Skip to content

Commit

Permalink
Merge pull request #26391 from timstclair/containerd
Browse files Browse the repository at this point in the history 
Automatic merge from submit-queue

Move containerd process into docker cgroup for versions >= v1.11

Addresses #23397 (comment)

/cc @vishh @kubernetes/sig-node
  • Loading branch information
k8s-merge-robot committed May 28, 2016
2 parents dd6d616 + e4d8dea commit f32b258
Showing 1 changed file with 70 additions and 29 deletions.
99 changes: 70 additions & 29 deletions pkg/kubelet/cm/container_manager_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
"sync"
"time"

"github.com/blang/semver"
"github.com/golang/glog"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/opencontainers/runc/libcontainer/cgroups/fs"
Expand All @@ -54,8 +55,15 @@ const (
// The minimum memory limit allocated to docker container: 150Mi
MinDockerMemoryLimit = 150 * 1024 * 1024

dockerProcessName = "docker"
dockerPidFile = "/var/run/docker.pid"
dockerProcessName = "docker"
dockerPidFile = "/var/run/docker.pid"
containerdProcessName = "docker-containerd"
containerdPidFile = "/run/docker/libcontainerd/docker-containerd.pid"
)

var (
// The docker version in which containerd was introduced.
containerdVersion = semver.MustParse("1.11.0")
)

// A non-user container tracked by the Kubelet.
Expand Down Expand Up @@ -261,8 +269,9 @@ func (cm *containerManagerImpl) setupNode() error {
},
},
}
dockerVersion := getDockerVersion(cm.cadvisorInterface)
cont.ensureStateFunc = func(manager *fs.Manager) error {
return ensureDockerInContainer(cm.cadvisorInterface, -900, dockerContainer)
return ensureDockerInContainer(dockerVersion, -900, dockerContainer)
}
systemContainers = append(systemContainers, cont)
} else {
Expand Down Expand Up @@ -370,6 +379,7 @@ func (cm *containerManagerImpl) Start() error {
}
}
if numEnsureStateFuncs >= 0 {
// Run ensure state functions every minute.
go wait.Until(func() {
for _, cont := range cm.systemContainers {
if cont.ensureStateFunc != nil {
Expand All @@ -382,7 +392,6 @@ func (cm *containerManagerImpl) Start() error {

}

// Run ensure state functions every minute.
if len(cm.periodicTasks) > 0 {
go wait.Until(func() {
for _, task := range cm.periodicTasks {
Expand Down Expand Up @@ -472,42 +481,58 @@ func getPidsForProcess(name, pidFile string) ([]int, error) {
}

// Ensures that the Docker daemon is in the desired container.
func ensureDockerInContainer(cadvisor cadvisor.Interface, oomScoreAdj int, manager *fs.Manager) error {
pids, err := getPidsForProcess(dockerProcessName, dockerPidFile)
if err != nil {
return err
func ensureDockerInContainer(dockerVersion semver.Version, oomScoreAdj int, manager *fs.Manager) error {
type process struct{ name, file string }
dockerProcs := []process{{dockerProcessName, dockerPidFile}}
if dockerVersion.GTE(containerdVersion) {
dockerProcs = append(dockerProcs, process{containerdProcessName, containerdPidFile})
}
// Move if the pid is not already in the desired container.
errs := []error{}
for _, pid := range pids {
if runningInHost, err := isProcessRunningInHost(pid); err != nil {
errs = append(errs, err)
// Err on the side of caution. Avoid moving the docker daemon unless we are able to identify its context.
continue
} else if !runningInHost {
// Docker daemon is running inside a container. Don't touch that.
continue
}

cont, err := getContainer(pid)
var errs []error
for _, proc := range dockerProcs {
pids, err := getPidsForProcess(proc.name, proc.file)
if err != nil {
errs = append(errs, fmt.Errorf("failed to find container of PID %d: %v", pid, err))
errs = append(errs, fmt.Errorf("failed to get pids for %q: %v", proc.name, err))
continue
}

if cont != manager.Cgroups.Name {
err = manager.Apply(pid)
if err != nil {
errs = append(errs, fmt.Errorf("failed to move PID %d (in %q) to %q", pid, cont, manager.Cgroups.Name))
// Move if the pid is not already in the desired container.
for _, pid := range pids {
if err := ensureProcessInContainer(pid, oomScoreAdj, manager); err != nil {
errs = append(errs, fmt.Errorf("errors moving %q pid: %v", proc.name, err))
}
}
}
return utilerrors.NewAggregate(errs)
}

// Also apply oom-score-adj to processes
oomAdjuster := oom.NewOOMAdjuster()
if err := oomAdjuster.ApplyOOMScoreAdj(pid, oomScoreAdj); err != nil {
errs = append(errs, fmt.Errorf("failed to apply oom score %d to PID %d", oomScoreAdj, pid))
func ensureProcessInContainer(pid int, oomScoreAdj int, manager *fs.Manager) error {
if runningInHost, err := isProcessRunningInHost(pid); err != nil {
// Err on the side of caution. Avoid moving the docker daemon unless we are able to identify its context.
return err
} else if !runningInHost {
// Process is running inside a container. Don't touch that.
return nil
}

var errs []error
cont, err := getContainer(pid)
if err != nil {
errs = append(errs, fmt.Errorf("failed to find container of PID %d: %v", pid, err))
}

if cont != manager.Cgroups.Name {
err = manager.Apply(pid)
if err != nil {
errs = append(errs, fmt.Errorf("failed to move PID %d (in %q) to %q", pid, cont, manager.Cgroups.Name))
}
}

// Also apply oom-score-adj to processes
oomAdjuster := oom.NewOOMAdjuster()
if err := oomAdjuster.ApplyOOMScoreAdj(pid, oomScoreAdj); err != nil {
errs = append(errs, fmt.Errorf("failed to apply oom score %d to PID %d", oomScoreAdj, pid))
}
return utilerrors.NewAggregate(errs)
}

Expand Down Expand Up @@ -585,3 +610,19 @@ func isKernelPid(pid int) bool {
_, err := os.Readlink(fmt.Sprintf("/proc/%d/exe", pid))
return err != nil
}

// Helper for getting the docker version.
func getDockerVersion(cadvisor cadvisor.Interface) semver.Version {
var fallback semver.Version // Fallback to zero-value by default.
versions, err := cadvisor.VersionInfo()
if err != nil {
glog.Errorf("Error requesting cAdvisor VersionInfo: %v", err)
return fallback
}
dockerVersion, err := semver.Parse(versions.DockerVersion)
if err != nil {
glog.Errorf("Error parsing docker version %q: %v", versions.DockerVersion, err)
return fallback
}
return dockerVersion
}

0 comments on commit f32b258

Please sign in to comment.