cri: annotations for controlling RDT class

Use goresctrl for parsing container and pod annotations related to RDT. In practice, from the users' point of view, this patchs adds support for a container annotation and two separate pod annotations for controlling the RDT class of containers. Container annotation can be used by a CRI client: "io.kubernetes.cri.rdt-class" Pod annotations for specifying the RDT class in the K8s pod spec level: "rdt.resources.beta.kubernetes.io/pod" (pod-wide default for all containers within) "rdt.resources.beta.kubernetes.io/container.<container_name>" (container-specific overrides) Annotations are intended as an intermediate step before the CRI API supports RDT. Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
2021-11-03 20:53:33 +02:00 · 2021-11-03 20:53:33 +02:00 · f4a191917b
commit f4a191917b
parent eae14688c6
4 changed files with 79 additions and 0 deletions
--- a/pkg/cri/server/container_create_linux.go
+++ b/pkg/cri/server/container_create_linux.go
@ -256,6 +256,15 @@ func (c *criService) containerSpec(

 	supplementalGroups := securityContext.GetSupplementalGroups()

+	// Get RDT class
+	rdtClass, err := rdtClassFromAnnotations(config.GetMetadata().GetName(), config.Annotations, sandboxConfig.Annotations)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to set RDT class")
+	}
+	if rdtClass != "" {
+		specOpts = append(specOpts, oci.WithRdt(rdtClass, "", ""))
+	}
+
 	for pKey, pValue := range getPassthroughAnnotations(sandboxConfig.Annotations,
 		ociRuntime.PodAnnotations) {
 		specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
--- a/pkg/cri/server/rdt_linux.go
+++ b/pkg/cri/server/rdt_linux.go
@ -0,0 +1,39 @@
+//go:build !no_rdt
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package server
+
+import (
+	"fmt"
+
+	"github.com/containerd/containerd/services/tasks"
+	"github.com/intel/goresctrl/pkg/rdt"
+)
+
+// rdtClassFromAnnotations examines container and pod annotations of a
+// container and returns its effective RDT class.
+func rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
+	cls, err := rdt.ContainerClassFromAnnotations(containerName, containerAnnotations, podAnnotations)
+	if err != nil {
+		return "", err
+	}
+	if cls != "" && !tasks.RdtEnabled() {
+		return "", fmt.Errorf("RDT disabled, refusing to set RDT class of container %q to %q", containerName, cls)
+	}
+	return cls, nil
+}
--- a/pkg/cri/server/rdt_stub_linux.go
+++ b/pkg/cri/server/rdt_stub_linux.go
@ -0,0 +1,23 @@
+//go:build no_rdt
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package server
+
+func rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
+	return "", nil
+}
--- a/services/tasks/rdt_linux.go
+++ b/services/tasks/rdt_linux.go
@ -31,7 +31,13 @@ const (
 	ResctrlPrefix = ""
 )

+var rdtEnabled bool
+
+func RdtEnabled() bool { return rdtEnabled }
+
 func initRdt(configFilePath string) error {
+	rdtEnabled = false
+
 	if configFilePath == "" {
 		log.L.Debug("No RDT config file specified, RDT not configured")
 		return nil
@ -45,6 +51,8 @@ func initRdt(configFilePath string) error {
 		return err
 	}

+	rdtEnabled = true
+
 	return nil

 }