Article Directory
One, the problem
I need to set the maximum number of file handles in the container to 204800, but it is rejected. This is caused by Docker's own security mechanism
Talking about Docker security support
Two, the solution
方法一:简单粗暴
Set the container to privileged mode, but the security is not high
Add the following two lines to the yaml file
securityContext:
privileged: true
kubectl apply -f pod-01.yaml #发现有如下报错
Need to delete the previous Pod, and then execute kubectl apply
kubectl delete -f pod-01.yaml
kubectl apply -f pod-01.yaml
No error is reported this time, enter the container
kubectl exec -it pod-01 bash
ulimit -n 204800
Set successfully
方法二:温柔可佳
Add the capabilities in the CAP_SYS_RESOURCE
capabilities to the container , with high security
Capability introduction click here
securityContext:
capabilities:
add: ["SYS_RESOURCE"]