Add pids-limit support in docker update #32519
Conversation
daemon/update_linux.go
Outdated
There was a problem hiding this comment.
Need help with this part. From my findings, I need to add PidsLimit here to update the running containers (real world). But libcontainered.Resources has no attribute named PidsLimit. Hence, the build would fail for now.
I found that the libcontainered resources attributes are defined in github.com/docker/containerd/api/grpc/types, but I'm not sure how to generate api-pb.go once I edit api.proto.
Can someone help me with this?
There was a problem hiding this comment.
I think @mlaventure would be the best person to assist 👍
There was a problem hiding this comment.
So I read proto3 docs and installed protoc with Go protocol buffer plugin.
Ran protoc --go_out=./ api.proto from vendor/github.com/docker/containerd/api/grpc/types. It generated api.pb.go with PidsLimit in UpdateResource and a method GetPidsLimit() for the same type. Along with this, it also modified a lot of other parts of the file. Not sure if we need so many changes.
I'll wait for some assistance on how to generate api.pb.go that properly fits here 🙂
There was a problem hiding this comment.
@darkowlzz you need to open a PR against the v0.2.x branch of https://github.com/containerd/containerd to add that field into api.proto. Once that PR is merged you'll need to vendor containerd into docker (as part of this PR)
cli/command/container/update.go
Outdated
There was a problem hiding this comment.
Before I forget to comment; this needs an "annotation" so that the flag is hidden when connecting to an older daemon version;
flags.SetAnnotation("cpus", "version", []string{"1.30"})There was a problem hiding this comment.
Added "annotation" for "pids-limit" with version 1.30.
@thaJeztah do you want me to change annotation version for "cpus"? Not sure why your code snippet has "cpus" with version 1.30, when the same line exists with 1.29 😅
There was a problem hiding this comment.
oh, sorry, no that was just a copy/paste error on my side
There was a problem hiding this comment.
btw: Shouldn't the default be -1 and a value of 0 errors out?
f28efd8 to
1ba6ea4
Compare
|
After vendoring new gRPC APIs, build is no longer failing but when I update pids-limit, HostConfig gets updated with new limit but not the file @thaJeztah & @mlaventure can you guys help here? Couldn't find exactly where cgroup files are updated. |
|
@darkowlzz the path would be something like Also, you need to update |
46daeb4 to
3d04429
Compare
|
@mlaventure oops! 😅 fixed the vendoring. And about the pids-limit file, yes, On checked runc code (rev 9c2d8d184e5da67c95d601382adf14862e4f2228, from |
There was a problem hiding this comment.
@darkowlzz sorry for the delay, DockerCon happened :)
I think it doesn't work for you because you forgot to also update hack/dockerfile/binaries-commits :)
The runc code for pids doesn't get vendored in because it is not directly used by the engine code (there's no reference to either of the type or routine found in that package within the engine). The use happen indirectly via containerd
cli/command/container/update.go
Outdated
There was a problem hiding this comment.
btw: Shouldn't the default be -1 and a value of 0 errors out?
3d04429 to
6ce52a4
Compare
|
@mlaventure Changed the default pidsLimit value to -1 for max value by default 😅 Updated Checked vendored Rebuilt docker Checked containerd version in Created a new alpine container with --pids-limit set to 20 and then updated to 15. Updated value is visible in Anything else that is missing? |
|
@darkowlzz everything is now fine on both I made a PR to add it here |
|
@mlaventure 😱 great! thanks a lot :) |
|
yay! runc changes got merged 🎉 @mlaventure In |
|
@darkowlzz yes, we are just waiting for It's waiting on the integration with |
|
Looks like we need a rebase, and move the CLI bits to github.com/docker/cli now that it has been moved out of this repo. |
6ce52a4 to
ecc87e3
Compare
|
Sounds like the best option; not sure if we can change that for other properties that have the same issue though 😞 |
|
@darkowlzz this one needs to be rebased |
a7e8b80 to
baec56b
Compare
|
Rebased, made pids limit a pointer so users can update to unlimited by setting 0. |
0fc8179 to
7c89e85
Compare
b19462d to
94d9d4d
Compare
- Adds updating PidsLimit in UpdateContainer(). - Adds setting PidsLimit in toContainerResources(). Signed-off-by: Sunny Gogoi <indiasuny000@gmail.com> Signed-off-by: Brian Goff <cpuguy83@gmail.com>
94d9d4d to
74eb258
Compare
|
experimental failing on a flaky test #38521 powerpc failing on another flaky #38720 I'll merge |
--pids-limitindocker updatecommand.pidsLimitflag variable is set asPidsLimitincontainertypes.Resources, which is used to apply the update inhostConfig and the real world (running containers).
TestUpdatePIDsLimitintegration test for the new flag.Fixes #32443
Signed-off-by: Sunny Gogoi indiasuny000@gmail.com
- What I did
Added a new flag,
--pids-limit, in the commanddocker update.- How I did it
Details are in commit body.
- How to verify it
Verify by starting a container with
--pids-limit=4and then updating pids-limit of the containerto a new value with
docker update --pids-limit=<newValue> <containerName>.Once updated, the result can be seen in
docker inspect <containerName>and in the file/sys/fs/cgroup/pids/pids.maxwithin the container.- Description for the changelog
Add pids-limit support in docker update
- A picture of a cute animal (not mandatory but encouraged)