On 18/02/2022 08:33, dust.li wrote: > On Thu, Feb 17, 2022 at 07:15:54PM +0100, Hendrik Brueckner wrote: >> On Thu, Feb 17, 2022 at 09:22:00PM +0800, dust.li wrote: >>> On Thu, Feb 17, 2022 at 10:37:28AM +0100, Stefan Raspl wrote: >>>> On 2/16/22 16:27, dust.li wrote: >>>>> On Wed, Feb 16, 2022 at 02:58:32PM +0100, Stefan Raspl wrote: >>>>>> On 2/16/22 04:49, Dust Li wrote: >>>>>> >>> >>>> Now we understand that cloud workloads are a bit different, and the desire to >>>> be able to modify the environment of a container while leaving the container >>>> image unmodified is understandable. But then again, enabling the base image >>>> would be the cloud way to address this. The question to us is: How do other >>>> parts of the kernel address this? >>> >>> I'm not familiar with K8S, but from one of my colleague who has worked >>> in that area tells me for resources like CPU/MEM and configurations >>> like sysctl, can be set using K8S configuration: >>> https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ >> >> For K8s, this involves container engines like cri-o, containerd, podman, >> and others towards the runtimes like runc. To ensure they operate together, >> specifications by the Open Container Initiative (OCI) at >> https://opencontainers.org/release-notices/overview/ >> >> For container/pod deployments, there is especially the Container Runtime >> Interface (CRI) that defines the interface, e.g., of K8s to cri-o etc. >> >> CRI includes support for (namespaced) sysctl's: >> https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.2 >> >> In essence, the CRI spec would allow users to specify/control a specific >> runtime for the container in a declarative way w/o modifying the (base) >> container images. > > Thanks a lot for your kind explanation ! > > After a quick look at the OCI spec, I saw the support for file based > configuration (Including sysfs/procfs etc.). And unfortunately, no > netlink support. > > > Hi Karsten & Stefan: > Back to the patch itself, do you think I need to add the control switch > now ? Or just leave the switch and fix other issues first ? Hi, looks like we need more time to evaluate possibilities, so if you have additional topics on your desk move on and delay this one. Right now for me it looks like there is no way to use netlink for container runtime configuration, which is a pity. We continue our discussions about this in the team, and also here on the list. Thank you!
