mirror of https://github.com/k3s-io/k3s
Merge pull request #20671 from vishh/avoid-moving-all-dockers
Auto commit by PR queue botpull/6/head
k8s-merge-robot
commit
8163b6ce97
|
|
@ -300,6 +300,19 @@ func (cm *containerManagerImpl) SystemContainersLimit() api.ResourceList {
|
|||
}
|
||||
}
|
||||
|
||||
func isProcessRunningInHost(pid int) (bool, error) {
|
||||
// Get init mount namespace. Mount namespace is unique for all containers.
|
||||
initMntNs, err := os.Readlink("/proc/1/ns/mnt")
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("failed to find mount namespace of init process")
|
||||
}
|
||||
processMntNs, err := os.Readlink(fmt.Sprintf("/proc/%d/ns/mnt", pid))
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("failed to find mount namespace of process %q", pid)
|
||||
}
|
||||
return initMntNs == processMntNs, nil
|
||||
}
|
||||
|
||||
// Ensures that the Docker daemon is in the desired container.
|
||||
func ensureDockerInContainer(cadvisor cadvisor.Interface, oomScoreAdj int, manager *fs.Manager) error {
|
||||
// What container is Docker in?
|
||||
|
|
@ -322,6 +335,15 @@ func ensureDockerInContainer(cadvisor cadvisor.Interface, oomScoreAdj int, manag
|
|||
// Move if the pid is not already in the desired container.
|
||||
errs := []error{}
|
||||
for _, pid := range pids {
|
||||
if runningInHost, err := isProcessRunningInHost(pid); err != nil {
|
||||
errs = append(errs, err)
|
||||
// Err on the side of caution. Avoid moving the docker daemon unless we are able to identify its context.
|
||||
continue
|
||||
} else if !runningInHost {
|
||||
// Docker daemon is running inside a container. Don't touch that.
|
||||
continue
|
||||
}
|
||||
|
||||
cont, err := getContainer(pid)
|
||||
if err != nil {
|
||||
errs = append(errs, fmt.Errorf("failed to find container of PID %d: %v", pid, err))
|
||||
|
|
@ -365,10 +387,6 @@ func getContainer(pid int) (string, error) {
|
|||
// The reason of leaving kernel threads at root cgroup is that we don't want to tie the
|
||||
// execution of these threads with to-be defined /system quota and create priority inversions.
|
||||
//
|
||||
// The reason of leaving process 1 at root cgroup is that libcontainer hardcoded on
|
||||
// the base cgroup path based on process 1. Please see:
|
||||
// https://github.com/kubernetes/kubernetes/issues/12789#issuecomment-132384126
|
||||
// for detail explanation.
|
||||
func ensureSystemContainer(rootContainer *fs.Manager, manager *fs.Manager) error {
|
||||
// Move non-kernel PIDs to the system container.
|
||||
attemptsRemaining := 10
|
||||
|
|
|
|||
|
|
@ -898,22 +898,7 @@ func (kl *Kubelet) StartGarbageCollection() {
|
|||
// initializeModules will initialize internal modules that do not require the container runtime to be up.
|
||||
// Note that the modules here must not depend on modules that are not initialized here.
|
||||
func (kl *Kubelet) initializeModules() error {
|
||||
// Promethues metrics.
|
||||
metrics.Register(kl.runtimeCache)
|
||||
|
||||
// Step 1: Setup filesystem directories.
|
||||
if err := kl.setupDataDirs(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Step 2: If the container logs directory does not exist, create it.
|
||||
if _, err := os.Stat(containerLogsDir); err != nil {
|
||||
if err := kl.os.Mkdir(containerLogsDir, 0755); err != nil {
|
||||
glog.Errorf("Failed to create directory %q: %v", containerLogsDir, err)
|
||||
}
|
||||
}
|
||||
|
||||
// Step 3: Move Kubelet to a container, if required.
|
||||
// Step 1: Move Kubelet to a container, if required.
|
||||
if kl.resourceContainer != "" {
|
||||
// Fixme: I need to reside inside ContainerManager interface.
|
||||
err := util.RunInResourceContainer(kl.resourceContainer)
|
||||
|
|
@ -923,17 +908,32 @@ func (kl *Kubelet) initializeModules() error {
|
|||
glog.Infof("Running in container %q", kl.resourceContainer)
|
||||
}
|
||||
|
||||
// Step 4: Start the image manager.
|
||||
// Step 2: Promethues metrics.
|
||||
metrics.Register(kl.runtimeCache)
|
||||
|
||||
// Step 3: Setup filesystem directories.
|
||||
if err := kl.setupDataDirs(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Step 4: If the container logs directory does not exist, create it.
|
||||
if _, err := os.Stat(containerLogsDir); err != nil {
|
||||
if err := kl.os.Mkdir(containerLogsDir, 0755); err != nil {
|
||||
glog.Errorf("Failed to create directory %q: %v", containerLogsDir, err)
|
||||
}
|
||||
}
|
||||
|
||||
// Step 5: Start the image manager.
|
||||
if err := kl.imageManager.Start(); err != nil {
|
||||
return fmt.Errorf("Failed to start ImageManager, images may not be garbage collected: %v", err)
|
||||
}
|
||||
|
||||
// Step 5: Start container manager.
|
||||
// Step 6: Start container manager.
|
||||
if err := kl.containerManager.Start(kl.nodeConfig); err != nil {
|
||||
return fmt.Errorf("Failed to start ContainerManager %v", err)
|
||||
}
|
||||
|
||||
// Step 6: Start out of memory watcher.
|
||||
// Step 7: Start out of memory watcher.
|
||||
if err := kl.oomWatcher.Start(kl.nodeRef); err != nil {
|
||||
return fmt.Errorf("Failed to start OOM watcher %v", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue