Project Description

As per discussions in the SOAFEE SIG that SUSE is a founding member of, container users will be in need of running workloads with mixed criticality.

Maybe the easiest starting point will be allowing to assign containerized processes real-time priorities.

During last Hack Week, code review had confirmed no process priorities were being set in runc, but work towards experimental code changes got interrupted.

Goal for this Hackweek

Goal is to create a proof of concept where initially a hardcoded process priority gets assigned to a container (which would confirm we found the right place and have the needed capability permissions). This includes figuring out a development set-up for these container components. SUCCESS! Nice values such as -5 (range -20 to 19) could be assigned to a Tumbleweed container executed via podman on Tumbleweed x86_64, using a modified locally built and installed (PREFIX=/usr) runc binary in the initProcess code path.

Next step would be to alternatively assign a real-time process priority (different syscall and number range). SUCCESS! Among others, FIFO scheduler with real-time priority 42 (range 1 to 99) could be assigned to the Tumbleweed container's bash process.

A further step would be figuring out how to pass such meta information from container manifest through orchestrator to the runtime components, so that the priority does not need to be hardcoded and can be applied to one specific container only.

Out of scope will likely be investigating alternative container components, such as crun in place of runc.

It is understood real-time process priorities can be investigated on regular current Tumbleweed or SLE kernels, without requiring a SLERT kernel with PREEMPT_RT patchset specifically (although that would still be the deployment use case).

Resources

SUSE Labs Conference 2022 paper "SOAFEE: The quest for mixed criticality" by A. Färber, sections "Operating system and real-time" and "Kubernetes and real-time".

Looking for hackers with the skills:

kubernetes containers runc go k3s

This project is part of:

Hack Week 22 Hack Week 21

Activity

  • over 1 year ago: joachimwerner liked this project.
  • over 1 year ago: a_faerber added keyword "k3s" to this project.
  • over 1 year ago: a_faerber added keyword "go" to this project.
  • over 1 year ago: a_faerber added keyword "kubernetes" to this project.
  • over 1 year ago: a_faerber added keyword "containers" to this project.
  • over 1 year ago: a_faerber added keyword "runc" to this project.
  • over 1 year ago: a_faerber started this project.
  • over 1 year ago: a_faerber originated this project.

  • Comments

    • afaerber
      over 1 year ago by afaerber | Reply

      Results presented in SOAFEE MCO tiger team: 20230214_SUSE_Hackweek_real-time.pdf

      Code is pushed to GitHub now: https://github.com/afaerber/runc/commits/hackweek22

    Similar Projects

    RKE2/K3S working on IBM Power by tkelly

    [comment]: # (Please use the project descriptio...


    A CLI for Harvester by mohamed.belgaied

    [comment]: # Harvester does not officially come...


    mikrolite - a cli to create lighweight Kubernetes clusters using microvms by rcase

    [comment]: # (Please use the project descriptio...


    Predefined app security policy template for NeuVector by feih

    Project Description

    Idea is to predefin...


    Package MONAI Machine Learning Models for Medical Applications by jordimassaguerpla

    Project Description

    MONAI Deploy aims to ...


    Containerized home mirror by lkocman

    I'm running a simple home mirror, but I managed...


    Predefined app security policy template for NeuVector by feih

    Project Description

    Idea is to predefin...


    Building a container bootloader by flonnegren

    [comment]: # (Please use the project descriptio...


    Hangar: tool for mirror container images & generate rancher image lists. by StarryWang

    Project Description

    Hangar is a tool for ...


    Learn Golang contribuing to opensource projects by mbussolotto

    Project Description

    Get practice in Golan...


    Rancher Upgrader - Upgrades your rancher install via helm, and communicates critical changes from release A to B. by rweir

    [comment]: # (Please use the project descriptio...


    A CLI for Harvester by mohamed.belgaied

    [comment]: # Harvester does not officially come...


    Cluster API Provider for Harvester by rcase

    [comment]: # (Please use the project descriptio...


    WebUI for your data by avicenzi

    [comment]: # (Please use the project descriptio...


    RKE2/K3S working on IBM Power by tkelly

    [comment]: # (Please use the project descriptio...