workloads: set workload for conmon as well #4907
Conversation
|
still not super happy with it, needs some tweaking of the APIs but I wante to throw it at ci |
42f1833 to
c589989
Compare
|
/retest |
8692892 to
67bd771
Compare
|
I've been puzzling over whether I can come up with a cleaner API between internal/oci/oci_linux and internal/config/cgmgr and I haven't. LinuxResources can be scraped from a spec (so we can reuse the pkg/config/workloads.go function MutateCgroupGivenAnnotation), and holds all the information we may want (configuration of cgroups). if someone can think of something better I'm here to listen, but I think this is ready |
184350f to
00b5c19
Compare
|
/retest |
1 similar comment
|
/retest |
00b5c19 to
569eeeb
Compare
|
|
||
| logrus.Debugf("Running conmon under slice %s and unitName %s", cgroupParent, conmonUnitName) | ||
| if err := utils.RunUnderSystemdScope(pid, cgroupParent, conmonUnitName, killSignalProp, systemdDbus.PropAfter("crio.service")); err != nil { | ||
| if err := utils.RunUnderSystemdScope(pid, cgroupParent, conmonUnitName, props...); err != nil { |
There was a problem hiding this comment.
Wonder if it's possible to reuse runc systemd manager's Apply()/Set() here. It does a job similar to utils.RunUnderSystemdScope, can be used to set arbitrary properties (via cgroups.SystemdProps), and in general does a better job.
There was a problem hiding this comment.
unfortunatley Apply/Set aren't yet a very portable API (from what I was able to put together). Here's what I had to do to use them for this case: haircommander@82b0997 . I would believe I haven't used the API correctly, but I think I'd like to port this to using runc at a later time (if ever)
569eeeb to
6213b85
Compare
6213b85 to
78939f2
Compare
|
/retest |
ad21927 to
66cedc5
Compare
server/cri/types/types.go
Outdated
| PodSandboxStateSandboxReady PodSandboxState = 0 | ||
| PodSandboxStateSandboxNotReady PodSandboxState = 1 | ||
|
|
||
| InfraName = "POD" |
There was a problem hiding this comment.
Can we name this InfraContainerName ?
test/workloads.bats
Outdated
|
|
||
| if [ -z "$cpushares" ]; then | ||
| [[ $(jq -r .linux.resources.cpu.shares < "$config") == 0 ]] | ||
| [[ $(jq .linux.resources.cpu.shares < "$config") == *"$cpushares"* ]] |
There was a problem hiding this comment.
Why is the code in both the branches the same?
There was a problem hiding this comment.
no idea how that got there haha
test/workloads.bats
Outdated
| else | ||
| [[ "$cpuset" == *"$found_cpuset"* ]] | ||
| fi | ||
| # cgroup_v2 doesn't have an analogue for cpushares |
There was a problem hiding this comment.
cgroups v2 equivalent is cpu.weight.
See the conversion table here - https://github.com/containers/crun/blob/master/crun.1.md
There was a problem hiding this comment.
ah! I attempted to update
a120519 to
7a4bc63
Compare
|
/retest |
7a4bc63 to
6035b9a
Compare
Signed-off-by: Peter Hunt <[email protected]>
there's a line in the kubelet leaky file that says it should be deleted we need an importable InfraName anyway, so move all references from leaky.PodContainerName or infraName to server/cri/types.InfraName Signed-off-by: Peter Hunt <[email protected]>
Signed-off-by: Peter Hunt <[email protected]>
currently, workloads are only configured for the containers in the pod. This is insufficient for clients that want to keep a whole pod confined in a workload. Add functionality where conmon will also be put into the workload Signed-off-by: Peter Hunt <[email protected]>
Signed-off-by: Peter Hunt <[email protected]>
…CPUs Signed-off-by: Peter Hunt <[email protected]>
6035b9a to
4860dd2
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: haircommander, mrunalp The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@haircommander: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/cherry-pick release-1.21 |
|
@haircommander: #4907 failed to apply on top of branch "release-1.21": DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What type of PR is this?
/kind bug
What this PR does / why we need it:
before, we were only setting workload settings for the containers in a pod. This was a gap, as a user may want to have the whole pod-i.e conmon-be confined as well.
Add functionality to put conmon in the workload, configurable by the "POD" label
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?