Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lookup devices cgroup path of target process #4

Closed
wants to merge 2 commits into from

Conversation

Projects
None yet
4 participants
@jlebon
Copy link
Contributor

commented Oct 30, 2017

At least starting from OpenShift v3.6, origin/k8s creates its own cgroup
hierarchy for QoS purposes:

# find /sys/fs/cgroup/devices/ -type d -iname 'kube*'
/sys/fs/cgroup/devices/kubepods.slice
/sys/fs/cgroup/devices/kubepods.slice/kubepods-besteffort.slice
/sys/fs/cgroup/devices/kubepods.slice/kubepods-burstable.slice

Sub-slices are created per pod in either directories depending on the
QoS class assigned.

This means that the hardcoded system.slice path will not be correct
for pod processes. One can reproduce this from a simple oc cluster up
setup.

This patch basically fixes the related TODO in the codebase to make the
hook work in the OpenShift case.


Let me know if some parts could be written in more idiomatic Go! I haven't really played much with the language so far.

jlebon added some commits Oct 30, 2017

README.md: clarify that pod must be allowed RunAsAny
Make it clear that running the OpenShift test pod won't work in the
default restricted SCC.

Also minor indentation fixes in the associated JSON file.
Lookup devices cgroup path of target process
At least starting from OpenShift v3.6, origin/k8s creates its own cgroup
hierarchy for QoS purposes:

    # find /sys/fs/cgroup/devices/ -type d -iname 'kube*'
    /sys/fs/cgroup/devices/kubepods.slice
    /sys/fs/cgroup/devices/kubepods.slice/kubepods-besteffort.slice
    /sys/fs/cgroup/devices/kubepods.slice/kubepods-burstable.slice

Sub-slices are created per pod in either directories depending on the
QoS class assigned.

This means that the hardcoded `system.slice` path will not be correct
for pod processes. One can reproduce this from a simple `oc cluster up`
setup.

This patch basically fixes the related TODO in the codebase to make the
hook work in the OpenShift case.
@jlebon

This comment has been minimized.

Copy link
Contributor Author

commented Nov 9, 2017

👈 Ping? No ❤️ for this patch?

@fabiand

This comment has been minimized.

Copy link

commented Nov 10, 2017

This patch actually does make sense, to me it looks context wise good, but I did not try it.

@cgwalters

This comment has been minimized.

Copy link
Contributor

commented Jan 31, 2018

Tested this, works for me!

@fabiand

This comment has been minimized.

Copy link

commented Jan 31, 2018

/cc @phoracek might be intereszting to you (due to the origin aspect)

@jlebon

This comment has been minimized.

Copy link
Contributor Author

commented Feb 2, 2018

@stefwalter Mind reviewing this? Would be nice to have it merged before we get it into CentOS CI. See: https://lists.centos.org/pipermail/ci-users/2018-February/000762.html.

@stefwalter stefwalter closed this in 7968b1c Feb 2, 2018

@stefwalter

This comment has been minimized.

Copy link
Owner

commented Feb 2, 2018

Reviewed, and merged into master. Tagged release 0.3 including this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.