emptyDir without sizelimit approach #36
Comments
Nodes will behave differently in the face of |
This sounds good. How about a mutation policy that has these two configuration options?
You can see the Exceeding the maximum limit would return a ResourceViolation and nil PatchOperation but no size limit specified would return a PatchOperation and nil ResourceViolation. I have some regrets with how I specified the first few policy configurations, but going forward I'd suggest we consistently use map like so:
MutateEmptyDirSizeLimit struct {
MaximumSizeLimit int `yaml:"maximum_size_limit"`
DefaultSizeLimit int `yaml:"default_size_limit"`
} `yaml:"mutate_empty_dir_size_limit"` |
I'd be surprised if we haven't encountered this before without knowing. In GKE, a |
Hey @jleadford , FYI, @alpe implemented this in #40. |
Dang, the holiday caught me slackin'! :) Thanks for hacking on that @alpe ! I'll close this. |
Hey!
By default, an
emptyDir
lacks asizeLimit
parameter, and is disk-based;a Pod with access to said
emptyDir
can consume the Node's entire disk (i.e. the limit is unbounded) until the offending Pod is deleted or evicted, which can constitute a denial-of-service condition at the affected Node (i.e.DiskPressure
). If theemptyDir
is memory-backed, writes are counted against the container's memory limit, so this is probably less of a concern.I'm happy to take up a k-rail policy for this issue. I envisage two approaches:
emptyDir
lacks asizeLimit
, report a violation (e.g. block)emptyDir
lacks asizeLimit
, add a sane defaultOne might also want to check if a supplied
sizeLimit
is within a sane bound.Let me know what sounds good here and I'll move forward.
The text was updated successfully, but these errors were encountered: