cri: add ignore_rdt_not_enabled_errors config option

Enabling this option effectively causes RDT class of a container to be a
soft requirement. If RDT support has not been enabled the RDT class
setting will not have any effect.

Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>

docs/cri/config.md

@@ -143,6 +143,14 @@ version = 2
     # default_runtime_name is the default runtime name to use.
     default_runtime_name = "runc"
 
+    # ignore_rdt_not_enabled_errors disables RDT related errors when RDT
+    # support has not been enabled. Intel RDT is a technology for cache and
+    # memory bandwidth management. By default, trying to set the RDT class of
+    # a container via annotations produces an error if RDT hasn't been enabled.
+    # This config option practically enables a "soft" mode for RDT where these
+    # errors are ignored and the container gets no RDT class.
+    ignore_rdt_not_enabled_errors = false
+
     # 'plugins."io.containerd.grpc.v1.cri".containerd.default_runtime' is the runtime to use in containerd.
     # DEPRECATED: use `default_runtime_name` and `plugins."io.containerd.grpc.v1.cri".containerd.runtimes` instead.
     [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]

pkg/cri/config/config.go

@@ -97,6 +97,10 @@ type ContainerdConfig struct {
 	// remove layers from the content store after successfully unpacking these
 	// layers to the snapshotter.
 	DiscardUnpackedLayers bool `toml:"discard_unpacked_layers" json:"discardUnpackedLayers"`
+
+	// IgnoreRdtNotEnabledErrors is a boolean flag to ignore RDT related errors
+	// when RDT support has not been enabled.
+	IgnoreRdtNotEnabledErrors bool `toml:"ignore_rdt_not_enabled_errors" json:"ignoreRdtNotEnabledErrors"`
 }
 
 // CniConfig contains toml config related to cni

pkg/cri/server/container_create_linux.go

@@ -257,7 +257,7 @@ func (c *criService) containerSpec(
 	supplementalGroups := securityContext.GetSupplementalGroups()
 
 	// Get RDT class
-	rdtClass, err := rdtClassFromAnnotations(config.GetMetadata().GetName(), config.Annotations, sandboxConfig.Annotations)
+	rdtClass, err := c.rdtClassFromAnnotations(config.GetMetadata().GetName(), config.Annotations, sandboxConfig.Annotations)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to set RDT class")
 	}

pkg/cri/server/rdt_linux.go

@@ -23,17 +23,24 @@ import (
 
 	"github.com/containerd/containerd/services/tasks"
 	"github.com/intel/goresctrl/pkg/rdt"
+	"github.com/sirupsen/logrus"
 )
 
 // rdtClassFromAnnotations examines container and pod annotations of a
 // container and returns its effective RDT class.
-func rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
+func (c *criService) rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
 	cls, err := rdt.ContainerClassFromAnnotations(containerName, containerAnnotations, podAnnotations)
 	if err != nil {
 		return "", err
 	}
+
 	if cls != "" && !tasks.RdtEnabled() {
+		if c.config.ContainerdConfig.IgnoreRdtNotEnabledErrors {
+			cls = ""
+			logrus.Debugf("continuing create container %s, ignoring rdt not enabled (%v)", containerName, err)
+		} else {
 			return "", fmt.Errorf("RDT disabled, refusing to set RDT class of container %q to %q", containerName, cls)
 		}
+	}
 	return cls, nil
 }

pkg/cri/server/rdt_stub_linux.go

@@ -18,6 +18,6 @@
 
 package server
 
-func rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
+func (c *criService) rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
 	return "", nil
 }