Kubernetes节点ulimit设置

我正在运行Kubernets v1.11.1集群，有时我的kube apiserver服务器开始抛出"打开的文件太多"消息。我注意到许多打开的TCP连接节点kubelet端口10250

我的服务器配置了65536个文件描述符。是否需要增加容器主机的打开文件数？容器主机的推荐ulimit设置是什么？

api服务器日志消息

I1102 13:57:08.135049       1 logs.go:49] http: Accept error: accept tcp [::]:6443: accept4: too many open files; retrying in 1s
I1102 13:57:09.135191       1 logs.go:49] http: Accept error: accept tcp [::]:6443: accept4: too many open files; retrying in 1s
I1102 13:57:10.135437       1 logs.go:49] http: Accept error: accept tcp [::]:6443: accept4: too many open files; retrying in 1s
I1102 13:57:11.135589       1 logs.go:49] http: Accept error: accept tcp [::]:6443: accept4: too many open files; retrying in 1s
I1102 13:57:12.135755       1 logs.go:49] http: Accept error: accept tcp [::]:6443: accept4: too many open files; retrying in 1s

我的主机ulimit值：

# ulimit -a
-f: file size (blocks)             unlimited
-t: cpu time (seconds)             unlimited
-d: data seg size (kb)             unlimited
-s: stack size (kb)                8192
-c: core file size (blocks)        unlimited
-m: resident set size (kb)         unlimited
-l: locked memory (kb)             64
-p: processes                      unlimited
-n: file descriptors               65536
-v: address space (kb)             unlimited
-w: locks                          unlimited
-e: scheduling priority            0
-r: real-time priority             0

谢谢SR-

65536似乎有点低，尽管有很多应用程序推荐这个数字。这是我在kube apiserver的一个K8s集群上所做的：

# kubeapi-server-container
#  |
# |/
# ulimit -a
-f: file size (blocks)             unlimited
-t: cpu time (seconds)             unlimited
-d: data seg size (kb)             unlimited
-s: stack size (kb)                8192
-c: core file size (blocks)        unlimited
-m: resident set size (kb)         unlimited
-l: locked memory (kb)             16384
-p: processes                      unlimited
-n: file descriptors               1048576 <====
-v: address space (kb)             unlimited
-w: locks                          unlimited
-e: scheduling priority            0
-r: real-time priority             0

不同于常规bash进程系统限制：

# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 15447
max locked memory       (kbytes, -l) 16384
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024 <===
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 15447
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

但整个系统的最大值：

$ cat /proc/sys/fs/file-max
394306

如果你看到这个，系统上没有任何东西可以超过/proc/sys/fs/file-max，所以我也会检查这个值。我还会检查正在使用的文件描述符的数量(第一列(，这会让你知道你有多少打开的文件：

$ cat /proc/sys/fs/file-nr
2176    0   394306

相关内容

最新更新

热门标签：