1. Introduction

Out of Memory (OOM) situations can cause processes to be terminated by the Linux kernel. Kubernetes interacts with the kernel’s OOM killer through cgroups (control groups) to enforce memory limits on containers.

2. OOM Score (oom_score_adj)

Linux Kernel OOM Killer

• The Linux kernel assigns an OOM score to each process, which determines its priority for termination when the system runs out of memory.
• The OOM killer is responsible for selecting and terminating processes based on this score.

Kubernetes & OOM Score

• Kubernetes does not modify the OOM score directly.
• However, it sets oom_score_adj for processes based on container QoS classes:
  • Guaranteed: Least likely to be killed (oom_score_adj = -998 to -999).
  • Burstable: Medium likelihood of termination (oom_score_adj = 0).
  • BestEffort: Most likely to be killed (oom_score_adj = 1000).

3. Kubernetes and Control Groups (cgroups)

What Are cgroups?

• cgroups (control groups) are a Linux kernel feature that limits and allocates CPU, memory, and I/O resources among processes.
• Kubernetes does not directly manage cgroups but relies on the container runtime (e.g., containerd, Docker, CRI-O) to enforce cgroup limits.

How Kubernetes Uses cgroups

When defining resource requests and limits in Kubernetes:

resources:
  requests:
    memory: "512Mi"
    cpu: "250m"
  limits:
    memory: "2Gi"
    cpu: "1"

• Kubernetes creates a cgroup for this container and instructs the container runtime:
  • "Ensure this container gets at least 512MiB RAM but no more than 2GiB."
  • "Ensure it gets at least 250m CPU (0.25 cores) but no more than 1 full CPU core."
• If the container exceeds 2GiB memory, the Linux kernel will kill it (OOM Kill).