Avoid repeated os.SetEnv calls in container init. #1983
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For containers with a large number of configured environment variables (>5000), os.SetEnv can make container creation take a much longer time than in normal circumstances. This is due to os.SetEnv locking and unlocking a mutex on every environment variable added. By removing the os.SetEnv calls during container creation, and instead controlling the list of environment variables manually, this overhead can be removed. Signed-off-by: Brandon Mabey <brandonmabey@google.com>
AkihiroSuda
reviewed
Mar 16, 2020
|
|
||
| // Certain functions that are used later, such as exec.LookPath, require that the PATH | ||
| // environment variable is setup with the container's PATH. | ||
| os.Setenv("PATH", mappedEnv["PATH"]) |
There was a problem hiding this comment.
Could you be more specific? Wondering it may cause security issues.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In a Kubernetes cluster with a large number of services (>5000, causing a large amount of environment variables for the container) with guaranteed pods, the
runc initprocess can take a long time to run. This is caused by two issues:runc initcallsos.SetEnvfor every environment variable in the bundle, which can be expensive due to the underlying mutex locking and syscall logic.runc initprocess runs. This is outside the perview of runc I believe.This PR targets the former by removing the
os.SetEnvcalls, which causes therunc initprocess to run much faster in cases where there are a large number of configured environment variables in the bundle.