feature:Add limit container rootfs dirsize#65
feature:Add limit container rootfs dirsize#65Frank-svg-dev wants to merge 5 commits intokcrow-io:mainfrom
Conversation
|
@yylt pls review, tks |
pkg/disk/disk.go
Outdated
| return "", fmt.Errorf("overlay path not found in mountinfo for %s", containerRootfs) | ||
| } | ||
|
|
||
| func generateProjectID(containerID string) uint32 { |
There was a problem hiding this comment.
Hash Conflict? maybe could use snapshot id found by getOverlayPath
There was a problem hiding this comment.
thk you reply, you are right, However, since xfs_quota projectID is an int type and Container ID is a hash value with a length far exceeding int64, I will introduce the crc32.ChecksumIEEE method to directly convert it
There was a problem hiding this comment.
actually,snapshot id is u64 type, and it is must unique in different container, so it is perfect used as project id in xfs_quota.
There was a problem hiding this comment.
I think I understand what you mean. Since the snapshot ID of the container is unique, we can use the getOverlayPath method to further crop the upper directory and synchronize the snapshot ID with it, Like this right?
i will be update
pkg/disk/manage.go
Outdated
|
|
||
| klog.V(2).Infof("Target XFS Quota Path: %s", rootfsPath) | ||
|
|
||
| if err := applyXFSQuota(container.Id, rootfsPath, limitMB); err != nil { |
There was a problem hiding this comment.
should check moutpoint support set quota, otherwise failed always.
There was a problem hiding this comment.
OK, When the quota parameter is not enabled in the containerd directory, in order to avoid calling the disk plugin's CreateContainer and StartContainer methods every time a container is created, I used an initialization check. If the quota parameter is not enabled, the disk plugin will not be loaded
like this :
There was a problem hiding this comment.
You can refer to this, which use cgroup blkio to limit disk usage, If possible, could you migrate XFS quota to that plugins approach?
In fact, the daemon-based NRI plugin is not the recommended approach, as launching plugins via containerd can reduce the attack surface.
add unit test add unit test add unit test Add /var/lib/containerd directory for checking prjquota mounting parameters
Frank-svg-dev
force-pushed
the
add-limit-container-rootfs-dirsize
branch
from
6805777 to
69a6900
Compare
2 participants
This feature uses the NRI interface to configure the kernel's native xfs_ quota command to implement the disk restriction function of container rootfs, which can avoid 100% of the host/var/lib/constaneld caused by writing a large number of files in the container
Installation before We need to add the prjquota attribute to the mounting attribute of the disk where the/var/lib/container directory is located, for xfsquota to set quotas
Feature Demo