From 384d30b675cf84deeaf8b1983a5fe871489660e1 Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Wed, 21 Apr 2021 20:55:51 +0300
Subject: [PATCH] add support for configuring cri-o pids_limit (#7525)

---
 docs/cri-o.md                                      | 14 ++++++++++++++
 roles/container-engine/cri-o/defaults/main.yml     |  4 ++++
 .../container-engine/cri-o/templates/crio.conf.j2  |  2 +-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/docs/cri-o.md b/docs/cri-o.md
index 4e39e0549..a96c3f579 100644
--- a/docs/cri-o.md
+++ b/docs/cri-o.md
@@ -45,4 +45,18 @@ crio_registries_mirrors:
         insecure: false
 ```
 
+## Note about pids_limit
+
+For heavily mult-threaded workloads like databases, the default of 1024 for pids-limit is too low.
+This parameter controls not just the number of processes but also the amount of threads
+(since a thread is technically a process with shared memory). See [cri-o#1921]
+
+In order to increase the default `pids_limit` for cri-o based deployments you need to set the `crio_pids_limit`
+for your `k8s-cluster` ansible group or per node depending on the use case.
+
+```yaml
+crio_pids_limit: 4096
+```
+
 [CRI-O]: https://cri-o.io/
+[cri-o#1921]: https://github.com/cri-o/cri-o/issues/1921
diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml
index 7ab8e04b3..98d6b30a5 100644
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@@ -81,3 +81,7 @@ crio_add_repos: true
 # skopeo need for save/load images when download_run_once=true
 skopeo_packages:
   - "skopeo"
+
+# Configure the cri-o pids limit, increase this for heavily multi-threaded workloads
+# see https://github.com/cri-o/cri-o/issues/1921
+crio_pids_limit: 1024
diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index 493744c20..cdc7363ac 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -202,7 +202,7 @@ default_mounts = [
 #default_mounts_file = ""
 
 # Maximum number of processes allowed in a container.
-pids_limit = 1024
+pids_limit = {{ crio_pids_limit }}
 
 # Maximum sized allowed for the container log file. Negative numbers indicate
 # that no size limit is imposed. If it is positive, it must be >= 8192 to