From 3f3dae56cf735860ce8ac6f2143582427c4697d6 Mon Sep 17 00:00:00 2001 From: yanxuean Date: Thu, 21 Sep 2017 17:12:18 +0800 Subject: [PATCH] improve setting cgroupparent Signed-off-by: yanxuean --- pkg/kubelet/dockershim/docker_sandbox.go | 57 +++++++++++------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/pkg/kubelet/dockershim/docker_sandbox.go b/pkg/kubelet/dockershim/docker_sandbox.go index fb321d59138..3cbc425e31b 100644 --- a/pkg/kubelet/dockershim/docker_sandbox.go +++ b/pkg/kubelet/dockershim/docker_sandbox.go @@ -517,20 +517,34 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([] // applySandboxLinuxOptions applies LinuxPodSandboxConfig to dockercontainer.HostConfig and dockercontainer.ContainerCreateConfig. func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig, lc *runtimeapi.LinuxPodSandboxConfig, createConfig *dockertypes.ContainerCreateConfig, image string, separator rune) error { - // Apply Cgroup options. - cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) - if err != nil { - return err + if lc == nil { + return nil } - hc.CgroupParent = cgroupParent // Apply security context. - if err = applySandboxSecurityContext(lc, createConfig.Config, hc, ds.network, separator); err != nil { + if err := applySandboxSecurityContext(lc, createConfig.Config, hc, ds.network, separator); err != nil { return err } // Set sysctls. hc.Sysctls = lc.Sysctls + return nil +} +func (ds *dockerService) applySandboxResources(hc *dockercontainer.HostConfig, lc *runtimeapi.LinuxPodSandboxConfig) error { + hc.Resources = dockercontainer.Resources{ + MemorySwap: DefaultMemorySwap(), + CPUShares: defaultSandboxCPUshares, + // Use docker's default cpu quota/period. + } + + if lc != nil { + // Apply Cgroup options. + cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) + if err != nil { + return err + } + hc.CgroupParent = cgroupParent + } return nil } @@ -563,10 +577,8 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, } // Apply linux-specific options. - if lc := c.GetLinux(); lc != nil { - if err := ds.applySandboxLinuxOptions(hc, lc, createConfig, image, securityOptSep); err != nil { - return nil, err - } + if err := ds.applySandboxLinuxOptions(hc, c.GetLinux(), createConfig, image, securityOptSep); err != nil { + return nil, err } // Set port mappings. @@ -574,17 +586,12 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, createConfig.Config.ExposedPorts = exposedPorts hc.PortBindings = portBindings - // Apply resource options. - setSandboxResources(hc) + // TODO: Get rid of the dependency on kubelet internal package. + hc.OomScoreAdj = qos.PodInfraOOMAdj - // Apply cgroupsParent derived from the sandbox config. - if lc := c.GetLinux(); lc != nil { - // Apply Cgroup options. - cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) - if err != nil { - return nil, fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", c.Metadata.Name, err) - } - hc.CgroupParent = cgroupParent + // Apply resource options. + if err := ds.applySandboxResources(hc, c.GetLinux()); err != nil { + return nil, err } // Set security options. @@ -623,16 +630,6 @@ func sharesHostIpc(container *dockertypes.ContainerJSON) bool { return false } -func setSandboxResources(hc *dockercontainer.HostConfig) { - hc.Resources = dockercontainer.Resources{ - MemorySwap: DefaultMemorySwap(), - CPUShares: defaultSandboxCPUshares, - // Use docker's default cpu quota/period. - } - // TODO: Get rid of the dependency on kubelet internal package. - hc.OomScoreAdj = qos.PodInfraOOMAdj -} - func constructPodSandboxCheckpoint(config *runtimeapi.PodSandboxConfig) *PodSandboxCheckpoint { checkpoint := NewPodSandboxCheckpoint(config.Metadata.Namespace, config.Metadata.Name) for _, pm := range config.GetPortMappings() {