envoyproxy/envoy

cgroup_memory.v3.CgroupMemoryConfig is not able to read current memory

Open

#40,668 opened on 2025年8月11日

GitHub で見る
 (15 comments) (1 reaction) (0 assignees)C++ (5,373 forks)batch import
area/resource_monitorsbughelp wanted

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (平均マージ 8d) (30d で 378 merged PRs)

説明

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.

Title: cgroup_memory.v3.CgroupMemoryConfig is not able to read current memory from cgroups files.

Description: After specifying cgroup monitor there're errors visible in envoy logs. I verified that envoy user has access to the following file.

Repro steps: Run envoy with config that has cgroup_memory resource monitor specified. I could reproduce it in k8s and also in local Docker.

Admin and Stats Output: N/A

Config:

admin:
  address:
    socket_address: { address: 127.0.0.1, port_value: 9901 }

static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address: { address: 127.0.0.1, port_value: 10000 }
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: ingress_http
                codec_type: AUTO
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: local_service
                      domains: ["*"]
                      routes:
                        - match: { prefix: "/" }
                          route: { cluster: some_service }
                http_filters:
                  - name: envoy.filters.http.router
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  clusters:
    - name: some_service
      connect_timeout: 0.25s
      type: STATIC
      lb_policy: ROUND_ROBIN
      load_assignment:
        cluster_name: some_service
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: 127.0.0.1
                      port_value: 1234

overload_manager:
  refresh_interval: 0.1s
  resource_monitors:
    - name: "envoy.resource_monitors.cgroup_memory"
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.resource_monitors.cgroup_memory.v3.CgroupMemoryConfig

  actions:
    - name: "envoy.overload_actions.stop_accepting_requests"
      triggers:
        - name: "envoy.resource_monitors.cgroup_memory"
          threshold:
            value: 0.9

Logs:

[2025-08-11 11:38:50.178][1][info][main] [source/server/overload_manager_impl.cc:754] Failed to update resource envoy.resource_monitors.cgroup_memory: Unable to read memory stats file at /sys/fs/cgroup/memory.current
[2025-08-11 11:38:50.279][1][info][main] [source/server/overload_manager_impl.cc:754] Failed to update resource envoy.resource_monitors.cgroup_memory: Unable to read memory stats file at /sys/fs/cgroup/memory.current
[2025-08-11 11:38:50.380][1][info][main] [source/server/overload_manager_impl.cc:754] Failed to update resource envoy.resource_monitors.cgroup_memory: Unable to read memory stats file at /sys/fs/cgroup/memory.current

コントリビューターガイド