Anybody knows how to change ulimit for memlock in RKE2 (containerd)? In RKE1 we set it via /etc/docker/daemon.json, something like this: --

{

"log-driver": "json-file",

"log-opts": {

"max-size": "100m",

"max-file": "3"

},

"default-ulimits": {

"memlock": {

"Name": "memlock",

"Hard": -1,

"Soft": -1

}

}

}

--- In RKE2 I tried it via /etc/security/limits.conf, but it’s not working, still can see mlock=64 in pods. Appreciate any suggestions. We run ubuntu 22.04 on nodes.

set them in the rke2 systemd unit

you meant in rke2-server unit?

rke2-server rke2-agent, whatever you have

rke2-server what I have. Will try it.

something is rewriting your systemd unit file?

I suspect it’s system-upgrade-controller

no, that wouldn’t manage it either, that just replaces the binary

yes, it’s rancher downstream cluster

there are many kinds of downstream clusters

it’s custom, we manage nodes ourselves

so you provisioned it via Rancher, as opposed to installing RKE2 manually and then importing it into Rancher

yep, create cluster, then install agent via cloud-init. Usual stuff. It’s bare-metal nodes BTW

yeah so that is what we could call a Rancher provisioned cluster, and the config is managed by rancher-system-agent

yep