config: TolerateMissingHugePagesCgroupController -> TolerateMissingHugetlbController
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda
parent
b69d7bdc5f
commit
fe6833a9a4
@ -45,6 +45,11 @@ version = 2
|
|||||||
# It generates a self-sign certificate unless the following x509_key_pair_streaming are both set.
|
# It generates a self-sign certificate unless the following x509_key_pair_streaming are both set.
|
||||||
enable_tls_streaming = false
|
enable_tls_streaming = false
|
||||||
|
|
||||||
|
# tolerate_missing_hugetlb_controller if set to false will error out on create/update
|
||||||
|
# container requests with huge page limits if the cgroup controller for hugepages is not present.
|
||||||
|
# This helps with supporting Kubernetes <=1.18 out of the box. (default is `true`)
|
||||||
|
tolerate_missing_hugetlb_controller = true
|
||||||
|
|
||||||
# ignore_image_defined_volumes ignores volumes defined by the image. Useful for better resource
|
# ignore_image_defined_volumes ignores volumes defined by the image. Useful for better resource
|
||||||
# isolation, security and early detection of issues in the mount configuration when using
|
# isolation, security and early detection of issues in the mount configuration when using
|
||||||
# ReadOnlyRootFilesystem since containers won't silently mount a temporary volume.
|
# ReadOnlyRootFilesystem since containers won't silently mount a temporary volume.
|
||||||
|
|||||||
@ -232,10 +232,10 @@ type PluginConfig struct {
|
|||||||
// UnsetSeccompProfile is the profile containerd/cri will use If the provided seccomp profile is
|
// UnsetSeccompProfile is the profile containerd/cri will use If the provided seccomp profile is
|
||||||
// unset (`""`) for a container (default is `unconfined`)
|
// unset (`""`) for a container (default is `unconfined`)
|
||||||
UnsetSeccompProfile string `toml:"unset_seccomp_profile" json:"unsetSeccompProfile"`
|
UnsetSeccompProfile string `toml:"unset_seccomp_profile" json:"unsetSeccompProfile"`
|
||||||
// TolerateMissingHugePagesCgroupController if set to false will error out on create/update
|
// TolerateMissingHugetlbController if set to false will error out on create/update
|
||||||
// container requests with huge page limits if the cgroup controller for hugepages is not present.
|
// container requests with huge page limits if the cgroup controller for hugepages is not present.
|
||||||
// This helps with supporting Kubernetes <=1.18 out of the box. (default is `true`)
|
// This helps with supporting Kubernetes <=1.18 out of the box. (default is `true`)
|
||||||
TolerateMissingHugePagesCgroupController bool `toml:"tolerate_missing_hugepages_cgroup_controller" json:"tolerateMissingHugePagesCgroupController"`
|
TolerateMissingHugetlbController bool `toml:"tolerate_missing_hugetlb_controller" json:"tolerateMissingHugetlbController"`
|
||||||
// IgnoreImageDefinedVolumes ignores volumes defined by the image. Useful for better resource
|
// IgnoreImageDefinedVolumes ignores volumes defined by the image. Useful for better resource
|
||||||
// isolation, security and early detection of issues in the mount configuration when using
|
// isolation, security and early detection of issues in the mount configuration when using
|
||||||
// ReadOnlyRootFilesystem since containers won't silently mount a temporary volume.
|
// ReadOnlyRootFilesystem since containers won't silently mount a temporary volume.
|
||||||
|
|||||||
@ -65,7 +65,7 @@ func DefaultConfig() PluginConfig {
|
|||||||
},
|
},
|
||||||
MaxConcurrentDownloads: 3,
|
MaxConcurrentDownloads: 3,
|
||||||
DisableProcMount: false,
|
DisableProcMount: false,
|
||||||
TolerateMissingHugePagesCgroupController: true,
|
TolerateMissingHugetlbController: true,
|
||||||
IgnoreImageDefinedVolumes: false,
|
IgnoreImageDefinedVolumes: false,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -408,7 +408,7 @@ func WithSelinuxLabels(process, mount string) oci.SpecOpts {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// WithResources sets the provided resource restrictions
|
// WithResources sets the provided resource restrictions
|
||||||
func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugePagesCgroupController bool) oci.SpecOpts {
|
func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController bool) oci.SpecOpts {
|
||||||
return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) (err error) {
|
return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) (err error) {
|
||||||
if resources == nil {
|
if resources == nil {
|
||||||
return nil
|
return nil
|
||||||
@ -451,7 +451,7 @@ func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHu
|
|||||||
if limit != 0 {
|
if limit != 0 {
|
||||||
s.Linux.Resources.Memory.Limit = &limit
|
s.Linux.Resources.Memory.Limit = &limit
|
||||||
}
|
}
|
||||||
if isHugePagesControllerPresent() {
|
if isHugetlbControllerPresent() {
|
||||||
for _, limit := range hugepages {
|
for _, limit := range hugepages {
|
||||||
s.Linux.Resources.HugepageLimits = append(s.Linux.Resources.HugepageLimits, runtimespec.LinuxHugepageLimit{
|
s.Linux.Resources.HugepageLimits = append(s.Linux.Resources.HugepageLimits, runtimespec.LinuxHugepageLimit{
|
||||||
Pagesize: limit.PageSize,
|
Pagesize: limit.PageSize,
|
||||||
@ -459,9 +459,9 @@ func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHu
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if !tolerateMissingHugePagesCgroupController {
|
if !tolerateMissingHugetlbController {
|
||||||
return errors.Errorf("huge pages limits are specified but hugetlb cgroup controller is missing. " +
|
return errors.Errorf("huge pages limits are specified but hugetlb cgroup controller is missing. " +
|
||||||
"Please set tolerate_missing_hugepages_cgroup_controller to `true` to ignore this error")
|
"Please set tolerate_missing_hugetlb_controller to `true` to ignore this error")
|
||||||
}
|
}
|
||||||
logrus.Warn("hugetlb cgroup controller is absent. skipping huge pages limits")
|
logrus.Warn("hugetlb cgroup controller is absent. skipping huge pages limits")
|
||||||
}
|
}
|
||||||
@ -474,7 +474,7 @@ var (
|
|||||||
supportsHugetlb bool
|
supportsHugetlb bool
|
||||||
)
|
)
|
||||||
|
|
||||||
func isHugePagesControllerPresent() bool {
|
func isHugetlbControllerPresent() bool {
|
||||||
supportsHugetlbOnce.Do(func() {
|
supportsHugetlbOnce.Do(func() {
|
||||||
supportsHugetlb = false
|
supportsHugetlb = false
|
||||||
if IsCgroup2UnifiedMode() {
|
if IsCgroup2UnifiedMode() {
|
||||||
|
|||||||
@ -225,7 +225,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
|
|||||||
if c.config.DisableCgroup {
|
if c.config.DisableCgroup {
|
||||||
specOpts = append(specOpts, customopts.WithDisabledCgroups)
|
specOpts = append(specOpts, customopts.WithDisabledCgroups)
|
||||||
} else {
|
} else {
|
||||||
specOpts = append(specOpts, customopts.WithResources(config.GetLinux().GetResources(), c.config.TolerateMissingHugePagesCgroupController))
|
specOpts = append(specOpts, customopts.WithResources(config.GetLinux().GetResources(), c.config.TolerateMissingHugetlbController))
|
||||||
if sandboxConfig.GetLinux().GetCgroupParent() != "" {
|
if sandboxConfig.GetLinux().GetCgroupParent() != "" {
|
||||||
cgroupsPath := getCgroupsPath(sandboxConfig.GetLinux().GetCgroupParent(), id)
|
cgroupsPath := getCgroupsPath(sandboxConfig.GetLinux().GetCgroupParent(), id)
|
||||||
specOpts = append(specOpts, oci.WithCgroup(cgroupsPath))
|
specOpts = append(specOpts, oci.WithCgroup(cgroupsPath))
|
||||||
|
|||||||
@ -73,7 +73,7 @@ func (c *criService) updateContainerResources(ctx context.Context,
|
|||||||
return errors.Wrap(err, "failed to get container spec")
|
return errors.Wrap(err, "failed to get container spec")
|
||||||
}
|
}
|
||||||
newSpec, err := updateOCILinuxResource(ctx, oldSpec, resources,
|
newSpec, err := updateOCILinuxResource(ctx, oldSpec, resources,
|
||||||
c.config.TolerateMissingHugePagesCgroupController)
|
c.config.TolerateMissingHugetlbController)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "failed to update resource in spec")
|
return errors.Wrap(err, "failed to update resource in spec")
|
||||||
}
|
}
|
||||||
@ -134,7 +134,7 @@ func updateContainerSpec(ctx context.Context, cntr containerd.Container, spec *r
|
|||||||
|
|
||||||
// updateOCILinuxResource updates container resource limit.
|
// updateOCILinuxResource updates container resource limit.
|
||||||
func updateOCILinuxResource(ctx context.Context, spec *runtimespec.Spec, new *runtime.LinuxContainerResources,
|
func updateOCILinuxResource(ctx context.Context, spec *runtimespec.Spec, new *runtime.LinuxContainerResources,
|
||||||
tolerateMissingHugePagesCgroupController bool) (*runtimespec.Spec, error) {
|
tolerateMissingHugetlbController bool) (*runtimespec.Spec, error) {
|
||||||
// Copy to make sure old spec is not changed.
|
// Copy to make sure old spec is not changed.
|
||||||
var cloned runtimespec.Spec
|
var cloned runtimespec.Spec
|
||||||
if err := util.DeepCopy(&cloned, spec); err != nil {
|
if err := util.DeepCopy(&cloned, spec); err != nil {
|
||||||
@ -143,7 +143,7 @@ func updateOCILinuxResource(ctx context.Context, spec *runtimespec.Spec, new *ru
|
|||||||
if cloned.Linux == nil {
|
if cloned.Linux == nil {
|
||||||
cloned.Linux = &runtimespec.Linux{}
|
cloned.Linux = &runtimespec.Linux{}
|
||||||
}
|
}
|
||||||
if err := opts.WithResources(new, tolerateMissingHugePagesCgroupController)(ctx, nil, nil, &cloned); err != nil {
|
if err := opts.WithResources(new, tolerateMissingHugetlbController)(ctx, nil, nil, &cloned); err != nil {
|
||||||
return nil, errors.Wrap(err, "unable to set linux container resources")
|
return nil, errors.Wrap(err, "unable to set linux container resources")
|
||||||
}
|
}
|
||||||
return &cloned, nil
|
return &cloned, nil
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user