Merge pull request #11898 from uthark/oatamanenko/pod-max-pids

Add podPidsLimit / --pod-max-pids support

docs/cluster_spec.md

@@ -686,6 +686,18 @@ spec:
     housekeepingInterval: 30s
 ```
 
+### Pod PIDs Limit
+{{ kops_feature_table(kops_added_default='1.22', k8s_min='1.20') }}
+
+`podPidsLimit` allows to configure the maximum number of pids (process ids) in any pod.
+[Read more](https://kubernetes.io/docs/concepts/policy/pid-limiting/) in Kubernetes documentation.
+
+```yaml
+spec:
+  kubelet:
+    podPidsLimit: 1024
+```
+
 ### Event QPS
 {{ kops_feature_table(kops_added_default='1.19') }}
 

k8s/crds/kops.k8s.io_clusters.yaml

@@ -2572,6 +2572,11 @@ spec:
                     description: config is the path to the config file or directory
                       of files
                     type: string
+                  podPidsLimit:
+                    description: PodPidsLimit is the maximum number of pids in any
+                      pod.
+                    format: int64
+                    type: integer
                   protectKernelDefaults:
                     description: 'Default kubelet behaviour for kernel tuning. If
                       set, kubelet errors if any of kernel tunables is different than
@@ -2982,6 +2987,11 @@ spec:
                     description: config is the path to the config file or directory
                       of files
                     type: string
+                  podPidsLimit:
+                    description: PodPidsLimit is the maximum number of pids in any
+                      pod.
+                    format: int64
+                    type: integer
                   protectKernelDefaults:
                     description: 'Default kubelet behaviour for kernel tuning. If
                       set, kubelet errors if any of kernel tunables is different than

k8s/crds/kops.k8s.io_instancegroups.yaml

@@ -526,6 +526,11 @@ spec:
                     description: config is the path to the config file or directory
                       of files
                     type: string
+                  podPidsLimit:
+                    description: PodPidsLimit is the maximum number of pids in any
+                      pod.
+                    format: int64
+                    type: integer
                   protectKernelDefaults:
                     description: 'Default kubelet behaviour for kernel tuning. If
                       set, kubelet errors if any of kernel tunables is different than

pkg/apis/kops/componentconfig.go

@@ -221,6 +221,8 @@ type KubeletConfigSpec struct {
 	ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty" flag:"container-log-max-files"`
 	// EnableCadvisorJsonEndpoints enables cAdvisor json `/spec` and `/stats/*` endpoints. Defaults to False.
 	EnableCadvisorJsonEndpoints *bool `json:"enableCadvisorJsonEndpoints,omitempty" flag:"enable-cadvisor-json-endpoints"`
+	// PodPidsLimit is the maximum number of pids in any pod.
+	PodPidsLimit *int64 `json:"podPidsLimit,omitempty" flag:"pod-max-pids"`
 }
 
 // KubeProxyConfig defines the configuration for a proxy

pkg/apis/kops/v1alpha2/componentconfig.go

@@ -221,6 +221,8 @@ type KubeletConfigSpec struct {
 	ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty" flag:"container-log-max-files"`
 	// EnableCadvisorJsonEndpoints enables cAdvisor json `/spec` and `/stats/*` endpoints. Defaults to False.
 	EnableCadvisorJsonEndpoints *bool `json:"enableCadvisorJsonEndpoints,omitempty" flag:"enable-cadvisor-json-endpoints"`
+	// PodPidsLimit is the maximum number of pids in any pod.
+	PodPidsLimit *int64 `json:"podPidsLimit,omitempty" flag:"pod-max-pids"`
 }
 
 // KubeProxyConfig defines the configuration for a proxy