Filesystem quotas

[fabiokung]

Following up the discussion from the last containerd summit:

https://github.com/containerd/containerd/blob/6ae973362af4b9ae27fb335efba6b5e508bc1752/docs/dockercon-summit.md#discussion-points

How to support per-container fs quotas? The implementation of quotas (usually called project quotas) is tied to the specific implementation of the Snapshotter being used.

• What is the right abstraction to support different project quota implementations (brtfs, overlay+xfs, overlay+ext4, and maybe in the future zfs, devicemapper and others since anyone can implement Snapshotter)?
• What is the right granularity for quotas? Some project quota implementations allow volumes and container writeable layers to be in the same quota group, and share the same quota limit. Is it something that need to be supported, or volumes will always be in different quota groups, managed completely outside containerd?
• During the discussion, encouraging read-only container filesystems was mentioned, and forcing people to use volumes for R/W directories, with quotas being managed by external volume managers. I agree this would be ideal, but is it even possible to force read-only rootfs for everyone?

[Random-Liu]

/cc @vishh

[cpuguy83]

It could be helpful to get at the actual project quota from outside the snapshotter, but I can see this being a mess, especially when the "volume" is a different filesystem than the fs the snapshotter is running on.

[vishh]

The goal of not needing a rw writable layer is ideal but has been a pipe dream thus far.
I'd recommend not conflating volumes which is external to containerd with writable layer that is internal.
Since containerd manages the writable layer and does not allow introspecting the writable layer by external entities, it needs to provide a means to track and limit usage ideally using Linux Quota.

[AkihiroSuda]

Inevitably, image builder (e.g. docker build) requires RW rootfs.
So I'm +1 on quota (as in current docker overlay2 on xfs )

[yichengliu58]

Hi, I'm facing this problem at the moment, that I need to set the size of container's roofs but haven't found a way.

I know docker supports a config item called --storage-opt dm.basesize which can be used to set rootfs size of a container, because dockerd actually uses containerd as its backend, I'm curious why can't containerd support it?

So are there any update? Is there a config item can be used to set rootfs size now?

[sharego]

when using devmapper the base_image_size setting all container rootfs size, which need to be control per-container too. I tried do this by add a special label when create a container: sharego@5e58aac. A solution for all snapshotter is great.