A 3.10 build that is using imageOptimizationPolicy is bypassing cgroup limits (no cgroup setting is being passed to the docker container it creates). Have not tested with regular docker build.
pretty sure it works for regular docker builds, we have an extended test that looks at the cgroup limits within the Dockerfile execution. you can add a variant of that test when you fix this: https://github.com/openshift/origin/blob/master/test/extended/builds/docker_quota.go#L14 Do you expect to have this fixed for 3.10? if not, can we set the target release to 3.11 so it's not showing up on the blocker list?
https://github.com/openshift/origin/pull/19592
This may need to be back ported to 3.9
Verified openshift v3.10.0-0.41.0 kubernetes v1.10.0+b81c8f8 etcd 3.2.16 Reproduce steps: 1.Create a bc $ oc create -f https://raw.githubusercontent.com/openshift/origin/master/test/extended/testdata/builds/test-docker-build-quota-optimized.json 2.Start build from dir $ wget https://raw.githubusercontent.com/openshift/origin/master/test/extended/testdata/builds/build-quota/.s2i/bin/assemble $ wget https://raw.githubusercontent.com/openshift/origin/master/test/extended/testdata/builds/build-quota/Dockerfile $ oc start-build docker-build-quota --from-dir=. 3.Check build logs # oc logs -f build/docker-build-quota-4 Receiving source from STDIN as archive ... --> FROM centos:7 as 0 --> USER root --> ADD .s2i/bin/assemble . --> RUN ./assemble MEMORY=209715200 MEMORYSWAP=209715200 QUOTA=-1 SHARES=1024 PERIOD=100000
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1816