windows: Add runhcs-wcow-hypervisor runtimeclass to the default config
As part of the effort of getting hypervisor isolated windows container support working for the CRI entrypoint here, add the runhcs-wcow-hypervisor handler for the default config. This sets the correct SandboxIsolation value that the Windows shim uses to differentiate process vs. hypervisor isolation. This change additionally sets the wcow-process runtime to passthrough io.microsoft.container* annotations and the hypervisor runtime to accept io.microsoft.virtualmachine* annotations. Note that for K8s users this runtime handler will need to be configured by creating the corresponding RuntimeClass resources on the cluster as it's not the default runtime. Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This commit is contained in:
Daniel Canter
parent
f4a905109b
commit
f0036cb9dc
@ -40,7 +40,28 @@ func DefaultConfig() PluginConfig {
|
|||||||
NoPivot: false,
|
NoPivot: false,
|
||||||
Runtimes: map[string]Runtime{
|
Runtimes: map[string]Runtime{
|
||||||
"runhcs-wcow-process": {
|
"runhcs-wcow-process": {
|
||||||
Type: "io.containerd.runhcs.v1",
|
Type: "io.containerd.runhcs.v1",
|
||||||
|
ContainerAnnotations: []string{"io.microsoft.container.*"},
|
||||||
|
},
|
||||||
|
"runhcs-wcow-hypervisor": {
|
||||||
|
Type: "io.containerd.runhcs.v1",
|
||||||
|
PodAnnotations: []string{"io.microsoft.virtualmachine.*"},
|
||||||
|
ContainerAnnotations: []string{"io.microsoft.container.*"},
|
||||||
|
// Full set of Windows shim options:
|
||||||
|
// https://pkg.go.dev/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options#Options
|
||||||
|
Options: map[string]interface{}{
|
||||||
|
// SandboxIsolation specifies the isolation level of the sandbox.
|
||||||
|
// PROCESS (0) and HYPERVISOR (1) are the valid options.
|
||||||
|
"SandboxIsolation": 1,
|
||||||
|
// ScaleCpuLimitsToSandbox indicates that the containers CPU
|
||||||
|
// maximum value (specifies the portion of processor cycles that
|
||||||
|
// a container can use as a percentage times 100) should be adjusted
|
||||||
|
// to account for the difference in the number of cores between the
|
||||||
|
// host and UVM.
|
||||||
|
//
|
||||||
|
// This should only be turned on if SandboxIsolation is 1.
|
||||||
|
"ScaleCpuLimitsToSandbox": true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user