Comments (2)
egernst
commented on June 14, 2024
- We grab and validate the config as part of katautils, where we check what max CPUs should be
- We call createSandboxConfig with the sandbox config created from step 1. This'll then:
a. create the sandbox (structures)
b. setup the network
c. Move itself into the appropriate resource controller
d. Start the VM.
katautils depends on virtcontainers, so we can't reuse / call logic for getting default max CPUs again from vc. Reordering creation of resource controller to earlier is complicated b/c we rely on devices getting setup. I think the best option would be to update the value of s.hypervisorconfig.defaultMaxVCPUs between 2.c and 2.d, and figure out how to either reuse existing code, or move the logic out of katautils. 🤷
from kata-containers.
egernst
commented on June 14, 2024
The max handling is a bit of a mess to untangle given that we are checking at LoadConfiguration time. Rather than reorder or change too much, I think it makes sense to do what we have in the confirmation toml comments: Validate only against the number of actual CPUs on the host system, not what is visible to the particular process via go runtime. I'm working to just update checking procfs to see number of logical CPUs instead of calling the go runtime to determine.
from kata-containers.
Related Issues (20)
- Pod without command or arguments is running forever HOT 3
- genpolicy: support raw block devices
- [RFC] New tests for shared_fs=none HOT 11
- CI: Wrong arch image pulled for initramfs-cryptsetup
- metrics: Launch times test fails erratically
- k8s: Check custom dns test is consistently failing on confidential tests HOT 3
- k8s: guest-pull: Kill all processes in container test fails when pulling the image inside the guest HOT 1
- k8s: guest-pull: "Liveness probe" test "fails"
- k8s: guest-pull: "Setting sysctl" test fail
- k8s: guest-pull: "Test readonly volume for pods" fails HOT 2
- k8s: guest-pull: initContainer with shared volume fails
- VERSION_ID: unbound variable error in kata-deploy:3.5.0
- SNP enabled kata container
- tests/confidential_kbs: leverage nodeport deployments from upstream trustee
- Configure CoCo runtimes with shared_fs=none HOT 1
- Questions about shared-fs options and security in kata-containers HOT 4
- Runtime-rs: `dial_timeout` was renamed to `dial_timeout_ms`
- kata-agent-ctl refactor CopyFile handler HOT 1
- Adjust indentation in ifneq statements within Makefile in runtime-rs
- tests/k8s: disable "fail-fast" behavior by default
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kata-containers.