summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCharlie Doern <cdoern@redhat.com>2022-06-28 12:11:29 -0400
committerCharlie Doern <cdoern@redhat.com>2022-07-01 13:44:32 -0400
commitb92149e2a8ce596b2839ec404e2ebd457943848f (patch)
tree1223e8b4594b40413a749c5d0025f5c4a6106f8a
parentb00e65aa9c071428579a55f91a92f3702765ed85 (diff)
downloadpodman-b92149e2a8ce596b2839ec404e2ebd457943848f.tar.gz
podman-b92149e2a8ce596b2839ec404e2ebd457943848f.tar.bz2
podman-b92149e2a8ce596b2839ec404e2ebd457943848f.zip
podman pod create --memory
using the new resource backend, implement podman pod create --memory which enables users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all children unless overriden Signed-off-by: Charlie Doern <cdoern@redhat.com>
-rw-r--r--cmd/podman/common/create.go16
-rw-r--r--docs/source/markdown/podman-pod-clone.1.md10
-rw-r--r--docs/source/markdown/podman-pod-create.1.md10
-rw-r--r--go.mod2
-rw-r--r--go.sum5
-rw-r--r--libpod/define/pod_inspect.go2
-rw-r--r--libpod/pod.go17
-rw-r--r--libpod/pod_api.go1
-rw-r--r--test/system/200-pod.bats10
-rw-r--r--vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go4
-rw-r--r--vendor/github.com/containers/common/pkg/seccomp/default_linux.go3
-rw-r--r--vendor/github.com/containers/common/pkg/seccomp/seccomp.json3
-rw-r--r--vendor/modules.txt2
13 files changed, 67 insertions, 18 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index e25bdd241..f05549a8d 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -863,14 +863,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
)
_ = cmd.RegisterFlagCompletionFunc(cpusetMemsFlagName, completion.AutocompleteNone)
- memoryFlagName := "memory"
- createFlags.StringVarP(
- &cf.Memory,
- memoryFlagName, "m", "",
- "Memory limit "+sizeWithUnitFormat,
- )
- _ = cmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone)
-
memoryReservationFlagName := "memory-reservation"
createFlags.StringVar(
&cf.MemoryReservation,
@@ -912,4 +904,12 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
"CPUs in which to allow execution (0-3, 0,1)",
)
_ = cmd.RegisterFlagCompletionFunc(cpusetCpusFlagName, completion.AutocompleteNone)
+
+ memoryFlagName := "memory"
+ createFlags.StringVarP(
+ &cf.Memory,
+ memoryFlagName, "m", "",
+ "Memory limit "+sizeWithUnitFormat,
+ )
+ _ = cmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone)
}
diff --git a/docs/source/markdown/podman-pod-clone.1.md b/docs/source/markdown/podman-pod-clone.1.md
index e44e9fa3c..207f59838 100644
--- a/docs/source/markdown/podman-pod-clone.1.md
+++ b/docs/source/markdown/podman-pod-clone.1.md
@@ -80,6 +80,16 @@ Add metadata to a pod (e.g., --label com.example.key=value).
Read in a line delimited file of labels.
+#### **--memory**, **-m**=*limit*
+
+Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
+
+Constrains the memory available to a container. If the host
+supports swap memory, then the **-m** memory setting can be larger than physical
+RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
+not limited. The actual limit may be rounded up to a multiple of the operating
+system's page size (the value would be very large, that's millions of trillions).
+
#### **--name**, **-n**
Set a custom name for the cloned pod. The default if not specified is of the syntax: **<ORIGINAL_NAME>-clone**
diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
index e63623169..e5899d808 100644
--- a/docs/source/markdown/podman-pod-create.1.md
+++ b/docs/source/markdown/podman-pod-create.1.md
@@ -164,6 +164,16 @@ according to RFC4862.
To specify multiple static MAC addresses per pod, set multiple networks using the **--network** option with a static MAC address specified for each using the `mac` mode for that option.
+#### **--memory**, **-m**=*limit*
+
+Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))
+
+Constrains the memory available to a container. If the host
+supports swap memory, then the **-m** memory setting can be larger than physical
+RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
+not limited. The actual limit may be rounded up to a multiple of the operating
+system's page size (the value would be very large, that's millions of trillions).
+
#### **--name**=*name*, **-n**
diff --git a/go.mod b/go.mod
index 35d4b931f..521521d9a 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
github.com/containernetworking/cni v1.1.1
github.com/containernetworking/plugins v1.1.1
github.com/containers/buildah v1.26.1-0.20220609225314-e66309ebde8c
- github.com/containers/common v0.48.1-0.20220628131511-a8336c1613fe
+ github.com/containers/common v0.48.1-0.20220630172158-178929cf063e
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.21.2-0.20220617075545-929f14a56f5c
github.com/containers/ocicrypt v1.1.5
diff --git a/go.sum b/go.sum
index c34b5dfbb..aed64a5c6 100644
--- a/go.sum
+++ b/go.sum
@@ -338,8 +338,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19
github.com/containers/buildah v1.26.1-0.20220609225314-e66309ebde8c h1:/fKyiLFFuceBPZGJ0Lig7ElURhfsslAOw1BOcItD+X8=
github.com/containers/buildah v1.26.1-0.20220609225314-e66309ebde8c/go.mod h1:b0L+u2Dam7soWGn5sVTK31L++Xrf80AbGvK5z9D2+lw=
github.com/containers/common v0.48.1-0.20220608111710-dbecabbe82c9/go.mod h1:WBLwq+i7bicCpH54V70HM6s7jqDAESTlYnd05XXp0ac=
-github.com/containers/common v0.48.1-0.20220628131511-a8336c1613fe h1:H5YI9PXhDB974IkSCUaha+AF60TunRdHaGElZroYx7M=
-github.com/containers/common v0.48.1-0.20220628131511-a8336c1613fe/go.mod h1:UDe7OTpNdtJA2T80Sp7yB0yTaj79f4kMNQbTsNxsqoY=
+github.com/containers/common v0.48.1-0.20220630172158-178929cf063e h1:Vf5tsGrLC2B2omVBP3AdDA7YlE/VoMdNyQ5yPF8GRoY=
+github.com/containers/common v0.48.1-0.20220630172158-178929cf063e/go.mod h1:Zt3D/IhgFyG1oaBrqsbn9NdH/4fkjsO2Y0ahP12ieu4=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.21.2-0.20220511203756-fe4fd4ed8be4/go.mod h1:OsX9sFexyGF0FCNAjfcVFv3IwMqDyLyV/WQY/roLPcE=
@@ -1268,7 +1268,6 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go
index c387856e5..935e0f5f9 100644
--- a/libpod/define/pod_inspect.go
+++ b/libpod/define/pod_inspect.go
@@ -69,6 +69,8 @@ type InspectPodData struct {
VolumesFrom []string `json:"volumes_from,omitempty"`
// SecurityOpt contains the specified security labels and related SELinux information
SecurityOpts []string `json:"security_opt,omitempty"`
+ // MemoryLimit contains the specified cgroup memory limit for the pod
+ MemoryLimit uint64 `json:"memory_limit,omitempty"`
}
// InspectPodInfraConfig contains the configuration of the pod's infra
diff --git a/libpod/pod.go b/libpod/pod.go
index 2502c41a9..c8c6790e8 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -169,6 +169,23 @@ func (p *Pod) CPUQuota() int64 {
return 0
}
+// MemoryLimit returns the pod Memory Limit
+func (p *Pod) MemoryLimit() uint64 {
+ if p.state.InfraContainerID == "" {
+ return 0
+ }
+ infra, err := p.runtime.GetContainer(p.state.InfraContainerID)
+ if err != nil {
+ return 0
+ }
+ conf := infra.config.Spec
+ if conf != nil && conf.Linux != nil && conf.Linux.Resources != nil && conf.Linux.Resources.Memory != nil && conf.Linux.Resources.Memory.Limit != nil {
+ val := *conf.Linux.Resources.Memory.Limit
+ return uint64(val)
+ }
+ return 0
+}
+
// NetworkMode returns the Network mode given by the user ex: pod, private...
func (p *Pod) NetworkMode() string {
infra, err := p.runtime.GetContainer(p.state.InfraContainerID)
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index fefe0e329..f06e62007 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -751,6 +751,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
CPUSetCPUs: p.ResourceLim().CPU.Cpus,
CPUPeriod: p.CPUPeriod(),
CPUQuota: p.CPUQuota(),
+ MemoryLimit: p.MemoryLimit(),
Mounts: inspectMounts,
Devices: devices,
BlkioDeviceReadBps: deviceLimits,
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 92d3966be..0e522b34d 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -479,21 +479,25 @@ spec:
fi
local name1="resources1"
- run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5
- run_podman --cgroup-manager=systemd pod start $name1
+ run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m
+ run_podman --cgroup-manager=systemd pod start $name1
run_podman pod inspect --format '{{.CgroupPath}}' $name1
local path1="$output"
local actual1=$(< /sys/fs/cgroup/$path1/cpu.max)
is "$actual1" "500000 100000" "resource limits set properly"
+ local actual2=$(< /sys/fs/cgroup/$path1/memory.max)
+ is "$actual2" "10485760" "resource limits set properly"
run_podman pod --cgroup-manager=systemd rm -f $name1
local name2="resources2"
- run_podman --cgroup-manager=cgroupfs pod create --cpus=5 --name=$name2
+ run_podman --cgroup-manager=cgroupfs pod create --cpus=5 --memory=10m --name=$name2
run_podman --cgroup-manager=cgroupfs pod start $name2
run_podman pod inspect --format '{{.CgroupPath}}' $name2
local path2="$output"
local actual2=$(< /sys/fs/cgroup/$path2/cpu.max)
is "$actual2" "500000 100000" "resource limits set properly"
+ local actual2=$(< /sys/fs/cgroup/$path2/memory.max)
+ is "$actual2" "10485760" "resource limits set properly"
run_podman --cgroup-manager=cgroupfs pod rm $name2
}
diff --git a/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go b/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
index a45358f9b..ee9f584de 100644
--- a/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
+++ b/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go
@@ -152,10 +152,10 @@ func resourcesToProps(res *configs.Resources) (map[string]uint64, map[string]str
// Mem
if res.Memory != 0 {
- iMap["MemoryMax"] = res.Memory
+ uMap["MemoryMax"] = uint64(res.Memory)
}
if res.MemorySwap != 0 {
- iMap["MemorySwapMax"] = res.MemorySwap
+ uMap["MemorySwapMax"] = uint64(res.MemorySwap)
}
// Blkio
diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
index 3712afc71..0db77879c 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go
@@ -221,6 +221,9 @@ func DefaultProfile() *Seccomp {
"ipc",
"keyctl",
"kill",
+ "landlock_add_rule",
+ "landlock_create_ruleset",
+ "landlock_restrict_self",
"lchown",
"lchown32",
"lgetxattr",
diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
index 442632e7d..18674db4d 100644
--- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
+++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json
@@ -228,6 +228,9 @@
"ipc",
"keyctl",
"kill",
+ "landlock_add_rule",
+ "landlock_create_ruleset",
+ "landlock_restrict_self",
"lchown",
"lchown32",
"lgetxattr",
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3e8657bc4..aaddcaeb0 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -111,7 +111,7 @@ github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/util
-# github.com/containers/common v0.48.1-0.20220628131511-a8336c1613fe
+# github.com/containers/common v0.48.1-0.20220630172158-178929cf063e
## explicit
github.com/containers/common/libimage
github.com/containers/common/libimage/define