On Thu, Feb 17, 2022 at 07:15:54PM +0100, Hendrik Brueckner wrote: >On Thu, Feb 17, 2022 at 09:22:00PM +0800, dust.li wrote: >> On Thu, Feb 17, 2022 at 10:37:28AM +0100, Stefan Raspl wrote: >> >On 2/16/22 16:27, dust.li wrote: >> >> On Wed, Feb 16, 2022 at 02:58:32PM +0100, Stefan Raspl wrote: >> >> > On 2/16/22 04:49, Dust Li wrote: >> >> > >> >> >Now we understand that cloud workloads are a bit different, and the desire to >> >be able to modify the environment of a container while leaving the container >> >image unmodified is understandable. But then again, enabling the base image >> >would be the cloud way to address this. The question to us is: How do other >> >parts of the kernel address this? >> >> I'm not familiar with K8S, but from one of my colleague who has worked >> in that area tells me for resources like CPU/MEM and configurations >> like sysctl, can be set using K8S configuration: >> https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ > >For K8s, this involves container engines like cri-o, containerd, podman, >and others towards the runtimes like runc. To ensure they operate together, >specifications by the Open Container Initiative (OCI) at >https://opencontainers.org/release-notices/overview/ > >For container/pod deployments, there is especially the Container Runtime >Interface (CRI) that defines the interface, e.g., of K8s to cri-o etc. > >CRI includes support for (namespaced) sysctl's: >https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.2 > >In essence, the CRI spec would allow users to specify/control a specific >runtime for the container in a declarative way w/o modifying the (base) >container images. Thanks a lot for your kind explanation ! After a quick look at the OCI spec, I saw the support for file based configuration (Including sysfs/procfs etc.). And unfortunately, no netlink support. Hi Karsten & Stefan: Back to the patch itself, do you think I need to add the control switch now ? Or just leave the switch and fix other issues first ? Thanks
