How to restrict core file size in container on k8s cluster with containerd?

708 Views Asked by JAESANGPARK At 19 October 2024 at 23:54

I want to restrict the size of core file for every container on my k8s cluster.
My k8s cluster is v1.20 and using containerd 1.5

I tried to build docker file with command ulimit -c 0

But when the container is created and I send a command ulimit -c then the reply is unlimited

I also tried to mount /etc/security/limits.conf on the pod

# /etc/security/limits.conf  

\* hard core 0  
\* soft core 0

But it didn't work.

I also tried to change containerd's config at /usr/lib/systemd/system/containerd.service
I changed LimitCore=0 and

systemctl restart containerd
systemctl daemon-reload

But when I check the ulimit -c on the pod, it consistently replies unlimited even if I restart the pod.

Please don't ask why do you want to set core file size 0, there are some issues about it.

Let me know if anyone knows the answers thanks!

There are 2 best solutions below

pheonix991 On 19 August 2022 at 21:27 BEST ANSWER

For self managed EKS worker nodes, run this before running bootstrap.sh in your userdata:

sed -i 's/LimitCORE=infinity/LimitCORE=0/g' /usr/lib/systemd/system/containerd.service
systemctl daemon-reload

JAESANGPARK On 03 May 2022 at 08:18

Sorry, I got to know.....

The order was wrong....

I should have run systemctl daemon-reload and then systemctl restart containerd