Changing CRI-O container settings
To ensure that some services can run correctly, you might need to
change the pids_limit setting for the CRI-O container runtime on the OpenShift® Container Platform.
- Installation phase
- Setting up a client workstation
- Who needs to complete this task?
- A cluster administrator must complete this task.
- When do you need to complete this task?
- When you plan to install certain services, you must change node settings to configure your cluster so those services run properly.
Before you begin
Best practice: You can run the commands in
this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.
Ensure that you source the environment variables before you run the commands in this task.
About this task
Whether you need to change pids_limit value and how you change it depend on
your environment. If you plan to install one or more of the following services, you might need to
adjust the pids_limit:
- Cognos® Analytics
- Db2®
- Db2 Big SQL
- Db2 Warehouse
- Watson™ Discovery
- Watson Knowledge Catalog
- Watson Query
- Watson Studio
- Watson Machine Learning Accelerator
Procedure
Complete the appropriate task for your environment, as specified in the following table:
Deployment environment | Managed | Self-managed |
---|---|---|
On-premises | If you install Cloud Pak for Data on IBM® Cloud Satellite, the CRI-O container settings are automatically applied to your cluster as part of the installation. You do not need to change the CRI-O settings. |
|
IBM Cloud | If you install Cloud Pak for Data on IBM Cloud, the CRI-O container settings are automatically applied to your cluster as part of the installation. You do not need to change the CRI-O settings. | If you install Cloud Pak for Data on IBM Cloud, the CRI-O container settings are automatically applied to your cluster as part of the installation. You do not need to change the CRI-O settings. |
AWS |
|
|
Microsoft Azure |
|
|
Google Cloud | Not applicable |
|
Setting the pids_limit by using the cpd-cli manage apply-crio command
Run the cpd-cli
manage
apply-crio
command to apply the Container Runtime Interface
(CRI-O) settings to your cluster nodes.
Restriction: This command applies only to Red Hat OpenShift Container Platform
Version 4.10. If you are running Version 4.12, see Setting the process IDs limit by creating a KubeletConfig.
Important: This command performs a rolling restart of the worker nodes on the
cluster.
When you run cpd-cli
manage
apply-crio
command, the pids_limit is set to
16384
.
To set the CRI-O
pids_limit
to 16384
by using the cpd-cli
manage
apply-crio
command, complete the following steps:
- Run the
cpd-cli manage login-to-ocp
command to log in to the cluster as a user with sufficient permissions to complete this task. For example:cpd-cli manage login-to-ocp \ --username=${OCP_USERNAME} \ --password=${OCP_PASSWORD} \ --server=${OCP_URL}
- Run the following command to apply the CRI-O
settings:
cpd-cli manage apply-crio \ --openshift_type=${OPENSHIFT_TYPE}
Setting the process IDs limit by creating a KubeletConfig
In Red Hat OpenShift Container Platform Version 4.12, the
process IDs limit is set in a kubeletConfig
.
-
Log in to Red Hat OpenShift Container Platform as a user with sufficient permissions to complete the task.
oc login ${OCP_URL}
- Run the following command to create the
KubeletConfig
that defines thepodPidsLimit
:oc apply -f - << EOF apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig metadata: name: cpd-pidslimit-kubeletconfig spec: kubeletConfig: podPidsLimit: 16384 machineConfigPoolSelector: matchExpressions: - key: pools.operator.machineconfiguration.openshift.io/worker operator: Exists EOF
Setting the process IDs limit by creating a ContainerRuntimeConfig
To set the pids_limit
value to 16384
in Microsoft Azure managed and self-managed environments run
OpenShift
Version 4.10, complete the following
steps:
- Create a ContainerRuntimeConfig file with the following
contents:
apiVersion: machineconfiguration.openshift.io/v1 kind: ContainerRuntimeConfig metadata: name: new-large-pidlimit spec: containerRuntimeConfig: pidsLimit: 16384 machineConfigPoolSelector: matchExpressions: - key: pools.operator.machineconfiguration.openshift.io/worker operator: Exists EOF
- Run the following command to apply the config
file:
oc create -f <ContainerRuntimeConfig file name>
- Run one of the following commands to verify the settings:
-
oc debug <workernode> chroot /host crio-status config | grep pids_limit
-
oc get no -o name | grep compute | awk '{system("oc debug " $1 " -- bash -lc \"chroot /host sudo crio-status config | grep pids_limit\" ")}'
-