From f4a191917b4fe7161ef43043cad5535789600984 Mon Sep 17 00:00:00 2001
From: Markus Lehtonen <markus.lehtonen@intel.com>
Date: Wed, 3 Nov 2021 20:53:33 +0200
Subject: [PATCH] cri: annotations for controlling RDT class

Use goresctrl for parsing container and pod annotations related to RDT.

In practice, from the users' point of view, this patchs adds support for
a container annotation and two separate pod annotations for controlling
the RDT class of containers.

Container annotation can be used by a CRI client:
  "io.kubernetes.cri.rdt-class"

Pod annotations for specifying the RDT class in the K8s pod spec level:
  "rdt.resources.beta.kubernetes.io/pod"
  (pod-wide default for all containers within)

  "rdt.resources.beta.kubernetes.io/container.<container_name>"
  (container-specific overrides)

Annotations are intended as an intermediate step before the CRI API
supports RDT.

Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
---
 pkg/cri/server/container_create_linux.go |  9 ++++++
 pkg/cri/server/rdt_linux.go              | 39 ++++++++++++++++++++++++
 pkg/cri/server/rdt_stub_linux.go         | 23 ++++++++++++++
 services/tasks/rdt_linux.go              |  8 +++++
 4 files changed, 79 insertions(+)
 create mode 100644 pkg/cri/server/rdt_linux.go
 create mode 100644 pkg/cri/server/rdt_stub_linux.go

diff --git a/pkg/cri/server/container_create_linux.go b/pkg/cri/server/container_create_linux.go
index f94e1509d..5b1611cc9 100644
--- a/pkg/cri/server/container_create_linux.go
+++ b/pkg/cri/server/container_create_linux.go
@@ -256,6 +256,15 @@ func (c *criService) containerSpec(
 
 	supplementalGroups := securityContext.GetSupplementalGroups()
 
+	// Get RDT class
+	rdtClass, err := rdtClassFromAnnotations(config.GetMetadata().GetName(), config.Annotations, sandboxConfig.Annotations)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to set RDT class")
+	}
+	if rdtClass != "" {
+		specOpts = append(specOpts, oci.WithRdt(rdtClass, "", ""))
+	}
+
 	for pKey, pValue := range getPassthroughAnnotations(sandboxConfig.Annotations,
 		ociRuntime.PodAnnotations) {
 		specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
diff --git a/pkg/cri/server/rdt_linux.go b/pkg/cri/server/rdt_linux.go
new file mode 100644
index 000000000..d8077c33a
--- /dev/null
+++ b/pkg/cri/server/rdt_linux.go
@@ -0,0 +1,39 @@
+//go:build !no_rdt
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package server
+
+import (
+	"fmt"
+
+	"github.com/containerd/containerd/services/tasks"
+	"github.com/intel/goresctrl/pkg/rdt"
+)
+
+// rdtClassFromAnnotations examines container and pod annotations of a
+// container and returns its effective RDT class.
+func rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
+	cls, err := rdt.ContainerClassFromAnnotations(containerName, containerAnnotations, podAnnotations)
+	if err != nil {
+		return "", err
+	}
+	if cls != "" && !tasks.RdtEnabled() {
+		return "", fmt.Errorf("RDT disabled, refusing to set RDT class of container %q to %q", containerName, cls)
+	}
+	return cls, nil
+}
diff --git a/pkg/cri/server/rdt_stub_linux.go b/pkg/cri/server/rdt_stub_linux.go
new file mode 100644
index 000000000..c8882c063
--- /dev/null
+++ b/pkg/cri/server/rdt_stub_linux.go
@@ -0,0 +1,23 @@
+//go:build no_rdt
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package server
+
+func rdtClassFromAnnotations(containerName string, containerAnnotations, podAnnotations map[string]string) (string, error) {
+	return "", nil
+}
diff --git a/services/tasks/rdt_linux.go b/services/tasks/rdt_linux.go
index e70d280c0..ff798368c 100644
--- a/services/tasks/rdt_linux.go
+++ b/services/tasks/rdt_linux.go
@@ -31,7 +31,13 @@ const (
 	ResctrlPrefix = ""
 )
 
+var rdtEnabled bool
+
+func RdtEnabled() bool { return rdtEnabled }
+
 func initRdt(configFilePath string) error {
+	rdtEnabled = false
+
 	if configFilePath == "" {
 		log.L.Debug("No RDT config file specified, RDT not configured")
 		return nil
@@ -45,6 +51,8 @@ func initRdt(configFilePath string) error {
 		return err
 	}
 
+	rdtEnabled = true
+
 	return nil
 
 }