Skip to content
This repository was archived by the owner on May 12, 2021. It is now read-only.
This repository was archived by the owner on May 12, 2021. It is now read-only.

Resource governance doesn't work with kata 1.6.0 #1521

Closed
#1530
Closed
Resource governance doesn't work with kata 1.6.0#1521
#1530
Assignees
devimc
@mocolic

Description

@mocolic
mocolic
opened on Apr 11, 2019

Recent tests have shown a problem with this check-in - #1189 where containers are not activated at all if parent cgroup with resource limits is passed to kata. When test was changed in a way that container is requesting the whole machine, this container activated (as parent and child cgroup will have the same limits).

In our clusters default number of vcpus is -1 (entire machine) and as parent cgroup can’t have stricter limits than the child cgroup, container activation fails with this error:

"Could not update cgroup /fabric/SingleInstance_0_App1:myCpuServicePkg@3016e3dc-60b9-8746-a897-4f1bb73dd80a@0c665905-47af-8147-b616-8a0c099ca7a5/crio-5e4f661e9035b89d190a34bcec617a75ac0006b47b784dab207f02bda98736d1: write /sys/fs/cgroup/cpu/fabric/SingleInstance_0_App1:myCpuServicePkg@3016e3dc-60b9-8746-a897-4f1bb73dd80a@0c665905-47af-8147-b616-8a0c099ca7a5/crio-5e4f661e9035b89d190a34bcec617a75ac0006b47b784dab207f02bda98736d1/cpu.cfs_quota_us: invalid argument"

I believe the problem is this code snippet in virtcontainers/cgroups.go - as this will govern containers even though they do not have constraints - which is not expected.

    // use a default constraint for sandboxes without cpu constraints
if period == uint64(0) && quota == int64(0) {
	// set a quota and period equal to the default number of vcpus
	quota = int64(s.config.HypervisorConfig.NumVCPUs) * 100000
	period = 100000
}

Without the code snippet above, our resource governance would have worked out of the box.

Expected result

Container is activated and governed (restricted by limits on parent cgroup level that is passed to kata).

Actual result

Container is not activated at all - the error received:

CreateContainer gRPC-error: 2: container create failed: Could not update cgroup /fabric/SingleInstance_0_App1:myCpuServicePkg@3016e3dc-60b9-8746-a897-4f1bb73dd80a@0c665905-47af-8147-b616-8a0c099ca7a5/crio-5e4f661e9035b89d190a34bcec617a75ac0006b47b784dab207f02bda98736d1: write /sys/fs/cgroup/cpu/fabric/SingleInstance_0_App1:myCpuServicePkg@3016e3dc-60b9-8746-a897-4f1bb73dd80a@0c665905-47af-8147-b616-8a0c099ca7a5/crio-5e4f661e9035b89d190a34bcec617a75ac0006b47b784dab207f02bda98736d1/cpu.cfs_quota_us: invalid argument

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions