs-admission-webhookBut it doesn't seem to have been updated for a long time.
wrap-up
- This article only demonstrates memory, about the other metrics, just follow the lead
- Regarding the automount, the ready-made projects have not been updated for a long time, so you can try to hand rub one in the back.
admission-hookHere's to the future.
Contact me
Contact me for an in-depth chat
This concludes this article
I'm not very knowledgeable, so if there is any soup leakage, please do not hesitate to give me advice...