From 0756c87c17925fac4939dc76968c23e5745f60dd Mon Sep 17 00:00:00 2001 From: zhaoxiaohu Date: Tue, 27 Aug 2024 16:14:52 +0800 Subject: [PATCH] Fix cpu share issues on systems with large amounts of cpu(cpucore>256) Signed-off-by: zhaoxiaohu --- ...sues-on-systems-with-large-amounts-o.patch | 104 ++++++++++++++++++ kubernetes.spec | 9 +- 2 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 0020-backport-Fix-cpu-share-issues-on-systems-with-large-amounts-o.patch diff --git a/0020-backport-Fix-cpu-share-issues-on-systems-with-large-amounts-o.patch b/0020-backport-Fix-cpu-share-issues-on-systems-with-large-amounts-o.patch new file mode 100644 index 0000000..0175414 --- /dev/null +++ b/0020-backport-Fix-cpu-share-issues-on-systems-with-large-amounts-o.patch @@ -0,0 +1,104 @@ +From 051b66b82d8cc76eca0da38e44ae0e7dd391ba09 Mon Sep 17 00:00:00 2001 +From: zhaoxiaohu +Date: Tue, 27 Aug 2024 16:04:40 +0800 +Subject: [PATCH] Fix cpu share issues on systems with large amounts of cpu + +On systems where the calculated cpu shares results in a value above the +max value in linux, containers getting that value are unable to start. +This occur on systems with 300+ cpu cores, and where containers are +given such a value. + +This issue was fixed for the pod and qos control groups in the similar +cm.MilliCPUToShares that also has tests verifying the behavior. Since +this code already has an dependency on kubelet/cm, lets reuse that code +instead. + +Reference: https://github.com/kubernetes/kubernetes/pull/106570/commits/de0ece541c7fd885a32f1562342fe85535fc11f5 + +Signed-off-by: zhaoxiaohu +Signed-off-by: Odin Ugedal +Signed-off-by: yuwang@kuaishou.com +--- + pkg/kubelet/kuberuntime/helpers_linux.go | 17 ----------------- + pkg/kubelet/kuberuntime/helpers_unsupported.go | 5 ----- + .../kuberuntime/kuberuntime_container_linux.go | 7 ++++--- + 3 files changed, 4 insertions(+), 25 deletions(-) + +diff --git a/pkg/kubelet/kuberuntime/helpers_linux.go b/pkg/kubelet/kuberuntime/helpers_linux.go +index 204bc4e9..4257a014 100644 +--- a/pkg/kubelet/kuberuntime/helpers_linux.go ++++ b/pkg/kubelet/kuberuntime/helpers_linux.go +@@ -19,9 +19,6 @@ limitations under the License. + package kuberuntime + + const ( +- // Taken from lmctfy https://github.com/google/lmctfy/blob/master/lmctfy/controllers/cpu_controller.cc +- minShares = 2 +- sharesPerCPU = 1024 + milliCPUToCPU = 1000 + + // 100000 is equivalent to 100ms +@@ -29,20 +26,6 @@ const ( + minQuotaPeriod = 1000 + ) + +-// milliCPUToShares converts milliCPU to CPU shares +-func milliCPUToShares(milliCPU int64) int64 { +- if milliCPU == 0 { +- // Return 2 here to really match kernel default for zero milliCPU. +- return minShares +- } +- // Conceptually (milliCPU / milliCPUToCPU) * sharesPerCPU, but factored to improve rounding. +- shares := (milliCPU * sharesPerCPU) / milliCPUToCPU +- if shares < minShares { +- return minShares +- } +- return shares +-} +- + // milliCPUToQuota converts milliCPU to CFS quota and period values + func milliCPUToQuota(milliCPU int64, period int64) (quota int64) { + // CFS quota is measured in two values: +diff --git a/pkg/kubelet/kuberuntime/helpers_unsupported.go b/pkg/kubelet/kuberuntime/helpers_unsupported.go +index cc1e88a5..8f6da8f4 100644 +--- a/pkg/kubelet/kuberuntime/helpers_unsupported.go ++++ b/pkg/kubelet/kuberuntime/helpers_unsupported.go +@@ -17,8 +17,3 @@ limitations under the License. + */ + + package kuberuntime +- +-// milliCPUToShares converts milliCPU to CPU shares +-func milliCPUToShares(milliCPU int64) int64 { +- return 0 +-} +diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go +index d7c22c86..25fb68ad 100644 +--- a/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go ++++ b/pkg/kubelet/kuberuntime/kuberuntime_container_linux.go +@@ -28,6 +28,7 @@ import ( + "k8s.io/klog/v2" + v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" + kubefeatures "k8s.io/kubernetes/pkg/features" ++ "k8s.io/kubernetes/pkg/kubelet/cm" + kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" + "k8s.io/kubernetes/pkg/kubelet/qos" + ) +@@ -69,11 +70,11 @@ func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *v1.C + // API server does this for new containers, but we repeat this logic in Kubelet + // for containers running on existing Kubernetes clusters. + if cpuRequest.IsZero() && !cpuLimit.IsZero() { +- cpuShares = milliCPUToShares(cpuLimit.MilliValue()) ++ cpuShares = int64(cm.MilliCPUToShares(cpuLimit.MilliValue())) + } else { +- // if cpuRequest.Amount is nil, then milliCPUToShares will return the minimal number ++ // if cpuRequest.Amount is nil, then MilliCPUToShares will return the minimal number + // of CPU shares. +- cpuShares = milliCPUToShares(cpuRequest.MilliValue()) ++ cpuShares = int64(cm.MilliCPUToShares(cpuRequest.MilliValue())) + } + lc.Resources.CpuShares = cpuShares + if memoryLimit != 0 { +-- +2.33.0 + diff --git a/kubernetes.spec b/kubernetes.spec index 678301a..26e114c 100644 --- a/kubernetes.spec +++ b/kubernetes.spec @@ -3,7 +3,7 @@ Name: kubernetes Version: 1.20.2 -Release: 24 +Release: 25 Summary: Container cluster management License: ASL 2.0 URL: https://k8s.io/kubernetes @@ -43,6 +43,7 @@ Patch6015: 0016-Add-envFrom-to-serviceaccount-admission-plugin.patch Patch6016: 0017-backport-Fix-kubelet-panic-when-allocate-resource-for-pod.patch Patch6017: 0018-backport-reduce-configmap-and-secret-watch-of-kubelet.patch Patch6018: 0019-backport-Don-t-prematurely-close-reflectors-in-case-of-slow-i.patch +Patch6019: 0020-backport-Fix-cpu-share-issues-on-systems-with-large-amounts-o.patch %description Container cluster management. @@ -274,6 +275,12 @@ getent passwd kube >/dev/null || useradd -r -g kube -d / -s /sbin/nologin \ %systemd_postun kubelet kube-proxy %changelog +* Tue Aug 27 2024 zhaoxiaohu - 1.20.2-25 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Fix cpu share issues on systems with large amounts of cpu(when cpucore>256) + * Fri Aug 23 2024 zhaoxiaohu - 1.20.2-24 - DESC:Don't prematurely close reflectors in case of slow initialization in watch based manager -- Gitee