diff options
| author | Matthew Heon <matthew.heon@gmail.com> | 2018-09-13 14:42:47 -0400 |
|---|---|---|
| committer | Matthew Heon <matthew.heon@gmail.com> | 2018-09-13 14:42:47 -0400 |
| commit | 95a374100b8127846d9f4f4a4cf8d9a5b2229912 (patch) | |
| tree | 7490f476ff866f206e5287f385c03c65f07c07ed /libpod/runtime.go | |
| parent | 61eda671eca96b6fa32369572d9b49850895d37b (diff) | |
| download | podman-95a374100b8127846d9f4f4a4cf8d9a5b2229912.tar.gz podman-95a374100b8127846d9f4f4a4cf8d9a5b2229912.tar.bz2 podman-95a374100b8127846d9f4f4a4cf8d9a5b2229912.zip | |
Add a way to disable port reservation
We've increased the default rlimits to allow Podman to hold many
ports open without hitting limits and crashing, but this doesn't
solve the amount of memory that holding open potentially
thousands of ports will use. Offer a switch to optionally disable
port reservation for performance- and memory-constrained use
cases.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Diffstat (limited to 'libpod/runtime.go')
| -rw-r--r-- | libpod/runtime.go | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/libpod/runtime.go b/libpod/runtime.go index 63b8c971e..736169932 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -164,6 +164,14 @@ type RuntimeConfig struct { InfraImage string `toml:"infra_image"` // InfraCommand is the command run to start up a pod infra container InfraCommand string `toml:"infra_command"` + // EnablePortReservation determines whether libpod will reserve ports on + // the host when they are forwarded to containers. + // When enabled, when ports are forwarded to containers, they are + // held open by conmon as long as the container is running, ensuring + // that they cannot be reused by other programs on the host. + // However, this can cause significant memory usage if a container has + // many ports forwarded to it. Disabling this can save memory. + EnablePortReservation bool `toml:"enable_port_reservation"` } var ( @@ -190,16 +198,17 @@ var ( ConmonEnvVars: []string{ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", }, - CgroupManager: SystemdCgroupsManager, - HooksDir: hooks.DefaultDir, - StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"), - TmpDir: "", - MaxLogSize: -1, - NoPivotRoot: false, - CNIConfigDir: "/etc/cni/net.d/", - CNIPluginDir: []string{"/usr/libexec/cni", "/usr/lib/cni", "/opt/cni/bin"}, - InfraCommand: DefaultInfraCommand, - InfraImage: DefaultInfraImage, + CgroupManager: SystemdCgroupsManager, + HooksDir: hooks.DefaultDir, + StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"), + TmpDir: "", + MaxLogSize: -1, + NoPivotRoot: false, + CNIConfigDir: "/etc/cni/net.d/", + CNIPluginDir: []string{"/usr/libexec/cni", "/usr/lib/cni", "/opt/cni/bin"}, + InfraCommand: DefaultInfraCommand, + InfraImage: DefaultInfraImage, + EnablePortReservation: true, } ) @@ -467,7 +476,8 @@ func makeRuntime(runtime *Runtime) (err error) { ociRuntime, err := newOCIRuntime("runc", runtime.ociRuntimePath, runtime.conmonPath, runtime.config.ConmonEnvVars, runtime.config.CgroupManager, runtime.config.TmpDir, - runtime.config.MaxLogSize, runtime.config.NoPivotRoot) + runtime.config.MaxLogSize, runtime.config.NoPivotRoot, + runtime.config.EnablePortReservation) if err != nil { return err } |