cri: support blockio class in pod and container annotations
This patch adds support for a container annotation and two separate
pod annotations for controlling the blockio class of containers.
The container annotation can be used by a CRI client:
"io.kubernetes.cri.blockio-class"
Pod annotations specify the blockio class in the K8s pod spec level:
"blockio.resources.beta.kubernetes.io/pod"
(pod-wide default for all containers within)
"blockio.resources.beta.kubernetes.io/container.<container_name>"
(container-specific overrides)
Correspondingly, this patch adds support for --blockio-class and
--blockio-config-file to ctr, too.
This implementation follows the resource class annotation pattern
introduced in RDT and merged in commit 893701220.
Signed-off-by: Antti Kervinen <antti.kervinen@intel.com>
This commit is contained in:
Antti Kervinen
54
pkg/cri/server/blockio_linux.go
Normal file
54
pkg/cri/server/blockio_linux.go
Normal file
@@ -0,0 +1,54 @@
|
||||
//go:build linux
|
||||
// +build linux
|
||||
|
||||
/*
|
||||
Copyright The containerd Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package server
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/containerd/containerd/services/tasks"
|
||||
"github.com/intel/goresctrl/pkg/blockio"
|
||||
runtimespec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// blockIOClassFromAnnotations examines container and pod annotations of a
|
||||
// container and returns its effective blockio class.
|
||||
func (c *criService) blockIOClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
|
||||
cls, err := blockio.ContainerClassFromAnnotations(containerName, containerAnnotations, podAnnotations)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
if cls != "" && !tasks.BlockIOEnabled() {
|
||||
if c.config.ContainerdConfig.IgnoreBlockIONotEnabledErrors {
|
||||
cls = ""
|
||||
logrus.Debugf("continuing create container %s, ignoring blockio not enabled (%v)", containerName, err)
|
||||
} else {
|
||||
return "", fmt.Errorf("blockio disabled, refusing to set blockio class of container %q to %q", containerName, cls)
|
||||
}
|
||||
}
|
||||
return cls, nil
|
||||
}
|
||||
|
||||
// blockIOToLinuxOci converts blockio class name into the LinuxBlockIO
|
||||
// structure in the OCI runtime spec.
|
||||
func blockIOToLinuxOci(className string) (*runtimespec.LinuxBlockIO, error) {
|
||||
return blockio.OciLinuxBlockIO(className)
|
||||
}
|
||||
32
pkg/cri/server/blockio_stub_linux.go
Normal file
32
pkg/cri/server/blockio_stub_linux.go
Normal file
@@ -0,0 +1,32 @@
|
||||
//go:build !linux
|
||||
// +build !linux
|
||||
|
||||
/*
|
||||
Copyright The containerd Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package server
|
||||
|
||||
import (
|
||||
runtimespec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
func (c *criService) blockIOClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
func blockIOToLinuxOci(className string) (*runtimespec.LinuxBlockIO, error) {
|
||||
return nil, nil
|
||||
}
|
||||
@@ -260,6 +260,19 @@ func (c *criService) containerSpec(
|
||||
|
||||
supplementalGroups := securityContext.GetSupplementalGroups()
|
||||
|
||||
// Get blockio class
|
||||
blockIOClass, err := c.blockIOClassFromAnnotations(config.GetMetadata().GetName(), config.Annotations, sandboxConfig.Annotations)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to set blockio class: %w", err)
|
||||
}
|
||||
if blockIOClass != "" {
|
||||
if linuxBlockIO, err := blockIOToLinuxOci(blockIOClass); err == nil {
|
||||
specOpts = append(specOpts, oci.WithBlockIO(linuxBlockIO))
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// Get RDT class
|
||||
rdtClass, err := c.rdtClassFromAnnotations(config.GetMetadata().GetName(), config.Annotations, sandboxConfig.Annotations)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user