|
|
@@ -53,7 +53,6 @@ func (m *kubeGenericRuntimeManager) generateWindowsContainerConfig(container *v1
|
|
|
|
SecurityContext: &runtimeapi.WindowsContainerSecurityContext{},
|
|
|
|
SecurityContext: &runtimeapi.WindowsContainerSecurityContext{},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
cpuRequest := container.Resources.Requests.Cpu()
|
|
|
|
|
|
|
|
cpuLimit := container.Resources.Limits.Cpu()
|
|
|
|
cpuLimit := container.Resources.Limits.Cpu()
|
|
|
|
isolatedByHyperv := kubeletapis.ShouldIsolatedByHyperV(pod.Annotations)
|
|
|
|
isolatedByHyperv := kubeletapis.ShouldIsolatedByHyperV(pod.Annotations)
|
|
|
|
if !cpuLimit.IsZero() {
|
|
|
|
if !cpuLimit.IsZero() {
|
|
|
@@ -61,7 +60,35 @@ func (m *kubeGenericRuntimeManager) generateWindowsContainerConfig(container *v1
|
|
|
|
// as only 64 processors are available for execution by a given process. This causes
|
|
|
|
// as only 64 processors are available for execution by a given process. This causes
|
|
|
|
// some oddities on systems with more than 64 processors.
|
|
|
|
// some oddities on systems with more than 64 processors.
|
|
|
|
// Refer https://msdn.microsoft.com/en-us/library/windows/desktop/dd405503(v=vs.85).aspx.
|
|
|
|
// Refer https://msdn.microsoft.com/en-us/library/windows/desktop/dd405503(v=vs.85).aspx.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Since Kubernetes doesn't have any notion of weight in the Pod/Container API, only limits/reserves, then applying CpuMaximum only
|
|
|
|
|
|
|
|
// will better follow the intent of the user. At one point CpuWeights were set, but this prevented limits from having any effect.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// There are 3 parts to how this works:
|
|
|
|
|
|
|
|
// Part one - Windows kernel
|
|
|
|
|
|
|
|
// cpuMaximum is documented at https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/resource-controls
|
|
|
|
|
|
|
|
// the range and how it relates to number of CPUs is at https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_cpu_rate_control_information
|
|
|
|
|
|
|
|
// For process isolation, these are applied to the job object setting JOB_OBJECT_CPU_RATE_CONTROL_ENABLE, which can be set to either
|
|
|
|
|
|
|
|
// JOB_OBJECT_CPU_RATE_CONTROL_WEIGHT_BASED or JOB_OBJECT_CPU_RATE_CONTROL_HARD_CAP. This is why the settings are mutually exclusive.
|
|
|
|
|
|
|
|
// Part two - Docker (doc: https://docs.docker.com/engine/api/v1.30)
|
|
|
|
|
|
|
|
// If both CpuWeight and CpuMaximum are passed to Docker, then it sets
|
|
|
|
|
|
|
|
// JOB_OBJECT_CPU_RATE_CONTROL_ENABLE = JOB_OBJECT_CPU_RATE_CONTROL_WEIGHT_BASED ignoring CpuMaximum.
|
|
|
|
|
|
|
|
// Option a: Set HostConfig.CpuPercent. The units are whole percent of the total CPU capacity of the system, meaning the resolution
|
|
|
|
|
|
|
|
// is different based on the number of cores.
|
|
|
|
|
|
|
|
// Option b: Set HostConfig.NanoCpus integer <int64> - CPU quota in units of 10e-9 CPUs. Moby scales this to the Windows job object
|
|
|
|
|
|
|
|
// resolution of 1-10000, so it's higher resolution than option a.
|
|
|
|
|
|
|
|
// src: https://github.com/moby/moby/blob/10866714412aea1bb587d1ad14b2ce1ba4cf4308/daemon/oci_windows.go#L426
|
|
|
|
|
|
|
|
// Part three - CRI & ContainerD's implementation
|
|
|
|
|
|
|
|
// The kubelet sets these directly on CGroups in Linux, but needs to pass them across CRI on Windows.
|
|
|
|
|
|
|
|
// There is an existing cpu_maximum field, with a range of percent * 100, so 1-10000. This is different from Docker, but consistent with OCI
|
|
|
|
|
|
|
|
// https://github.com/kubernetes/kubernetes/blob/56d1c3b96d0a544130a82caad33dd57629b8a7f8/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/api.proto#L681-L682
|
|
|
|
|
|
|
|
// https://github.com/opencontainers/runtime-spec/blob/ad53dcdc39f1f7f7472b10aa0a45648fe4865496/config-windows.md#cpu
|
|
|
|
|
|
|
|
// If both CpuWeight and CpuMaximum are set - ContainerD catches this invalid case and returns an error instead.
|
|
|
|
|
|
|
|
|
|
|
|
cpuMaximum := 10000 * cpuLimit.MilliValue() / int64(sysinfo.NumCPU()) / 1000
|
|
|
|
cpuMaximum := 10000 * cpuLimit.MilliValue() / int64(sysinfo.NumCPU()) / 1000
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// TODO: This should be reviewed or removed once Hyper-V support is implemented with CRI-ContainerD
|
|
|
|
|
|
|
|
// in a future release. cpuCount may or may not be required if cpuMaximum is set.
|
|
|
|
if isolatedByHyperv {
|
|
|
|
if isolatedByHyperv {
|
|
|
|
cpuCount := int64(cpuLimit.MilliValue()+999) / 1000
|
|
|
|
cpuCount := int64(cpuLimit.MilliValue()+999) / 1000
|
|
|
|
wc.Resources.CpuCount = cpuCount
|
|
|
|
wc.Resources.CpuCount = cpuCount
|
|
|
@@ -80,31 +107,15 @@ func (m *kubeGenericRuntimeManager) generateWindowsContainerConfig(container *v1
|
|
|
|
wc.Resources.CpuMaximum = cpuMaximum
|
|
|
|
wc.Resources.CpuMaximum = cpuMaximum
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
cpuShares := milliCPUToShares(cpuLimit.MilliValue(), isolatedByHyperv)
|
|
|
|
|
|
|
|
if cpuShares == 0 {
|
|
|
|
|
|
|
|
cpuShares = milliCPUToShares(cpuRequest.MilliValue(), isolatedByHyperv)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
wc.Resources.CpuShares = cpuShares
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !isolatedByHyperv {
|
|
|
|
if !isolatedByHyperv {
|
|
|
|
// The processor resource controls are mutually exclusive on
|
|
|
|
// The processor resource controls are mutually exclusive on
|
|
|
|
// Windows Server Containers, the order of precedence is
|
|
|
|
// Windows Server Containers, the order of precedence is
|
|
|
|
// CPUCount first, then CPUShares, and CPUMaximum last.
|
|
|
|
// CPUCount first, then CPUMaximum.
|
|
|
|
if wc.Resources.CpuCount > 0 {
|
|
|
|
if wc.Resources.CpuCount > 0 {
|
|
|
|
if wc.Resources.CpuShares > 0 {
|
|
|
|
|
|
|
|
wc.Resources.CpuShares = 0
|
|
|
|
|
|
|
|
klog.Warningf("Mutually exclusive options: CPUCount priority > CPUShares priority on Windows Server Containers. CPUShares should be ignored")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if wc.Resources.CpuMaximum > 0 {
|
|
|
|
if wc.Resources.CpuMaximum > 0 {
|
|
|
|
wc.Resources.CpuMaximum = 0
|
|
|
|
wc.Resources.CpuMaximum = 0
|
|
|
|
klog.Warningf("Mutually exclusive options: CPUCount priority > CPUMaximum priority on Windows Server Containers. CPUMaximum should be ignored")
|
|
|
|
klog.Warningf("Mutually exclusive options: CPUCount priority > CPUMaximum priority on Windows Server Containers. CPUMaximum should be ignored")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if wc.Resources.CpuShares > 0 {
|
|
|
|
|
|
|
|
if wc.Resources.CpuMaximum > 0 {
|
|
|
|
|
|
|
|
wc.Resources.CpuMaximum = 0
|
|
|
|
|
|
|
|
klog.Warningf("Mutually exclusive options: CPUShares priority > CPUMaximum priority on Windows Server Containers. CPUMaximum should be ignored")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|