envoyproxy/envoy

cgroup_memory.v3.CgroupMemoryConfig is not able to read current memory

Open

#40.668 geöffnet am 11. Aug. 2025

Auf GitHub ansehen
 (15 Kommentare) (1 Reaktion) (0 zugewiesene Personen)C++ (5.373 Forks)batch import
area/resource_monitorsbughelp wanted

Repository-Metriken

Stars
 (27.997 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 8T) (378 gemergte PRs in 30 T)

Beschreibung

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.

Title: cgroup_memory.v3.CgroupMemoryConfig is not able to read current memory from cgroups files.

Description: After specifying cgroup monitor there're errors visible in envoy logs. I verified that envoy user has access to the following file.

Repro steps: Run envoy with config that has cgroup_memory resource monitor specified. I could reproduce it in k8s and also in local Docker.

Admin and Stats Output: N/A

Config:

admin:
  address:
    socket_address: { address: 127.0.0.1, port_value: 9901 }

static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address: { address: 127.0.0.1, port_value: 10000 }
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: ingress_http
                codec_type: AUTO
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: local_service
                      domains: ["*"]
                      routes:
                        - match: { prefix: "/" }
                          route: { cluster: some_service }
                http_filters:
                  - name: envoy.filters.http.router
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  clusters:
    - name: some_service
      connect_timeout: 0.25s
      type: STATIC
      lb_policy: ROUND_ROBIN
      load_assignment:
        cluster_name: some_service
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: 127.0.0.1
                      port_value: 1234

overload_manager:
  refresh_interval: 0.1s
  resource_monitors:
    - name: "envoy.resource_monitors.cgroup_memory"
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.resource_monitors.cgroup_memory.v3.CgroupMemoryConfig

  actions:
    - name: "envoy.overload_actions.stop_accepting_requests"
      triggers:
        - name: "envoy.resource_monitors.cgroup_memory"
          threshold:
            value: 0.9

Logs:

[2025-08-11 11:38:50.178][1][info][main] [source/server/overload_manager_impl.cc:754] Failed to update resource envoy.resource_monitors.cgroup_memory: Unable to read memory stats file at /sys/fs/cgroup/memory.current
[2025-08-11 11:38:50.279][1][info][main] [source/server/overload_manager_impl.cc:754] Failed to update resource envoy.resource_monitors.cgroup_memory: Unable to read memory stats file at /sys/fs/cgroup/memory.current
[2025-08-11 11:38:50.380][1][info][main] [source/server/overload_manager_impl.cc:754] Failed to update resource envoy.resource_monitors.cgroup_memory: Unable to read memory stats file at /sys/fs/cgroup/memory.current

Contributor Guide