Skip to content

Commit

Permalink
cgroups: v2: always init parent dirs
Browse files Browse the repository at this point in the history
By skipping parents we were hitting an issue with the way k8s cgroups
are managed since it is creating those cgroups.
This change ensures we apply subtree_control to all parents as needed.

Before this change pods would fail to start due to missing `cpu.weight`
since we were not delegating cgroup control.

Signed-off-by: Brian Goff <[email protected]>
  • Loading branch information
cpuguy83 committed Jan 4, 2023
1 parent 693a69a commit 34c1a64
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 10 deletions.
7 changes: 3 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,9 @@ test/k8s/_out/img: test/k8s/Dockerfile Cargo.toml Cargo.lock $(shell find . -typ
mkdir -p $(@D) && $(DOCKER_BUILD) -f test/k8s/Dockerfile --iidfile=$(@) --load .

.PHONY: test/k8s/cluster
test/k8s/cluster: target/wasm32-wasi/$(TARGET)/img.tar bin/kind test/k8s/_out/img
kind create cluster --name $(KIND_CLUSTER_NAME) --image="$(shell cat test/k8s/_out/img)" && \
# Load the image into the cluster. We can't use `kind load image-archive` because it doesn't support non-native arch images. \
docker exec -i $(KIND_CLUSTER_NAME)-control-plane ctr -n k8s.io image import --all-platforms - < $(<)
test/k8s/cluster: target/wasm32-wasi/$(TARGET)/img.tar bin/kind test/k8s/_out/img bin/kind
bin/kind create cluster --name $(KIND_CLUSTER_NAME) --image="$(shell cat test/k8s/_out/img)" && \
bin/kind load image-archive --name $(KIND_CLUSTER_NAME) $(<)

.PHONY: test/k8s/deploy
test/k8s/deploy: test/k8s/cluster
Expand Down
6 changes: 0 additions & 6 deletions crates/containerd-shim-wasm/src/sandbox/cgroups/cgroupv2.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,6 @@ impl CgroupV2 {
for d in p.iter() {
full = safe_join(full.clone(), PathBuf::from(d))?;

if full.exists() {
debug!("skipping creation of existing cgroup: {}", full.display());
// This is a pre-existing cgroup, so we won't touch subtree control.
continue;
}

if full.to_str() == self.full_path()?.to_str() {
// This is the last element in the path, so we don't need to create it.
// The cgroup will get created later when we try to write to a file in it.
Expand Down

0 comments on commit 34c1a64

Please sign in to comment.