Configuring process resource limit on proxy nodes
On IBM Cloud Private proxy nodes, a Nginx ingress controller is used to transmit external request to user workloads that are running in the IBM Cloud Private cluster. For the Nginx ingress controller to work properly, the rlimit
for
the maximum number of open files that is allowed on your proxy node must be set.
Nginx ingress controller calculates the maximum number of open files that is allowed on your proxy node by using the values of the configured number of worker processes and the sysctlFSFileMax
setting.
-
The default value for the number of worker processes, used by Nginx, is equal to the number of CPU processors on the host. To get the number of CPU processors in your host, run the following command:
nproc
To change the value for the number of worker processes, modify the
worker-processes
parameter in thenginx-ingress
section of theconfig.yaml
file.# Nginx Ingress Controller chart configuration nginx-ingress: ingress: image: repository: "<cluster_CA_domain>:8500/ibmcom/nginx-ingress-controller" config: disable-access-log: 'true' keep-alive-requests: '10000' upstream-keepalive-connections: '64' worker-processes: "2" extraArgs: publish-status-address: "{{ proxy_external_address }}" enable-ssl-passthrough: true defaultBackend: image: repository: "<cluster_CA_domain>:8500/ibmcom/defaultbackend"
-
sysctlFSFileMax
is the system setting that is stored in thefs.file-max
. You can get thesysctlFSFileMax
value by running the following command:sysctl -a | grep fs.file-max
The maximum number of open files for the worker process is calculated by using the following formula:
maxOpenFiles = (sysctlFSFileMax / worker-processes) - 1024
If the calculated value of maxOpenFiles
is less than 1024, maxOpenFiles
is set to 1024.
Linux systems have default values for the maximum number of open files. The following output is a summary of a few default Linux settings.
# prlimit
RESOURCE DESCRIPTION SOFT HARD UNITS
AS address space limit unlimited unlimited bytes
CORE max core file size 0 unlimited blocks
CPU CPU time unlimited unlimited seconds
DATA max data size unlimited unlimited bytes
FSIZE max file size unlimited unlimited blocks
LOCKS max number of file locks held unlimited unlimited
MEMLOCK max locked-in-memory address space 65536 65536 bytes
MSGQUEUE max bytes in POSIX mqueues 819200 819200 bytes
NICE max nice prio allowed to raise 0 0
NOFILE max number of open files 1024 65535
NPROC max number of processes 31861 31861
RSS max resident set size unlimited unlimited pages
RTPRIO max real-time priority 0 0
RTTIME timeout for real-time tasks unlimited unlimited microsecs
SIGPENDING max number of pending signals 31861 31861
STACK max stack size 8388608 unlimited bytes
From the default settings, you can see that the soft and hard limits for NOFILE
are 1024 and 65535 respectively. The calculated value of maxOpenFiles
must be in the range of the soft and hard limit.
- If
maxOpenFiles
is larger than the hard limit, Nginx fails to set rlimit for the worker process. AOperation not permitted
error is returned. - In some cases your system might require that
maxOpenFiles
is larger than the soft limit of 1024. To modify the soft limit, you can adjust the system configurationfs.file-max
in/etc/sysctl.conf
. Then, restart your host to ensure that the changes are picked up.