pkg/kubelet: adapt to new libcontainer API

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2020-04-23 09:11:27 +02:00
parent a6a3bf2eb4
commit e94aebf4cb
6 changed files with 164 additions and 115 deletions
--- a/pkg/kubelet/cm/cgroup_manager_linux.go
+++ b/pkg/kubelet/cm/cgroup_manager_linux.go
@@ -22,7 +22,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -146,20 +145,19 @@ func newLibcontainerAdapter(cgroupManagerType libcontainerCgroupManagerType) *li
 func (l *libcontainerAdapter) newManager(cgroups *libcontainerconfigs.Cgroup, paths map[string]string) (libcontainercgroups.Manager, error) {
 	switch l.cgroupManagerType {
 	case libcontainerCgroupfs:
-		return &cgroupfs.Manager{
-			Cgroups: cgroups,
-			Paths:   paths,
-		}, nil
+		if libcontainercgroups.IsCgroup2UnifiedMode() {
+			return cgroupfs2.NewManager(cgroups, paths["memory"], false)
+		}
+		return cgroupfs.NewManager(cgroups, paths, false), nil
 	case libcontainerSystemd:
 		// this means you asked systemd to manage cgroups, but systemd was not on the host, so all you can do is panic...
-		if !cgroupsystemd.UseSystemd() {
+		if !cgroupsystemd.IsRunningSystemd() {
 			panic("systemd cgroup manager not available")
 		}
-		f, err := cgroupsystemd.NewSystemdCgroupsManager()
-		if err != nil {
-			return nil, err
+		if libcontainercgroups.IsCgroup2UnifiedMode() {
+			return cgroupsystemd.NewUnifiedManager(cgroups, paths["memory"], false), nil
 		}
-		return f(cgroups, paths), nil
+		return cgroupsystemd.NewLegacyManager(cgroups, paths), nil
 	}
 	return nil, fmt.Errorf("invalid cgroup manager configuration")
 }
@@ -320,7 +318,11 @@ func (m *cgroupManagerImpl) Destroy(cgroupConfig *CgroupConfig) error {
 	if m.adapter.cgroupManagerType == libcontainerSystemd {
 		updateSystemdCgroupInfo(libcontainerCgroupConfig, cgroupConfig.Name)
 	} else {
-		libcontainerCgroupConfig.Path = cgroupConfig.Name.ToCgroupfs()
+		if libcontainercgroups.IsCgroup2UnifiedMode() {
+			libcontainerCgroupConfig.Path = m.buildCgroupUnifiedPath(cgroupConfig.Name)
+		} else {
+			libcontainerCgroupConfig.Path = cgroupConfig.Name.ToCgroupfs()
+		}
 	}

 	manager, err := m.adapter.newManager(libcontainerCgroupConfig, cgroupPaths)
@@ -397,19 +399,6 @@ func getCpuWeight(cpuShares *uint64) uint64 {
 	return 1 + ((*cpuShares-2)*9999)/262142
 }

-// getCpuMax returns the cgroup v2 cpu.max setting given the cpu quota and the cpu period
-func getCpuMax(cpuQuota *int64, cpuPeriod *uint64) string {
-	quotaStr := "max"
-	periodStr := "100000"
-	if cpuQuota != nil {
-		quotaStr = strconv.FormatInt(*cpuQuota, 10)
-	}
-	if cpuPeriod != nil {
-		periodStr = strconv.FormatUint(*cpuPeriod, 10)
-	}
-	return fmt.Sprintf("%s %s", quotaStr, periodStr)
-}
-
 // readUnifiedControllers reads the controllers available at the specified cgroup
 func readUnifiedControllers(path string) (sets.String, error) {
 	controllersFileContent, err := ioutil.ReadFile(filepath.Join(path, "cgroup.controllers"))
@@ -497,8 +486,15 @@ func setResourcesV2(cgroupConfig *libcontainerconfigs.Cgroup) error {
 	if err := propagateControllers(cgroupConfig.Path); err != nil {
 		return err
 	}
-	allowAll := true
-	cgroupConfig.Resources.AllowAllDevices = &allowAll
+	cgroupConfig.Resources.Devices = []*libcontainerconfigs.DeviceRule{
+		{
+			Type:        'a',
+			Permissions: "rwm",
+			Allow:       true,
+			Minor:       libcontainerconfigs.Wildcard,
+			Major:       libcontainerconfigs.Wildcard,
+		},
+	}

 	manager, err := cgroupfs2.NewManager(cgroupConfig, cgroupConfig.Path, false)
 	if err != nil {
@@ -511,26 +507,35 @@ func setResourcesV2(cgroupConfig *libcontainerconfigs.Cgroup) error {
 }

 func (m *cgroupManagerImpl) toResources(resourceConfig *ResourceConfig) *libcontainerconfigs.Resources {
-	resources := &libcontainerconfigs.Resources{}
+	resources := &libcontainerconfigs.Resources{
+		Devices: []*libcontainerconfigs.DeviceRule{
+			{
+				Type:        'a',
+				Permissions: "rwm",
+				Allow:       true,
+				Minor:       libcontainerconfigs.Wildcard,
+				Major:       libcontainerconfigs.Wildcard,
+			},
+		},
+	}
 	if resourceConfig == nil {
 		return resources
 	}
 	if resourceConfig.Memory != nil {
 		resources.Memory = *resourceConfig.Memory
 	}
-	if libcontainercgroups.IsCgroup2UnifiedMode() {
-		resources.CpuWeight = getCpuWeight(resourceConfig.CpuShares)
-		resources.CpuMax = getCpuMax(resourceConfig.CpuQuota, resourceConfig.CpuPeriod)
-	} else {
-		if resourceConfig.CpuShares != nil {
+	if resourceConfig.CpuShares != nil {
+		if libcontainercgroups.IsCgroup2UnifiedMode() {
+			resources.CpuWeight = getCpuWeight(resourceConfig.CpuShares)
+		} else {
 			resources.CpuShares = *resourceConfig.CpuShares
 		}
-		if resourceConfig.CpuQuota != nil {
-			resources.CpuQuota = *resourceConfig.CpuQuota
-		}
-		if resourceConfig.CpuPeriod != nil {
-			resources.CpuPeriod = *resourceConfig.CpuPeriod
-		}
+	}
+	if resourceConfig.CpuQuota != nil {
+		resources.CpuQuota = *resourceConfig.CpuQuota
+	}
+	if resourceConfig.CpuPeriod != nil {
+		resources.CpuPeriod = *resourceConfig.CpuPeriod
 	}
 	if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.SupportPodPidsLimit) || utilfeature.DefaultFeatureGate.Enabled(kubefeatures.SupportNodePidsLimit) {
 		if resourceConfig.PidsLimit != nil {
@@ -591,8 +596,6 @@ func (m *cgroupManagerImpl) Update(cgroupConfig *CgroupConfig) error {
 	// depending on the cgroup driver in use, so we need this conditional here.
 	if m.adapter.cgroupManagerType == libcontainerSystemd {
 		updateSystemdCgroupInfo(libcontainerCgroupConfig, cgroupConfig.Name)
-	} else {
-		libcontainerCgroupConfig.Path = cgroupConfig.Name.ToCgroupfs()
 	}

 	if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.SupportPodPidsLimit) && cgroupConfig.ResourceParameters != nil && cgroupConfig.ResourceParameters.PidsLimit != nil {
@@ -628,7 +631,11 @@ func (m *cgroupManagerImpl) Create(cgroupConfig *CgroupConfig) error {
 	if m.adapter.cgroupManagerType == libcontainerSystemd {
 		updateSystemdCgroupInfo(libcontainerCgroupConfig, cgroupConfig.Name)
 	} else {
-		libcontainerCgroupConfig.Path = cgroupConfig.Name.ToCgroupfs()
+		if libcontainercgroups.IsCgroup2UnifiedMode() {
+			libcontainerCgroupConfig.Path = m.buildCgroupUnifiedPath(cgroupConfig.Name)
+		} else {
+			libcontainerCgroupConfig.Path = cgroupConfig.Name.ToCgroupfs()
+		}
 	}

 	if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.SupportPodPidsLimit) && cgroupConfig.ResourceParameters != nil && cgroupConfig.ResourceParameters.PidsLimit != nil {