github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

windows: Add runhcs-wcow-hypervisor runtimeclass to the default config

Browse Source 
As part of the effort of getting hypervisor isolated windows container
support working for the CRI entrypoint here, add the runhcs-wcow-hypervisor
handler for the default config. This sets the correct SandboxIsolation
value that the Windows shim uses to differentiate process vs. hypervisor
isolation. This change additionally sets the wcow-process runtime to
passthrough io.microsoft.container* annotations and the hypervisor runtime
to accept io.microsoft.virtualmachine* annotations.

Note that for K8s users this runtime handler will need to be configured by
creating the corresponding RuntimeClass resources on the cluster as it's
not the default runtime.

Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This commit is contained in:
Daniel Canter 2022-05-05 20:41:11 -07:00
parent f4a905109b
commit f0036cb9dc
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/cri/config/config_windows.go
View File

@ -41,6 +41,27 @@ func DefaultConfig() PluginConfig {
Runtimes: map[string]Runtime{ Runtimes: map[string]Runtime{
"runhcs-wcow-process": { "runhcs-wcow-process": {
Type: "io.containerd.runhcs.v1", Type: "io.containerd.runhcs.v1",
ContainerAnnotations: []string{"io.microsoft.container.*"},
},
"runhcs-wcow-hypervisor": {
Type: "io.containerd.runhcs.v1",
PodAnnotations: []string{"io.microsoft.virtualmachine.*"},
ContainerAnnotations: []string{"io.microsoft.container.*"},
// Full set of Windows shim options:
// https://pkg.go.dev/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options#Options
Options: map[string]interface{}{
// SandboxIsolation specifies the isolation level of the sandbox.
// PROCESS (0) and HYPERVISOR (1) are the valid options.
"SandboxIsolation": 1,
// ScaleCpuLimitsToSandbox indicates that the containers CPU
// maximum value (specifies the portion of processor cycles that
// a container can use as a percentage times 100) should be adjusted
// to account for the difference in the number of cores between the
// host and UVM.
//
// This should only be turned on if SandboxIsolation is 1.
"ScaleCpuLimitsToSandbox": true,
},
}, },
}, },
}, },