Bump memory to help CVE-patched runc start containers

[arnaudmz]

Initcontainers fail with message : message: 'OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"process_linux.go:367: setting cgroup config for procHooks process caused \\\"failed to write 10485760 to memory.limit_in_bytes: write /sys/fs/cgroup/memory/kubepods/burstable/pod8b46ac66-3396-11e9-8868-06008508f8fe/312653fa8dac427416a12f4d3398ced9782229867907f8179697e8858f7a401d/memory.limit_in_bytes: device or resource busy\\\"\"": unknown' reason: ContainerCannotRun

[ese]

@arnaudmz could you explain how that value can affect to patched runc?

[arnaudmz]

I ran into this issue (opencontainers/runc#1980) related to runc that seems to show that due to the copy of runc binary, their conclusion is :

We need to set higher memory limit for the container to run, and the minimum limit is larger than the runc binary size
Before 6635b4f, the minimum limit is not that high, and much lower than the runc binary size.
This is a regression to users, their existing workloads may not run without tweaking memory limit.

[ese]

Thank you so much @arnaudmz

[arnaudmz]

Thanks.

Can you tell me if latest image on quay.io contains the fix?

[jchanam]

@arnaudmz I'm creating a release. I'll tell you as soon as I have it.

[arnaudmz]

@jchanam, great, thanks.

[jchanam]

@arnaudmz Version 0.5.5 is released

[malczun]

I'm sorry I'm digging up the subject that's 3 months old, but I'm having the same problem and it only stops at about 24Mi for memory. Could I make a PR that bump this to 32Mi to have more margin?