|
| 1 | +/* |
| 2 | + Copyright The containerd Authors. |
| 3 | +
|
| 4 | + Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | + you may not use this file except in compliance with the License. |
| 6 | + You may obtain a copy of the License at |
| 7 | +
|
| 8 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +
|
| 10 | + Unless required by applicable law or agreed to in writing, software |
| 11 | + distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | + See the License for the specific language governing permissions and |
| 14 | + limitations under the License. |
| 15 | +*/ |
| 16 | + |
| 17 | +package main |
| 18 | + |
| 19 | +import ( |
| 20 | + "context" |
| 21 | + "flag" |
| 22 | + "fmt" |
| 23 | + "os" |
| 24 | + "strings" |
| 25 | + |
| 26 | + "github.com/containerd/containerd/log" |
| 27 | + "github.com/sirupsen/logrus" |
| 28 | + "sigs.k8s.io/yaml" |
| 29 | + |
| 30 | + "github.com/containerd/nri/pkg/api" |
| 31 | + "github.com/containerd/nri/pkg/stub" |
| 32 | +) |
| 33 | + |
| 34 | +const ( |
| 35 | + ulimitKey = "ulimits.nri.containerd.io" |
| 36 | + rlimitPrefix = "RLIMIT_" |
| 37 | +) |
| 38 | + |
| 39 | +var ( |
| 40 | + valid = map[string]struct{}{ |
| 41 | + "AS": {}, |
| 42 | + "CORE": {}, |
| 43 | + "CPU": {}, |
| 44 | + "DATA": {}, |
| 45 | + "FSIZE": {}, |
| 46 | + "LOCKS": {}, |
| 47 | + "MEMLOCK": {}, |
| 48 | + "MSGQUEUE": {}, |
| 49 | + "NICE": {}, |
| 50 | + "NOFILE": {}, |
| 51 | + "NPROC": {}, |
| 52 | + "RSS": {}, |
| 53 | + "RTPRIO": {}, |
| 54 | + "RTTIME": {}, |
| 55 | + "SIGPENDING": {}, |
| 56 | + "STACK": {}, |
| 57 | + } |
| 58 | +) |
| 59 | + |
| 60 | +func main() { |
| 61 | + var ( |
| 62 | + pluginName string |
| 63 | + pluginIdx string |
| 64 | + verbose bool |
| 65 | + opts []stub.Option |
| 66 | + ) |
| 67 | + |
| 68 | + l := logrus.StandardLogger() |
| 69 | + l.SetFormatter(&logrus.TextFormatter{ |
| 70 | + PadLevelText: true, |
| 71 | + }) |
| 72 | + |
| 73 | + flag.StringVar(&pluginName, "name", "", "plugin name to register to NRI") |
| 74 | + flag.StringVar(&pluginIdx, "idx", "", "plugin index to register to NRI") |
| 75 | + flag.BoolVar(&verbose, "verbose", false, "enable (more) verbose logging") |
| 76 | + flag.Parse() |
| 77 | + ctx := log.WithLogger(context.Background(), l.WithField("name", pluginName).WithField("idx", pluginIdx)) |
| 78 | + log.G(ctx).WithField("verbose", verbose).Info("starting plugin") |
| 79 | + |
| 80 | + if verbose { |
| 81 | + l.SetLevel(logrus.DebugLevel) |
| 82 | + } |
| 83 | + |
| 84 | + if pluginName != "" { |
| 85 | + opts = append(opts, stub.WithPluginName(pluginName)) |
| 86 | + } |
| 87 | + if pluginIdx != "" { |
| 88 | + opts = append(opts, stub.WithPluginIdx(pluginIdx)) |
| 89 | + } |
| 90 | + |
| 91 | + p := &plugin{l: log.G(ctx)} |
| 92 | + var err error |
| 93 | + if p.stub, err = stub.New(p, opts...); err != nil { |
| 94 | + log.G(ctx).Fatalf("failed to create plugin stub: %v", err) |
| 95 | + } |
| 96 | + |
| 97 | + if err := p.stub.Run(context.Background()); err != nil { |
| 98 | + log.G(ctx).Errorf("plugin exited with error %v", err) |
| 99 | + os.Exit(1) |
| 100 | + } |
| 101 | +} |
| 102 | + |
| 103 | +type plugin struct { |
| 104 | + stub stub.Stub |
| 105 | + l *logrus.Entry |
| 106 | +} |
| 107 | + |
| 108 | +func (p *plugin) CreateContainer( |
| 109 | + ctx context.Context, |
| 110 | + pod *api.PodSandbox, |
| 111 | + container *api.Container) (*api.ContainerAdjustment, []*api.ContainerUpdate, error) { |
| 112 | + if pod != nil { |
| 113 | + p.l = p.l.WithField("pod", pod.Name) |
| 114 | + } |
| 115 | + if container != nil { |
| 116 | + p.l = p.l.WithField("container", container.Name) |
| 117 | + } |
| 118 | + ctx = log.WithLogger(ctx, p.l) |
| 119 | + log.G(ctx).Debug("create container") |
| 120 | + |
| 121 | + ulimits, err := parseUlimits(ctx, container.Name, pod.Annotations) |
| 122 | + if err != nil { |
| 123 | + log.G(ctx).WithError(err).Debug("failed to parse annotations") |
| 124 | + return nil, nil, err |
| 125 | + } |
| 126 | + adjust := &api.ContainerAdjustment{} |
| 127 | + for _, u := range ulimits { |
| 128 | + log.G(ctx).WithField("type", u.Type).WithField("hard", u.Hard).WithField("soft", u.Soft).Debug("adjust rlimit") |
| 129 | + adjust.AddRlimit(u.Type, u.Hard, u.Soft) |
| 130 | + } |
| 131 | + return adjust, nil, nil |
| 132 | +} |
| 133 | + |
| 134 | +type ulimit struct { |
| 135 | + Type string `json:"type"` |
| 136 | + Hard uint64 `json:"hard"` |
| 137 | + Soft uint64 `json:"soft"` |
| 138 | +} |
| 139 | + |
| 140 | +func parseUlimits(ctx context.Context, container string, annotations map[string]string) ([]ulimit, error) { |
| 141 | + key := ulimitKey + "/container." + container |
| 142 | + val, ok := annotations[key] |
| 143 | + if !ok { |
| 144 | + log.G(ctx).Debugf("no annotations found with key %q", key) |
| 145 | + return nil, nil |
| 146 | + } |
| 147 | + ulimits := make([]ulimit, 0) |
| 148 | + if err := yaml.Unmarshal([]byte(val), &ulimits); err != nil { |
| 149 | + return nil, err |
| 150 | + } |
| 151 | + for i := range ulimits { |
| 152 | + u := ulimits[i] |
| 153 | + typ := strings.TrimPrefix(strings.ToUpper(u.Type), rlimitPrefix) |
| 154 | + if _, ok := valid[typ]; !ok { |
| 155 | + log.G(ctx).WithField("raw", u.Type).WithField("trimmed", typ).Debug("failed to parse type") |
| 156 | + return nil, fmt.Errorf("failed to parse type: %q", u.Type) |
| 157 | + } |
| 158 | + ulimits[i].Type = rlimitPrefix + typ |
| 159 | + } |
| 160 | + return ulimits, nil |
| 161 | +} |
0 commit comments