New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting memory.swap to memory.limit can cause unexpected behavior #8442
Comments
@mqasimsarfraz what was the motivation for this change? It is not ideal that the default behavior changed when the feature ( Why the expectation is that when the feature gate |
@SergeyKanzhelev #7783 didn't change any default behavior but made it consistent (restore default behaviour) across all the runtimes (dockershim, cri-dockerd, cri-o). Especially given in dockershim we don't allow container to use any swap so if user upgrades from
AFAIU this is expected behavior form kubelet as well. If we don't keep it this way as soon as user enables feature gate Please feel free to correct my understanding. I believe if we want to allow containers (with limits) to swap we will have to propagate this change to all the runtimes (cri-dockerd, cri-o and containerd) as well since I found this issue while testing OOMKiller against all these runtimes. |
@mqasimsarfraz not sure if I understand this. Kubelet already sets |
This is the example of a change of a behavior: kubernetes-sigs/cri-tools#1146 (comment) for Containerd users. K8s users with Containerd who enabled swap on a node, and didn't care about the I agree, this is an inconsistency. And I am not sure what is better - revert it for Containerd for users migrating from <1.6.13 to 1.6.13+ or keep it as many users are already on 1.6.13+. Allowing swap is less of a backward incompatibility than disabling swap use. But the same time this behavior is around for 9 releases already. @samuelkarp do you have an opinion? |
It is clear now. Thanks for sharing!
I am trying to understand why disabling swap is backward incompatible. Dockershim was already disabling the swap by default and for |
@ruiwen-zhao containerd is only setting default swap limit in case kubelet doesn't provide anything since |
I think relying on #7783 was in v1.7.0 from the beginning, but was added to v1.6.x in a cherry-pick in #7815 and has been included in 9 releases now (and was absent for the 13 prior releases). We could revert the cherry-pick for 1.6.x but keep the behavior as-is for 1.7.x. That would allow users on 1.6.x to have the same behavior that 1.6.x started with (though with 13 releases without and 9 release with, it's pretty close to half and half) and upgrading to 1.7.x would be a good introduction of the changed behavior. |
Description
This is a follow-up issue to #7783.
The OCI specifies memory limit values as optional (source). However, there is no way to differentiate between a default zero and an explicit zero in the CRI specification, since it uses proto v3 (source).
In the case of a default zero, swap overriding can cause issues on a container if swap behavior is allowed on the machine.
I created this issue to revisit this change and consider all the implications of it, as it recently caused an issue on a particular scenario (see "Other relevant information" section for details).
Steps to reproduce the issue
Describe the results you received and expected
Result: container is OOMKilled
Expected: container is not OOMKilled since swap limit was not explicitly set to 0.
What version of containerd are you using?
1.6.18
Any other relevant information
A bit out of scope for containerd, but it helps for full context: I was running a Kubernetes cluster (v1.24) using containerd (v1.6.18). I created a swap partition on the node, enabled it, and specified
--fail-swap-on=false
on the kubelet. I created the following pod:Before the change, pod run successfully with a swap partition on the node. After the change, pod was OOMKilled by containerd.
Show configuration if it is related to CRI plugin.
No response
The text was updated successfully, but these errors were encountered: