Enable pod qos for systemd in cri
Check kubelet config with docker config
This commit is contained in:
Harry Zhang
@@ -28,6 +28,7 @@ go_library(
|
|||||||
"//pkg/apis/componentconfig:go_default_library",
|
"//pkg/apis/componentconfig:go_default_library",
|
||||||
"//pkg/kubelet/api:go_default_library",
|
"//pkg/kubelet/api:go_default_library",
|
||||||
"//pkg/kubelet/api/v1alpha1/runtime:go_default_library",
|
"//pkg/kubelet/api/v1alpha1/runtime:go_default_library",
|
||||||
|
"//pkg/kubelet/cm:go_default_library",
|
||||||
"//pkg/kubelet/container:go_default_library",
|
"//pkg/kubelet/container:go_default_library",
|
||||||
"//pkg/kubelet/dockershim/cm:go_default_library",
|
"//pkg/kubelet/dockershim/cm:go_default_library",
|
||||||
"//pkg/kubelet/dockertools:go_default_library",
|
"//pkg/kubelet/dockertools:go_default_library",
|
||||||
|
|||||||
@@ -149,9 +149,11 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
|
|||||||
// Apply cgroupsParent derived from the sandbox config.
|
// Apply cgroupsParent derived from the sandbox config.
|
||||||
if lc := sandboxConfig.GetLinux(); lc != nil {
|
if lc := sandboxConfig.GetLinux(); lc != nil {
|
||||||
// Apply Cgroup options.
|
// Apply Cgroup options.
|
||||||
// TODO: Check if this works with per-pod cgroups.
|
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent())
|
||||||
// TODO: we need to pass the cgroup in syntax expected by cgroup driver but shim does not use docker info yet...
|
if err != nil {
|
||||||
hc.CgroupParent = lc.GetCgroupParent()
|
return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.GetName(), err)
|
||||||
|
}
|
||||||
|
hc.CgroupParent = cgroupParent
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set devices for container.
|
// Set devices for container.
|
||||||
|
|||||||
@@ -291,8 +291,11 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]
|
|||||||
// applySandboxLinuxOptions applies LinuxPodSandboxConfig to dockercontainer.HostConfig and dockercontainer.ContainerCreateConfig.
|
// applySandboxLinuxOptions applies LinuxPodSandboxConfig to dockercontainer.HostConfig and dockercontainer.ContainerCreateConfig.
|
||||||
func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig, lc *runtimeapi.LinuxPodSandboxConfig, createConfig *dockertypes.ContainerCreateConfig, image string) error {
|
func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig, lc *runtimeapi.LinuxPodSandboxConfig, createConfig *dockertypes.ContainerCreateConfig, image string) error {
|
||||||
// Apply Cgroup options.
|
// Apply Cgroup options.
|
||||||
// TODO: Check if this works with per-pod cgroups.
|
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent())
|
||||||
hc.CgroupParent = lc.GetCgroupParent()
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
hc.CgroupParent = cgroupParent
|
||||||
// Apply security context.
|
// Apply security context.
|
||||||
applySandboxSecurityContext(lc, createConfig.Config, hc, ds.networkPlugin)
|
applySandboxSecurityContext(lc, createConfig.Config, hc, ds.networkPlugin)
|
||||||
|
|
||||||
|
|||||||
@@ -26,6 +26,7 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/apis/componentconfig"
|
"k8s.io/kubernetes/pkg/apis/componentconfig"
|
||||||
internalapi "k8s.io/kubernetes/pkg/kubelet/api"
|
internalapi "k8s.io/kubernetes/pkg/kubelet/api"
|
||||||
runtimeapi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
runtimeapi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
||||||
|
kubecm "k8s.io/kubernetes/pkg/kubelet/cm"
|
||||||
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
||||||
"k8s.io/kubernetes/pkg/kubelet/dockershim/cm"
|
"k8s.io/kubernetes/pkg/kubelet/dockershim/cm"
|
||||||
"k8s.io/kubernetes/pkg/kubelet/dockertools"
|
"k8s.io/kubernetes/pkg/kubelet/dockertools"
|
||||||
@@ -100,7 +101,8 @@ type NetworkPluginSettings struct {
|
|||||||
var internalLabelKeys []string = []string{containerTypeLabelKey, containerLogPathLabelKey, sandboxIDLabelKey}
|
var internalLabelKeys []string = []string{containerTypeLabelKey, containerLogPathLabelKey, sandboxIDLabelKey}
|
||||||
|
|
||||||
// NOTE: Anything passed to DockerService should be eventually handled in another way when we switch to running the shim as a different process.
|
// NOTE: Anything passed to DockerService should be eventually handled in another way when we switch to running the shim as a different process.
|
||||||
func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot string, podSandboxImage string, streamingConfig *streaming.Config, pluginSettings *NetworkPluginSettings, cgroupsName string) (DockerService, error) {
|
func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot string, podSandboxImage string, streamingConfig *streaming.Config,
|
||||||
|
pluginSettings *NetworkPluginSettings, cgroupsName string, kubeCgroupDriver string) (DockerService, error) {
|
||||||
c := dockertools.NewInstrumentedDockerInterface(client)
|
c := dockertools.NewInstrumentedDockerInterface(client)
|
||||||
ds := &dockerService{
|
ds := &dockerService{
|
||||||
seccompProfileRoot: seccompProfileRoot,
|
seccompProfileRoot: seccompProfileRoot,
|
||||||
@@ -135,6 +137,22 @@ func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot str
|
|||||||
}
|
}
|
||||||
ds.networkPlugin = plug
|
ds.networkPlugin = plug
|
||||||
glog.Infof("Docker cri networking managed by %v", plug.Name())
|
glog.Infof("Docker cri networking managed by %v", plug.Name())
|
||||||
|
|
||||||
|
// NOTE: cgroup driver is only detectable in docker 1.11+
|
||||||
|
var cgroupDriver string
|
||||||
|
dockerInfo, err := ds.client.Info()
|
||||||
|
if err != nil {
|
||||||
|
glog.Errorf("failed to execute Info() call to the Docker client: %v", err)
|
||||||
|
glog.Warningf("Using fallback default of cgroupfs as cgroup driver")
|
||||||
|
} else {
|
||||||
|
cgroupDriver = dockerInfo.CgroupDriver
|
||||||
|
if len(kubeCgroupDriver) != 0 && kubeCgroupDriver != cgroupDriver {
|
||||||
|
return nil, fmt.Errorf("misconfiguration: kubelet cgroup driver: %q is different from docker cgroup driver: %q", kubeCgroupDriver, cgroupDriver)
|
||||||
|
}
|
||||||
|
glog.Infof("Setting cgroupDriver to %s", cgroupDriver)
|
||||||
|
}
|
||||||
|
ds.cgroupDriver = cgroupDriver
|
||||||
|
|
||||||
return ds, nil
|
return ds, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -157,6 +175,8 @@ type dockerService struct {
|
|||||||
streamingServer streaming.Server
|
streamingServer streaming.Server
|
||||||
networkPlugin network.NetworkPlugin
|
networkPlugin network.NetworkPlugin
|
||||||
containerManager cm.ContainerManager
|
containerManager cm.ContainerManager
|
||||||
|
// cgroup driver used by Docker runtime.
|
||||||
|
cgroupDriver string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Version returns the runtime name, runtime version and runtime API version
|
// Version returns the runtime name, runtime version and runtime API version
|
||||||
@@ -254,3 +274,22 @@ func (ds *dockerService) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
http.NotFound(w, r)
|
http.NotFound(w, r)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GenerateExpectedCgroupParent returns cgroup parent in syntax expected by cgroup driver
|
||||||
|
func (ds *dockerService) GenerateExpectedCgroupParent(cgroupParent string) (string, error) {
|
||||||
|
if len(cgroupParent) > 0 {
|
||||||
|
// if docker uses the systemd cgroup driver, it expects *.slice style names for cgroup parent.
|
||||||
|
// if we configured kubelet to use --cgroup-driver=cgroupfs, and docker is configured to use systemd driver
|
||||||
|
// docker will fail to launch the container because the name we provide will not be a valid slice.
|
||||||
|
// this is a very good thing.
|
||||||
|
if ds.cgroupDriver == "systemd" {
|
||||||
|
systemdCgroupParent, err := kubecm.ConvertCgroupFsNameToSystemd(cgroupParent)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
cgroupParent = systemdCgroupParent
|
||||||
|
}
|
||||||
|
}
|
||||||
|
glog.V(3).Infof("Setting cgroup parent to: %q", cgroupParent)
|
||||||
|
return cgroupParent, nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -243,7 +243,7 @@ func NewDockerManager(
|
|||||||
// if there are any problems.
|
// if there are any problems.
|
||||||
dockerRoot := "/var/lib/docker"
|
dockerRoot := "/var/lib/docker"
|
||||||
|
|
||||||
// cgroup driver is only detectable in docker 1.12+
|
// cgroup driver is only detectable in docker 1.11+
|
||||||
// when the execution driver is not detectable, we provide the cgroupfs form.
|
// when the execution driver is not detectable, we provide the cgroupfs form.
|
||||||
// if your docker engine is configured to use the systemd cgroup driver, and you
|
// if your docker engine is configured to use the systemd cgroup driver, and you
|
||||||
// want to use pod level cgroups, you must be on docker 1.12+ to ensure cgroup-parent
|
// want to use pod level cgroups, you must be on docker 1.12+ to ensure cgroup-parent
|
||||||
|
|||||||
@@ -538,7 +538,8 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
|
|||||||
case "docker":
|
case "docker":
|
||||||
streamingConfig := getStreamingConfig(kubeCfg, kubeDeps)
|
streamingConfig := getStreamingConfig(kubeCfg, kubeDeps)
|
||||||
// Use the new CRI shim for docker.
|
// Use the new CRI shim for docker.
|
||||||
ds, err := dockershim.NewDockerService(klet.dockerClient, kubeCfg.SeccompProfileRoot, kubeCfg.PodInfraContainerImage, streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups)
|
ds, err := dockershim.NewDockerService(klet.dockerClient, kubeCfg.SeccompProfileRoot, kubeCfg.PodInfraContainerImage,
|
||||||
|
streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups, kubeCfg.CgroupDriver)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user