View Source
const (
	// The percent of the machine memory capacity. The value is used to calculate
	// docker memory resource container's hardlimit to workaround docker memory
	// leakage issue. Please see kubernetes/issues/9881 for more detail.
	DockerMemoryLimitThresholdPercent = 70
	// The minimum memory limit allocated to docker container: 150Mi
	MinDockerMemoryLimit = 150 * 1024 * 1024
View Source
const (
	// Taken from lmctfy
	MinShares     = 2
	SharesPerCPU  = 1024
	MilliCPUToCPU = 1000

	// 100000 is equivalent to 100ms
	QuotaPeriod    = 100000
	MinQuotaPeriod = 1000


View Source
var RootCgroupName = CgroupName([]string{})


func EnsureDockerInContainer

func EnsureDockerInContainer(dockerAPIVersion *utilversion.Version, oomScoreAdj int, manager *fs.Manager) error

    Ensures that the Docker daemon is in the desired container. Temporarily export the function to be used by dockershim. TODO(yujuhong): Move this function to dockershim once kubelet migrates to dockershim as the default.

    func GetPodCgroupNameSuffix

    func GetPodCgroupNameSuffix(podUID types.UID) string

      GetPodCgroupNameSuffix returns the last element of the pod CgroupName identifier

      func HugePageLimits

      func HugePageLimits(resourceList v1.ResourceList) map[int64]int64

        HugePageLimits converts the API representation to a map from huge page size (in bytes) to huge page limit (in bytes).

        func IsSystemdStyleName

        func IsSystemdStyleName(name string) bool

        func MilliCPUToQuota

        func MilliCPUToQuota(milliCPU int64, period int64) (quota int64)

          MilliCPUToQuota converts milliCPU to CFS quota and period values.

          func MilliCPUToShares

          func MilliCPUToShares(milliCPU int64) uint64

            MilliCPUToShares converts the milliCPU to CFS shares.

            func NewFakeInternalContainerLifecycle

            func NewFakeInternalContainerLifecycle() *fakeInternalContainerLifecycle

            func ParseQOSReserved

            func ParseQOSReserved(m map[string]string) (*map[v1.ResourceName]int64, error)

              ParseQOSReserved parses the --qos-reserve-requests option


              type ActivePodsFunc

              type ActivePodsFunc func() []*v1.Pod

              type CgroupConfig

              type CgroupConfig struct {
              	// Fully qualified name prior to any driver specific conversions.
              	Name CgroupName
              	// ResourceParameters contains various cgroups settings to apply.
              	ResourceParameters *ResourceConfig

                CgroupConfig holds the cgroup configuration information. This is common object which is used to specify cgroup information to both systemd and raw cgroup fs implementation of the Cgroup Manager interface.

                type CgroupManager

                type CgroupManager interface {
                	// Create creates and applies the cgroup configurations on the cgroup.
                	// It just creates the leaf cgroups.
                	// It expects the parent cgroup to already exist.
                	Create(*CgroupConfig) error
                	// Destroy the cgroup.
                	Destroy(*CgroupConfig) error
                	// Update cgroup configuration.
                	Update(*CgroupConfig) error
                	// Exists checks if the cgroup already exists
                	Exists(name CgroupName) bool
                	// Name returns the literal cgroupfs name on the host after any driver specific conversions.
                	// We would expect systemd implementation to make appropriate name conversion.
                	// For example, if we pass {"foo", "bar"}
                	// then systemd should convert the name to something like
                	// foo.slice/foo-bar.slice
                	Name(name CgroupName) string
                	// CgroupName converts the literal cgroupfs name on the host to an internal identifier.
                	CgroupName(name string) CgroupName
                	// Pids scans through all subsystems to find pids associated with specified cgroup.
                	Pids(name CgroupName) []int
                	// ReduceCPULimits reduces the CPU CFS values to the minimum amount of shares.
                	ReduceCPULimits(cgroupName CgroupName) error
                	// GetResourceStats returns statistics of the specified cgroup as read from the cgroup fs.
                	GetResourceStats(name CgroupName) (*ResourceStats, error)

                  CgroupManager allows for cgroup management. Supports Cgroup Creation ,Deletion and Updates.

                  func NewCgroupManager

                  func NewCgroupManager(cs *CgroupSubsystems, cgroupDriver string) CgroupManager

                    NewCgroupManager is a factory method that returns a CgroupManager

                    type CgroupName

                    type CgroupName []string

                      CgroupName is the abstract name of a cgroup prior to any driver specific conversion. It is specified as a list of strings from its individual components, such as: {"kubepods", "burstable", "pod1234-abcd-5678-efgh"}

                      func NewCgroupName

                      func NewCgroupName(base CgroupName, components ...string) CgroupName

                        NewCgroupName composes a new cgroup name. Use RootCgroupName as base to start at the root. This function does some basic check for invalid characters at the name.

                        func ParseCgroupfsToCgroupName

                        func ParseCgroupfsToCgroupName(name string) CgroupName

                        func ParseSystemdToCgroupName

                        func ParseSystemdToCgroupName(name string) CgroupName

                        func (CgroupName) ToCgroupfs

                        func (cgroupName CgroupName) ToCgroupfs() string

                        func (CgroupName) ToSystemd

                        func (cgroupName CgroupName) ToSystemd() string

                          cgroupName.ToSystemd converts the internal cgroup name to a systemd name. For example, the name {"kubepods", "burstable", "pod1234-abcd-5678-efgh"} becomes "/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod1234_abcd_5678_efgh.slice" This function always expands the systemd name into the cgroupfs form. If only the last part is needed, use path.Base(...) on it to discard the rest.

                          type CgroupSubsystems

                          type CgroupSubsystems struct {
                          	// Cgroup subsystem mounts.
                          	// e.g.: "/sys/fs/cgroup/cpu" -> ["cpu", "cpuacct"]
                          	Mounts []libcontainercgroups.Mount
                          	// Cgroup subsystem to their mount location.
                          	// e.g.: "cpu" -> "/sys/fs/cgroup/cpu"
                          	MountPoints map[string]string

                            CgroupSubsystems holds information about the mounted cgroup subsystems

                            func GetCgroupSubsystems

                            func GetCgroupSubsystems() (*CgroupSubsystems, error)

                              GetCgroupSubsystems returns information about the mounted cgroup subsystems

                              type ContainerManager

                              type ContainerManager interface {
                              	// Runs the container manager's housekeeping.
                              	// - Ensures that the Docker daemon is in a container.
                              	// - Creates the system container where all non-containerized processes run.
                              	Start(*v1.Node, ActivePodsFunc, config.SourcesReady, status.PodStatusProvider, internalapi.RuntimeService) error
                              	// SystemCgroupsLimit returns resources allocated to system cgroups in the machine.
                              	// These cgroups include the system and Kubernetes services.
                              	SystemCgroupsLimit() v1.ResourceList
                              	// GetNodeConfig returns a NodeConfig that is being used by the container manager.
                              	GetNodeConfig() NodeConfig
                              	// Status returns internal Status.
                              	Status() Status
                              	// NewPodContainerManager is a factory method which returns a podContainerManager object
                              	// Returns a noop implementation if qos cgroup hierarchy is not enabled
                              	NewPodContainerManager() PodContainerManager
                              	// GetMountedSubsystems returns the mounted cgroup subsystems on the node
                              	GetMountedSubsystems() *CgroupSubsystems
                              	// GetQOSContainersInfo returns the names of top level QoS containers
                              	GetQOSContainersInfo() QOSContainersInfo
                              	// GetNodeAllocatableReservation returns the amount of compute resources that have to be reserved from scheduling.
                              	GetNodeAllocatableReservation() v1.ResourceList
                              	// GetCapacity returns the amount of compute resources tracked by container manager available on the node.
                              	GetCapacity() v1.ResourceList
                              	// GetDevicePluginResourceCapacity returns the node capacity (amount of total device plugin resources),
                              	// node allocatable (amount of total healthy resources reported by device plugin),
                              	// and inactive device plugin resources previously registered on the node.
                              	GetDevicePluginResourceCapacity() (v1.ResourceList, v1.ResourceList, []string)
                              	// UpdateQOSCgroups performs housekeeping updates to ensure that the top
                              	// level QoS containers have their desired state in a thread-safe way
                              	UpdateQOSCgroups() error
                              	// GetResources returns RunContainerOptions with devices, mounts, and env fields populated for
                              	// extended resources required by container.
                              	GetResources(pod *v1.Pod, container *v1.Container) (*kubecontainer.RunContainerOptions, error)
                              	// UpdatePluginResources calls Allocate of device plugin handler for potential
                              	// requests for device plugin resources, and returns an error if fails.
                              	// Otherwise, it updates allocatableResource in nodeInfo if necessary,
                              	// to make sure it is at least equal to the pod's requested capacity for
                              	// any registered device plugin resource
                              	UpdatePluginResources(*schedulernodeinfo.NodeInfo, *lifecycle.PodAdmitAttributes) error
                              	InternalContainerLifecycle() InternalContainerLifecycle
                              	// GetPodCgroupRoot returns the cgroup which contains all pods.
                              	GetPodCgroupRoot() string
                              	// GetPluginRegistrationHandler returns a plugin registration handler
                              	// The pluginwatcher's Handlers allow to have a single module for handling
                              	// registration.
                              	GetPluginRegistrationHandler() pluginwatcher.PluginHandler
                              	// GetDevices returns information about the devices assigned to pods and containers
                              	GetDevices(podUID, containerName string) []*podresourcesapi.ContainerDevices
                              	// ShouldResetExtendedResourceCapacity returns whether or not the extended resources should be zeroed,
                              	// due to node recreation.
                              	ShouldResetExtendedResourceCapacity() bool

                                Manages the containers running on a machine.

                                func NewContainerManager

                                func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.Interface, nodeConfig NodeConfig, failSwapOn bool, devicePluginEnabled bool, recorder record.EventRecorder) (ContainerManager, error)

                                  TODO(vmarmol): Add limits to the system containers. Takes the absolute name of the specified containers. Empty container name disables use of the specified container.

                                  func NewStubContainerManager

                                  func NewStubContainerManager() ContainerManager

                                  func NewStubContainerManagerWithExtendedResource

                                  func NewStubContainerManagerWithExtendedResource(shouldResetExtendedResourceCapacity bool) ContainerManager

                                  type InternalContainerLifecycle

                                  type InternalContainerLifecycle interface {
                                  	PreStartContainer(pod *v1.Pod, container *v1.Container, containerID string) error
                                  	PreStopContainer(containerID string) error
                                  	PostStopContainer(containerID string) error

                                  type KernelTunableBehavior

                                  type KernelTunableBehavior string
                                  const (
                                  	KernelTunableWarn   KernelTunableBehavior = "warn"
                                  	KernelTunableError  KernelTunableBehavior = "error"
                                  	KernelTunableModify KernelTunableBehavior = "modify"

                                  type MemoryStats

                                  type MemoryStats struct {
                                  	// Memory usage (in bytes).
                                  	Usage int64

                                    MemoryStats holds the on-demand statistics from the memory cgroup

                                    type NodeAllocatableConfig

                                    type NodeAllocatableConfig struct {
                                    	KubeReservedCgroupName   string
                                    	SystemReservedCgroupName string
                                    	EnforceNodeAllocatable   sets.String
                                    	KubeReserved             v1.ResourceList
                                    	SystemReserved           v1.ResourceList
                                    	HardEvictionThresholds   []evictionapi.Threshold

                                    type NodeConfig

                                    type NodeConfig struct {
                                    	RuntimeCgroupsName    string
                                    	SystemCgroupsName     string
                                    	KubeletCgroupsName    string
                                    	ContainerRuntime      string
                                    	CgroupsPerQOS         bool
                                    	CgroupRoot            string
                                    	CgroupDriver          string
                                    	KubeletRootDir        string
                                    	ProtectKernelDefaults bool
                                    	QOSReserved                           map[v1.ResourceName]int64
                                    	ExperimentalCPUManagerPolicy          string
                                    	ExperimentalCPUManagerReconcilePeriod time.Duration
                                    	ExperimentalPodPidsLimit              int64
                                    	EnforceCPULimits                      bool
                                    	CPUCFSQuotaPeriod                     time.Duration

                                    type PodContainerManager

                                    type PodContainerManager interface {
                                    	// GetPodContainerName returns the CgroupName identifier, and its literal cgroupfs form on the host.
                                    	GetPodContainerName(*v1.Pod) (CgroupName, string)
                                    	// EnsureExists takes a pod as argument and makes sure that
                                    	// pod cgroup exists if qos cgroup hierarchy flag is enabled.
                                    	// If the pod cgroup doesn't already exist this method creates it.
                                    	EnsureExists(*v1.Pod) error
                                    	// Exists returns true if the pod cgroup exists.
                                    	Exists(*v1.Pod) bool
                                    	// Destroy takes a pod Cgroup name as argument and destroys the pod's container.
                                    	Destroy(name CgroupName) error
                                    	// ReduceCPULimits reduces the CPU CFS values to the minimum amount of shares.
                                    	ReduceCPULimits(name CgroupName) error
                                    	// GetAllPodsFromCgroups enumerates the set of pod uids to their associated cgroup based on state of cgroupfs system.
                                    	GetAllPodsFromCgroups() (map[types.UID]CgroupName, error)
                                    	// IsPodCgroup returns true if the literal cgroupfs name corresponds to a pod
                                    	IsPodCgroup(cgroupfs string) (bool, types.UID)

                                      PodContainerManager stores and manages pod level containers The Pod workers interact with the PodContainerManager to create and destroy containers for the pod.

                                      type QOSContainerManager

                                      type QOSContainerManager interface {
                                      	Start(func() v1.ResourceList, ActivePodsFunc) error
                                      	GetQOSContainersInfo() QOSContainersInfo
                                      	UpdateCgroups() error

                                      func NewQOSContainerManager

                                      func NewQOSContainerManager(subsystems *CgroupSubsystems, cgroupRoot CgroupName, nodeConfig NodeConfig, cgroupManager CgroupManager) (QOSContainerManager, error)

                                      type QOSContainersInfo

                                      type QOSContainersInfo struct {
                                      	Guaranteed CgroupName
                                      	BestEffort CgroupName
                                      	Burstable  CgroupName

                                        QOSContainersInfo stores the names of containers per qos

                                        type ResourceConfig

                                        type ResourceConfig struct {
                                        	// Memory limit (in bytes).
                                        	Memory *int64
                                        	// CPU shares (relative weight vs. other containers).
                                        	CpuShares *uint64
                                        	// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
                                        	CpuQuota *int64
                                        	// CPU quota period.
                                        	CpuPeriod *uint64
                                        	// HugePageLimit map from page size (in bytes) to limit (in bytes)
                                        	HugePageLimit map[int64]int64
                                        	// Maximum number of pids
                                        	PidsLimit *int64

                                          ResourceConfig holds information about all the supported cgroup resource parameters.

                                          func ResourceConfigForPod

                                          func ResourceConfigForPod(pod *v1.Pod, enforceCPULimits bool, cpuPeriod uint64) *ResourceConfig

                                            ResourceConfigForPod takes the input pod and outputs the cgroup resource config.

                                            type ResourceStats

                                            type ResourceStats struct {
                                            	// Memory statistics.
                                            	MemoryStats *MemoryStats

                                              ResourceStats holds on-demand statistics from various cgroup subsystems

                                              type Status

                                              type Status struct {
                                              	// Any soft requirements that were unsatisfied.
                                              	SoftRequirements error


                                              Path Synopsis
                                              Package topology contains helpers for the CPU manager.
                                              Package topology contains helpers for the CPU manager.