A 3.10 build that is using imageOptimizationPolicy is bypassing cgroup limits (no cgroup setting is being passed to the docker container it creates).
Have not tested with regular docker build.
pretty sure it works for regular docker builds, we have an extended test that looks at the cgroup limits within the Dockerfile execution.
you can add a variant of that test when you fix this:
Do you expect to have this fixed for 3.10? if not, can we set the target release to 3.11 so it's not showing up on the blocker list?
This may need to be back ported to 3.9
1.Create a bc
$ oc create -f https://raw.githubusercontent.com/openshift/origin/master/test/extended/testdata/builds/test-docker-build-quota-optimized.json
2.Start build from dir
$ wget https://raw.githubusercontent.com/openshift/origin/master/test/extended/testdata/builds/build-quota/.s2i/bin/assemble
$ wget https://raw.githubusercontent.com/openshift/origin/master/test/extended/testdata/builds/build-quota/Dockerfile
$ oc start-build docker-build-quota --from-dir=.
3.Check build logs
# oc logs -f build/docker-build-quota-4
Receiving source from STDIN as archive ...
--> FROM centos:7 as 0
--> USER root
--> ADD .s2i/bin/assemble .
--> RUN ./assemble
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.