1 package configs 2 3 import ( 4 systemdDbus "github.com/coreos/go-systemd/v22/dbus" 5 "github.com/opencontainers/runc/libcontainer/devices" 6 ) 7 8 type FreezerState string 9 10 const ( 11 Undefined FreezerState = "" 12 Frozen FreezerState = "FROZEN" 13 Thawed FreezerState = "THAWED" 14 ) 15 16 // Cgroup holds properties of a cgroup on Linux. 17 type Cgroup struct { 18 // Name specifies the name of the cgroup 19 Name string `json:"name,omitempty"` 20 21 // Parent specifies the name of parent of cgroup or slice 22 Parent string `json:"parent,omitempty"` 23 24 // Path specifies the path to cgroups that are created and/or joined by the container. 25 // The path is assumed to be relative to the host system cgroup mountpoint. 26 Path string `json:"path"` 27 28 // ScopePrefix describes prefix for the scope name 29 ScopePrefix string `json:"scope_prefix"` 30 31 // Resources contains various cgroups settings to apply 32 *Resources 33 34 // Systemd tells if systemd should be used to manage cgroups. 35 Systemd bool 36 37 // SystemdProps are any additional properties for systemd, 38 // derived from org.systemd.property.xxx annotations. 39 // Ignored unless systemd is used for managing cgroups. 40 SystemdProps []systemdDbus.Property `json:"-"` 41 42 // Rootless tells if rootless cgroups should be used. 43 Rootless bool 44 45 // The host UID that should own the cgroup, or nil to accept 46 // the default ownership. This should only be set when the 47 // cgroupfs is to be mounted read/write. 48 // Not all cgroup manager implementations support changing 49 // the ownership. 50 OwnerUID *int `json:"owner_uid,omitempty"` 51 } 52 53 type Resources struct { 54 // Devices is the set of access rules for devices in the container. 55 Devices []*devices.Rule `json:"devices"` 56 57 // Memory limit (in bytes) 58 Memory int64 `json:"memory"` 59 60 // Memory reservation or soft_limit (in bytes) 61 MemoryReservation int64 `json:"memory_reservation"` 62 63 // Total memory usage (memory + swap); set `-1` to enable unlimited swap 64 MemorySwap int64 `json:"memory_swap"` 65 66 // CPU shares (relative weight vs. other containers) 67 CpuShares uint64 `json:"cpu_shares"` 68 69 // CPU hardcap limit (in usecs). Allowed cpu time in a given period. 70 CpuQuota int64 `json:"cpu_quota"` 71 72 // CPU period to be used for hardcapping (in usecs). 0 to use system default. 73 CpuPeriod uint64 `json:"cpu_period"` 74 75 // How many time CPU will use in realtime scheduling (in usecs). 76 CpuRtRuntime int64 `json:"cpu_rt_quota"` 77 78 // CPU period to be used for realtime scheduling (in usecs). 79 CpuRtPeriod uint64 `json:"cpu_rt_period"` 80 81 // CPU to use 82 CpusetCpus string `json:"cpuset_cpus"` 83 84 // MEM to use 85 CpusetMems string `json:"cpuset_mems"` 86 87 // Process limit; set <= `0' to disable limit. 88 PidsLimit int64 `json:"pids_limit"` 89 90 // Specifies per cgroup weight, range is from 10 to 1000. 91 BlkioWeight uint16 `json:"blkio_weight"` 92 93 // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only 94 BlkioLeafWeight uint16 `json:"blkio_leaf_weight"` 95 96 // Weight per cgroup per device, can override BlkioWeight. 97 BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device"` 98 99 // IO read rate limit per cgroup per device, bytes per second. 100 BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"` 101 102 // IO write rate limit per cgroup per device, bytes per second. 103 BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"` 104 105 // IO read rate limit per cgroup per device, IO per second. 106 BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device"` 107 108 // IO write rate limit per cgroup per device, IO per second. 109 BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device"` 110 111 // set the freeze value for the process 112 Freezer FreezerState `json:"freezer"` 113 114 // Hugetlb limit (in bytes) 115 HugetlbLimit []*HugepageLimit `json:"hugetlb_limit"` 116 117 // Whether to disable OOM Killer 118 OomKillDisable bool `json:"oom_kill_disable"` 119 120 // Tuning swappiness behaviour per cgroup 121 MemorySwappiness *uint64 `json:"memory_swappiness"` 122 123 // Set priority of network traffic for container 124 NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap"` 125 126 // Set class identifier for container's network packets 127 NetClsClassid uint32 `json:"net_cls_classid_u"` 128 129 // Rdma resource restriction configuration 130 Rdma map[string]LinuxRdma `json:"rdma"` 131 132 // Used on cgroups v2: 133 134 // CpuWeight sets a proportional bandwidth limit. 135 CpuWeight uint64 `json:"cpu_weight"` 136 137 // Unified is cgroupv2-only key-value map. 138 Unified map[string]string `json:"unified"` 139 140 // SkipDevices allows to skip configuring device permissions. 141 // Used by e.g. kubelet while creating a parent cgroup (kubepods) 142 // common for many containers, and by runc update. 143 // 144 // NOTE it is impossible to start a container which has this flag set. 145 SkipDevices bool `json:"-"` 146 147 // SkipFreezeOnSet is a flag for cgroup manager to skip the cgroup 148 // freeze when setting resources. Only applicable to systemd legacy 149 // (i.e. cgroup v1) manager (which uses freeze by default to avoid 150 // spurious permission errors caused by systemd inability to update 151 // device rules in a non-disruptive manner). 152 // 153 // If not set, a few methods (such as looking into cgroup's 154 // devices.list and querying the systemd unit properties) are used 155 // during Set() to figure out whether the freeze is required. Those 156 // methods may be relatively slow, thus this flag. 157 SkipFreezeOnSet bool `json:"-"` 158 } 159