diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index e45cfdaea..1700ce555 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -288,7 +288,12 @@ func (n NGINXController) OnUpdate(cmap *api.ConfigMap, ingressCfg ingress.Config cfg.ServerNameHashMaxSize = serverNameHashMaxSize } + // the limit of open files is per worker process + // and we leave some room to avoid consuming all the FDs available + maxOpenFiles := (sysctlFSFileMax() / cfg.WorkerProcesses) - 1024 + return n.t.Write(config.TemplateConfig{ + MaxOpenFiles: maxOpenFiles, BacklogSize: sysctlSomaxconn(), Backends: ingressCfg.Backends, PassthroughBackends: ingressCfg.PassthroughBackends, diff --git a/controllers/nginx/pkg/cmd/controller/utils.go b/controllers/nginx/pkg/cmd/controller/utils.go index 5a043abe4..c6e1979f9 100644 --- a/controllers/nginx/pkg/cmd/controller/utils.go +++ b/controllers/nginx/pkg/cmd/controller/utils.go @@ -39,6 +39,19 @@ func sysctlSomaxconn() int { return maxConns } +// sysctlFSFileMax returns the value of fs.file-max, i.e. +// maximum number of open file descriptors +func sysctlFSFileMax() int { + maxConns, err := sysctl.New().GetSysctl("fs/file-max") + if err != nil { + glog.Errorf("unexpected error reading system maximum number of open file descriptors (fs.file-max): %v", err) + // returning 0 means don't render the value + return 0 + } + + return maxConns +} + func diff(b1, b2 []byte) ([]byte, error) { f1, err := ioutil.TempFile("", "a") if err != nil { diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go index b57fd9622..9cf9b987a 100644 --- a/controllers/nginx/pkg/config/config.go +++ b/controllers/nginx/pkg/config/config.go @@ -271,7 +271,9 @@ func NewDefault() Configuration { return cfg } +// TemplateConfig contains the nginx configuration to render the file nginx.conf type TemplateConfig struct { + MaxOpenFiles int BacklogSize int Backends []*ingress.Backend PassthroughBackends []*ingress.SSLPassthroughBackend diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl index a35907aeb..112527dcf 100644 --- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl +++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl @@ -3,7 +3,9 @@ daemon off; worker_processes {{ $cfg.WorkerProcesses }}; pid /run/nginx.pid; -worker_rlimit_nofile 131072; +{{ if ne .MaxOpenFiles 0 }} +worker_rlimit_nofile {{ .MaxOpenFiles }}; +{{ end}} events { multi_accept on;