github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-31 16:36:38 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10720 from fidencio/topic/test-cgroupsv2-on-guest

Browse Source 
kernel: Ensure no cgroupsv1 is used
This commit is contained in:
Fabiano Fidêncio
2025-01-23 21:26:49 +01:00
committed by GitHub
parent 66d292bdb4 b47cc6fffe
commit 4bc978416c
15 changed files with 32 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/runtime-rs/arch/aarch64-options.mk
View File

@@ -5,7 +5,7 @@
#
MACHINETYPE :=
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS :=
CPUFEATURES := pmu=off

2
src/runtime-rs/arch/powerpc64le-options.mk
View File

@@ -5,7 +5,7 @@
#
MACHINETYPE := pseries
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS := "cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,cap-large-decr=off,cap-ccf-assist=off"
CPUFEATURES := pmu=off

2
src/runtime-rs/arch/s390x-options.mk
View File

@@ -5,7 +5,7 @@
#
MACHINETYPE := s390-ccw-virtio
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS :=
CPUFEATURES :=

3
src/runtime-rs/arch/x86_64-options.mk
View File

@@ -5,7 +5,8 @@
#
MACHINETYPE := q35
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
KERNELTDXPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS :=
CPUFEATURES := pmu=off

3
src/runtime/arch/amd64-options.mk
View File

@@ -6,7 +6,8 @@
# Intel x86-64 settings
MACHINETYPE := q35
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
KERNELTDXPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS :=
CPUFEATURES := pmu=off

2
src/runtime/arch/arm64-options.mk
View File

@@ -6,7 +6,7 @@
# ARM 64 settings
MACHINETYPE := virt
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS :=
CPUFEATURES := pmu=off

2
src/runtime/arch/ppc64le-options.mk
View File

@@ -6,7 +6,7 @@
# Power ppc64le settings
MACHINETYPE := pseries
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS := "cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,cap-large-decr=off,cap-ccf-assist=off"
CPUFEATURES :=
KERNELTYPE := uncompressed #This architecture must use an uncompressed kernel.

2
src/runtime/arch/s390x-options.mk
View File

@@ -6,7 +6,7 @@
# s390x settings
MACHINETYPE := s390-ccw-virtio
KERNELPARAMS :=
KERNELPARAMS := cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1
MACHINEACCELERATORS :=
CPUFEATURES :=

4
tests/integration/cri-containerd/integration-tests.sh
View File

@@ -660,7 +660,9 @@ function main() {
break
else
TestKilledVmmCleanup
TestDeviceCgroup
info "Skipping TestDeviceCgroup till the test is adapted to cgroupsv2"
#TestDeviceCgroup
fi
fi

2
tests/integration/kubernetes/gha-run.sh
View File

@@ -200,7 +200,7 @@ function deploy_kata() {
fi
if [ "${KATA_HOST_OS}" = "cbl-mariner" ]; then
yq -i ".env.allowedHypervisorAnnotations = \"image kernel default_vcpus kernel_params\"" "${values_yaml}"
yq -i ".env.allowedHypervisorAnnotations = \"image kernel default_vcpus\"" "${values_yaml}"
yq -i ".env.hostOS = \"${KATA_HOST_OS}\"" "${values_yaml}"
fi

37
tests/integration/kubernetes/k8s-cpu-ns.bats
View File

@@ -21,11 +21,15 @@ setup() {
pod_name="constraints-cpu-test"
container_name="first-cpu-container"
sharessyspath="/sys/fs/cgroup/cpu/cpu.shares"
quotasyspath="/sys/fs/cgroup/cpu/cpu.cfs_quota_us"
periodsyspath="/sys/fs/cgroup/cpu/cpu.cfs_period_us"
weightsyspath="/sys/fs/cgroup/cpu.weight"
maxsyspath="/sys/fs/cgroup/cpu.max"
total_cpus=2
total_requests=512
# https://github.com/containers/crun/blob/main/crun.1.md#cgroup-v2
# The weight is calculated by the:
# weight = (1 + ((request - 2) * 9999) / 262142)
total_requests=20
total_cpu_container=1
get_pod_config_dir
@@ -38,17 +42,13 @@ setup() {
exec_num_cpus_cmd=(sh -c "${num_cpus_cmd}")
add_exec_to_policy_settings "${policy_settings_dir}" "${exec_num_cpus_cmd[@]}"
quotasyspath_cmd="cat ${quotasyspath}"
exec_quotasyspath_cmd=(sh -c "${quotasyspath_cmd}")
add_exec_to_policy_settings "${policy_settings_dir}" "${exec_quotasyspath_cmd[@]}"
maxsyspath_cmd="cat ${maxsyspath}"
exec_maxsyspath_cmd=(sh -c "${maxsyspath_cmd}")
add_exec_to_policy_settings "${policy_settings_dir}" "${exec_maxsyspath_cmd[@]}"
periodsyspath_cmd="cat ${periodsyspath}"
exec_periodsyspath_cmd=(sh -c "${periodsyspath_cmd}")
add_exec_to_policy_settings "${policy_settings_dir}" "${exec_periodsyspath_cmd[@]}"
sharessyspath_cmd="cat ${sharessyspath}"
exec_sharessyspath_cmd=(sh -c "${sharessyspath_cmd}")
add_exec_to_policy_settings "${policy_settings_dir}" "${exec_sharessyspath_cmd[@]}"
weightsyspath_cmd="cat ${weightsyspath}"
exec_weightsyspath_cmd=(sh -c "${weightsyspath_cmd}")
add_exec_to_policy_settings "${policy_settings_dir}" "${exec_weightsyspath_cmd[@]}"
add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"
auto_generate_policy "${policy_settings_dir}" "${yaml_file}"
@@ -77,18 +77,15 @@ setup() {
# Check the total of requests
total_requests_container=$(kubectl exec $pod_name -c $container_name \
-- "${exec_sharessyspath_cmd[@]}")
-- "${exec_weightsyspath_cmd[@]}")
info "total_requests_container = $total_requests_container"
[ "$total_requests_container" -eq "$total_requests" ]
# Check the cpus inside the container
total_cpu_quota=$(kubectl exec $pod_name -c $container_name \
-- "${exec_quotasyspath_cmd[@]}")
total_cpu_period=$(kubectl exec $pod_name -c $container_name \
-- "${exec_periodsyspath_cmd[@]}")
read total_cpu_quota total_cpu_period <<< $(kubectl exec $pod_name -c $container_name \
-- "${exec_maxsyspath_cmd[@]}")
division_quota_period=$(echo $((total_cpu_quota/total_cpu_period)))

3
tests/integration/kubernetes/setup.sh
View File

@@ -108,13 +108,10 @@ add_cbl_mariner_specific_annotations() {
local mariner_annotation_image="io.katacontainers.config.hypervisor.image"
local mariner_image_path="/opt/kata/share/kata-containers/kata-containers-mariner.img"
local mariner_annotation_kernel_params="io.katacontainers.config.hypervisor.kernel_params"
local mariner_kernel_params="SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 systemd.legacy_systemd_cgroup_controller=yes systemd.unified_cgroup_hierarchy=0"
for K8S_TEST_YAML in runtimeclass_workloads_work/*.yaml
do
add_annotations_to_yaml "${K8S_TEST_YAML}" "${mariner_annotation_kernel}" "${mariner_kernel_path}"
add_annotations_to_yaml "${K8S_TEST_YAML}" "${mariner_annotation_image}" "${mariner_image_path}"
add_annotations_to_yaml "${K8S_TEST_YAML}" "${mariner_annotation_kernel_params}" "${mariner_kernel_params}"
done
fi
}

2
tools/packaging/kernel/configs/fragments/common/cgroup.conf
View File

@@ -2,7 +2,6 @@
# also used/looked for by systemd rootfs.
CONFIG_CGROUPS=y
CONFIG_MEMCG=y
CONFIG_MEMCG_V1=y
CONFIG_BLK_CGROUP=y
CONFIG_CGROUP_WRITEBACK=y
CONFIG_CGROUP_SCHED=y
@@ -11,7 +10,6 @@ CONFIG_CFS_BANDWIDTH=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CPUSETS=y
CONFIG_CPUSETS_V1=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_HUGETLB=y

2
tools/packaging/kernel/configs/fragments/whitelist.conf
View File

@@ -38,5 +38,3 @@ CONFIG_PAGE_TABLE_ISOLATION
CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
CONFIG_VFIO_AP
CONFIG_VFIO_MDEV
CONFIG_CPUSETS_V1
CONFIG_MEMCG_V1

2
tools/packaging/kernel/kata_config_version
View File

@@ -1 +1 @@
144
145