On Fri, Feb 18, 2022 at 05:03:56PM +0100, Karsten Graul wrote: >On 18/02/2022 08:33, dust.li wrote: >> On Thu, Feb 17, 2022 at 07:15:54PM +0100, Hendrik Brueckner wrote: >>> On Thu, Feb 17, 2022 at 09:22:00PM +0800, dust.li wrote: >>>> On Thu, Feb 17, 2022 at 10:37:28AM +0100, Stefan Raspl wrote: >>>>> On 2/16/22 16:27, dust.li wrote: >>>>>> On Wed, Feb 16, 2022 at 02:58:32PM +0100, Stefan Raspl wrote: >>>>>>> On 2/16/22 04:49, Dust Li wrote: >>>>>>> >>>> >>>>> Now we understand that cloud workloads are a bit different, and the desire to >>>>> be able to modify the environment of a container while leaving the container >>>>> image unmodified is understandable. But then again, enabling the base image >>>>> would be the cloud way to address this. The question to us is: How do other >>>>> parts of the kernel address this? >>>> >>>> I'm not familiar with K8S, but from one of my colleague who has worked >>>> in that area tells me for resources like CPU/MEM and configurations >>>> like sysctl, can be set using K8S configuration: >>>> https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ >>> >>> For K8s, this involves container engines like cri-o, containerd, podman, >>> and others towards the runtimes like runc. To ensure they operate together, >>> specifications by the Open Container Initiative (OCI) at >>> https://opencontainers.org/release-notices/overview/ >>> >>> For container/pod deployments, there is especially the Container Runtime >>> Interface (CRI) that defines the interface, e.g., of K8s to cri-o etc. >>> >>> CRI includes support for (namespaced) sysctl's: >>> https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.2 >>> >>> In essence, the CRI spec would allow users to specify/control a specific >>> runtime for the container in a declarative way w/o modifying the (base) >>> container images. >> >> Thanks a lot for your kind explanation ! >> >> After a quick look at the OCI spec, I saw the support for file based >> configuration (Including sysfs/procfs etc.). And unfortunately, no >> netlink support. >> >> >> Hi Karsten & Stefan: >> Back to the patch itself, do you think I need to add the control switch >> now ? Or just leave the switch and fix other issues first ? > >Hi, looks like we need more time to evaluate possibilities, so if you have >additional topics on your desk move on and delay this one. OK, got it. >Right now for me it looks like there is no way to use netlink for container runtime >configuration, which is a pity. >We continue our discussions about this in the team, and also here on the list. Many thanks for your time on this topic !
