virtcontainers: kata_agent: apply CPU constraints

The runtime already hot added the number of vCPUs needed by each container, in order to have a better control over those resources, CPU constraints must be applied. fixes #203 Signed-off-by: Julio Montes <julio.montes@intel.com>
2025-08-15 06:34:03 +00:00 · 2018-04-12 12:48:41 -05:00 · 2018-04-12 12:48:41 -05:00 · a4c0827bea
commit a4c0827bea
parent f74f61e8d1
2 changed files with 67 additions and 3 deletions
--- a/virtcontainers/kata_agent.go
+++ b/virtcontainers/kata_agent.go
@ -550,9 +550,15 @@ func constraintGRPCSpec(grpcSpec *grpc.Spec) {
 	// here: https://github.com/kata-containers/agent/issues/104
 	grpcSpec.Linux.Seccomp = nil

-	// TODO: Remove this constraint as soon as the agent properly handles
-	// resources provided through the specification.
-	grpcSpec.Linux.Resources = nil
+	// By now only CPU constraints are supported
+	// Issue: https://github.com/kata-containers/runtime/issues/158
+	// Issue: https://github.com/kata-containers/runtime/issues/204
+	grpcSpec.Linux.Resources.Devices = nil
+	grpcSpec.Linux.Resources.Memory = nil
+	grpcSpec.Linux.Resources.Pids = nil
+	grpcSpec.Linux.Resources.BlockIO = nil
+	grpcSpec.Linux.Resources.HugepageLimits = nil
+	grpcSpec.Linux.Resources.Network = nil

 	// Disable network namespace since it is already handled on the host by
 	// virtcontainers. The network is a complex part which cannot be simply
--- a/virtcontainers/kata_agent_test.go
+++ b/virtcontainers/kata_agent_test.go
@ -27,6 +27,7 @@ import (
 	gpb "github.com/gogo/protobuf/types"
 	pb "github.com/kata-containers/agent/protocols/grpc"
 	"github.com/kata-containers/runtime/virtcontainers/pkg/mock"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/vishvananda/netlink"
 	"golang.org/x/net/context"
@ -379,3 +380,60 @@ func TestAppendDevices(t *testing.T) {
 		"Device lists didn't match: got %+v, expecting %+v",
 		updatedDevList, expected)
 }
+
+func TestConstraintGRPCSpec(t *testing.T) {
+	assert := assert.New(t)
+
+	g := &pb.Spec{
+		Hooks: &pb.Hooks{},
+		Mounts: []pb.Mount{
+			{Destination: "/dev/shm"},
+		},
+		Linux: &pb.Linux{
+			Seccomp: &pb.LinuxSeccomp{},
+			Namespaces: []pb.LinuxNamespace{
+				{
+					Type: specs.NetworkNamespace,
+					Path: "/abc/123",
+				},
+				{
+					Type: specs.MountNamespace,
+					Path: "/abc/123",
+				},
+			},
+			Resources: &pb.LinuxResources{
+				Devices:        []pb.LinuxDeviceCgroup{},
+				Memory:         &pb.LinuxMemory{},
+				CPU:            &pb.LinuxCPU{},
+				Pids:           &pb.LinuxPids{},
+				BlockIO:        &pb.LinuxBlockIO{},
+				HugepageLimits: []pb.LinuxHugepageLimit{},
+				Network:        &pb.LinuxNetwork{},
+			},
+		},
+	}
+
+	constraintGRPCSpec(g)
+
+	// check nil fields
+	assert.Nil(g.Hooks)
+	assert.Nil(g.Linux.Seccomp)
+	assert.Nil(g.Linux.Resources.Devices)
+	assert.Nil(g.Linux.Resources.Memory)
+	assert.Nil(g.Linux.Resources.Pids)
+	assert.Nil(g.Linux.Resources.BlockIO)
+	assert.Nil(g.Linux.Resources.HugepageLimits)
+	assert.Nil(g.Linux.Resources.Network)
+	assert.NotNil(g.Linux.Resources.CPU)
+
+	// check namespaces
+	assert.Len(g.Linux.Namespaces, 1)
+	assert.Empty(g.Linux.Namespaces[0].Path)
+
+	// check mounts
+	assert.Len(g.Mounts, 1)
+	assert.NotEmpty(g.Mounts[0].Destination)
+	assert.NotEmpty(g.Mounts[0].Type)
+	assert.NotEmpty(g.Mounts[0].Source)
+	assert.NotEmpty(g.Mounts[0].Options)
+}