Add support for --pids-limit in kube
#24418
Comments
fpoirotte
added
the
kind/feature
|
A friendly reminder that this issue had no activity for 30 days. |
|
Seconding this... An option to set this via the .kube unit definition file would seem fitting as well. There's an option to do this for container units using the PidsLimit variable, but no equivalent for the kube units. The default is 2048 which is quite small, and causing me serious problems at the moment. Moving from docker-run containers to podman, and the default in docker seems to be unlimited. https://docs.podman.io/en/v5.2.2/markdown/podman-systemd.unit.5.html |
|
If we had support for this as an argument to |
|
I will take this one. |
This commit adds new annotation called: io.podman.annotations.pids-limit/$ctrname This annotation is used to define the PIDsLimit for a particular pod. It is also automatically defined when newly added --pids-limit option is used. Fixes: containers#24418 Signed-off-by: Jan Kaluza <[email protected]>
This commit adds new annotation called: io.podman.annotations.pids-limit/$ctrname This annotation is used to define the PIDsLimit for a particular pod. It is also automatically defined when newly added --pids-limit option is used. Fixes: containers#24418 Signed-off-by: Jan Kaluza <[email protected]>
This commit adds new annotation called: io.podman.annotations.pids-limit/$ctrname This annotation is used to define the PIDsLimit for a particular pod. It is also automatically defined when newly added --pids-limit option is used. Fixes: containers#24418 Signed-off-by: Jan Kaluza <[email protected]>
This commit adds new annotation called: io.podman.annotations.pids-limit/$ctrname This annotation is used to define the PIDsLimit for a particular pod. It is also automatically defined when newly added --pids-limit option is used. Fixes: containers#24418 Signed-off-by: Jan Kaluza <[email protected]>
|
Dumb question... will we have to wait for the minor release scheduled for May for this feature or will it come in a patch release? If podman is following semver I'd expect May which is a bit sad... |
This will need to wait for May yes as it is a feature. |
Feature request description
Hi,
Currently, there is no equivalent of the
--pids-limitoption inpodman kube play.Would it be possible to add such an option?
I would be interested in having the option to limit the number of processes that can run simultaneously in a pod or in a container (depending on whether or not the
shareProcessNamespaceoption has been enabled inside the pod's definition).Suggest potential solution
Maybe this could be handled as a new (podman-specific) annotation, or as a new command-line option?
I think a new annotation makes more sense. That way, running
podman kube generateon a container/pod where the--pids-limitoption has been set would keep track of its value (so that runningpodman kube playon the generated YAML file would retain the same value).Have you considered any alternatives?
I'm not aware of any alternative solution to this problem.
Additional context
AFAIK there is no strict equivalent to this option in Kubernetes either. The closest thing I could find is https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits which sets a global PID limit on the node running the pods, rather than on individual containers/pods.
The text was updated successfully, but these errors were encountered: