After this commit, when LimitedSwap is enabled,
containers would get swap acess limited with respect
the container memory request, total physical memory
on the node, and the swap size on the node.
Pods of Best-Effort / Guaranteed QoS classes don't get
to swap. In addition, container with memory requests
that are equal to their memory limits also don't get to
swap.
The swap limitation is calculated in the following way:
1. Calculate the container's memory proportionate to the node's memory:
- Divide the container's memory request by the total node's physical memory.
Let's call this value ContainerMemoryProportion.
2. Multiply the container memory proportion by the available
swap memory for Pods:
Meaning: ContainerMemoryProportion * TotalPodsSwapAvailable.
Fore more information:
https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2400-node-swap/README.md
Signed-off-by: Itamar Holder <iholder@redhat.com>
Before this commit, to find out the current node's
cgroup version, a libcontainers function was used
directly. This way, cgroup version is hard to mock
and is dependant on the environment in which the unit
tests are being run.
After this commit, libcontainer's function is wrapped
within a variable function that can be re-assigned by
the tests. This way the test can easily mock the cgroup
version and become environment independant.
After this commit both cgroup versions v1 and v2
are being tested, no matter in which environment
it runs.
Signed-off-by: Itamar Holder <iholder@redhat.com>
* add quantity library to CEL
* add more tests to quantity
* use 1.29 env for quantity
* set CEL default env to 1.28 for 1.28 release
* add compare function
* docs and arith lib
* fixup addInt and subInt overload, add docs
* more tests
* cleanup docs
* remove old comments
* remove unnecessary cast
* add isInteger
* add overflow tests
* boilerplate
* refactor expectedResult for tests
* doc typo fix
* returns bool
* add docs link
* different dos link
* add isInteger true case
* expand iff
* add quantity back to 1.28 version, and revert change to DefaultCompatibilityVersion
* formatting
* [API REVIEW] ValidatingAdmissionPolicyStatucController config.
worker count.
* ValidatingAdmissionPolicyStatus controller.
* remove CEL typechecking from API server.
* fix initializer tests.
* remove type checking integration tests
from API server integration tests.
* validatingadmissionpolicy-status options.
* grant access to VAP controller.
* add defaulting unit test.
* generated: ./hack/update-codegen.sh
* add OWNERS for VAP status controller.
* type checking test case.
