[Bug]: pid limit and ingress-nginx

[nabuskey]

What is your environment, configuration, and command?

When running idpbuilder in some environment, ingress-nginx never becomes ready because:

2024/11/05 17:32:43 [alert] 41#41: pthread_create() failed (11: Resource temporarily unavailable)
2024/11/05 17:32:43 [alert] 37#37: worker process 41 exited with fatal code 2 and cannot be respawned

This seems to happen when pid limit is set low and worker process count is high.

Nginx's worker-processes value defaults to the number of CPUs available.

So we could:

1. Change the worker process number to a default value. I am not a fan of this.
2. Warn if pid limit is low.
3. Document this issue well in the troubleshooting section.

What did you do and What did you see instead?

n/a

Additional Information. Logs.

To solve the issue above a few options are currently available.

1. use the -c flag.

# /tmp/cm.yaml
apiVersion: v1
data:
  allow-snippet-annotations: "true"
  proxy-buffer-size: 32k
  use-forwarded-headers: "true"
  worker-processes: "4"
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.11.2
  name: ingress-nginx-controller
  namespace: ingress-nginx

Then run idpbuilder with idpbuilder create -c nginx:/tmp/cm.yaml

2. Update containers conf

[containers]
pids_limit=0

This is typically done in $HOME/.config/containers/containers.con

[cmoulliard]

Remark. Option 2 was not working except if I didn't configured it properly

[cmoulliard]

When we got as error too many open files within the log of the pods, then the fix, which is documented by kind here is to increase the inotify part of the following file: /etc/sysctl.conf

echo 'fs.inotify.max_user_watches=1048576' | sudo tee -a /etc/sysctl.conf
echo 'fs.inotify.max_user_instances=512'  | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf