sandbox: Check cri-o and kubelet cgroup managers are same
We ensure that cri-o and kubelet are started with compatible cgroup managers. Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
Mrunal Patel
parent
612dcc0267
commit
cb1cad28db
3 changed files with 9 additions and 8 deletions
|
|
@ -273,11 +273,6 @@ func (s *Sandbox) CgroupParent() string {
|
||||||
return s.cgroupParent
|
return s.cgroupParent
|
||||||
}
|
}
|
||||||
|
|
||||||
// UpdateCgroupParent updates the cgroup parent for a sandbox
|
|
||||||
func (s *Sandbox) UpdateCgroupParent(parent string) {
|
|
||||||
s.cgroupParent = parent
|
|
||||||
}
|
|
||||||
|
|
||||||
// Privileged returns whether or not the containers in the sandbox are
|
// Privileged returns whether or not the containers in the sandbox are
|
||||||
// privileged containers
|
// privileged containers
|
||||||
func (s *Sandbox) Privileged() bool {
|
func (s *Sandbox) Privileged() bool {
|
||||||
|
|
|
||||||
|
|
@ -490,7 +490,6 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
||||||
cgPath = filepath.Join(parent, scopePrefix+"-"+containerID)
|
cgPath = filepath.Join(parent, scopePrefix+"-"+containerID)
|
||||||
}
|
}
|
||||||
specgen.SetLinuxCgroupsPath(cgPath)
|
specgen.SetLinuxCgroupsPath(cgPath)
|
||||||
sb.UpdateCgroupParent(parent)
|
|
||||||
|
|
||||||
capabilities := linux.GetSecurityContext().GetCapabilities()
|
capabilities := linux.GetSecurityContext().GetCapabilities()
|
||||||
toCAPPrefixed := func(cap string) string {
|
toCAPPrefixed := func(cap string) string {
|
||||||
|
|
|
||||||
|
|
@ -331,14 +331,21 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
cgroupParent := req.GetConfig().GetLinux().CgroupParent
|
cgroupParent := req.GetConfig().GetLinux().CgroupParent
|
||||||
if cgroupParent != "" {
|
if cgroupParent != "" {
|
||||||
if s.config.CgroupManager == oci.SystemdCgroupsManager {
|
if s.config.CgroupManager == oci.SystemdCgroupsManager {
|
||||||
cgPath, err := convertCgroupNameToSystemd(cgroupParent, false)
|
if len(cgroupParent) <= 6 || !strings.HasSuffix(path.Base(cgroupParent), ".slice") {
|
||||||
|
return nil, fmt.Errorf("cri-o configured with systemd cgroup manager, but did not receive slice as parent: %s", cgroupParent)
|
||||||
|
}
|
||||||
|
cgPath, err := convertCgroupFsNameToSystemd(cgroupParent)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
g.SetLinuxCgroupsPath(cgPath + ":" + "crio" + ":" + id)
|
g.SetLinuxCgroupsPath(cgPath + ":" + "crio" + ":" + id)
|
||||||
cgroupParent = cgPath
|
cgroupParent = cgPath
|
||||||
} else {
|
} else {
|
||||||
g.SetLinuxCgroupsPath(cgroupParent + "/" + id)
|
if strings.HasSuffix(path.Base(cgroupParent), ".slice") {
|
||||||
|
return nil, fmt.Errorf("cri-o configured with cgroupfs cgroup manager, but received systemd slice as parent: %s", cgroupParent)
|
||||||
|
}
|
||||||
|
cgPath := filepath.Join(cgroupParent, scopePrefix+"-"+id)
|
||||||
|
g.SetLinuxCgroupsPath(cgPath)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue