Project Description

As per discussions in the SOAFEE SIG that SUSE is a founding member of, container users will be in need of running workloads with mixed criticality.

Maybe the easiest starting point will be allowing to assign containerized processes real-time priorities.

During last Hack Week, code review had confirmed no process priorities were being set in runc, but work towards experimental code changes got interrupted.

Goal for this Hackweek

Goal is to create a proof of concept where initially a hardcoded process priority gets assigned to a container (which would confirm we found the right place and have the needed capability permissions). This includes figuring out a development set-up for these container components. SUCCESS! Nice values such as -5 (range -20 to 19) could be assigned to a Tumbleweed container executed via podman on Tumbleweed x86_64, using a modified locally built and installed (PREFIX=/usr) runc binary in the initProcess code path.

Next step would be to alternatively assign a real-time process priority (different syscall and number range). SUCCESS! Among others, FIFO scheduler with real-time priority 42 (range 1 to 99) could be assigned to the Tumbleweed container's bash process.

A further step would be figuring out how to pass such meta information from container manifest through orchestrator to the runtime components, so that the priority does not need to be hardcoded and can be applied to one specific container only.

Out of scope will likely be investigating alternative container components, such as crun in place of runc.

It is understood real-time process priorities can be investigated on regular current Tumbleweed or SLE kernels, without requiring a SLERT kernel with PREEMPT_RT patchset specifically (although that would still be the deployment use case).

Resources

SUSE Labs Conference 2022 paper "SOAFEE: The quest for mixed criticality" by A. Färber, sections "Operating system and real-time" and "Kubernetes and real-time".

Looking for hackers with the skills:

kubernetes containers runc go k3s

This project is part of:

Hack Week 22 Hack Week 21

Activity

  • about 1 month ago: joachimwerner liked this project.
  • about 2 months ago: a_faerber added keyword "k3s" to this project.
  • about 2 months ago: a_faerber added keyword "go" to this project.
  • about 2 months ago: a_faerber added keyword "kubernetes" to this project.
  • about 2 months ago: a_faerber added keyword "containers" to this project.
  • about 2 months ago: a_faerber added keyword "runc" to this project.
  • about 2 months ago: a_faerber started this project.
  • about 2 months ago: a_faerber originated this project.

  • Comments

    Similar Projects

    Containerized git server/client for playground and tutorials by mberti

    [comment]: # (Please use the project descriptio...


    Vai: a Kubernetes API accelerator/cache by moio

    ![Kubernetes API caching layer according to Sta...


    Learn about kubernetes by creating a k3s HA setup by rsimai

    This is mostly a learning activity for myself, ...


    K3S Control Planes as a service by ademicev0

    [comment]: # (Please use the project descriptio...


    Hack on project MONAI (Medical Open Network for Artificial Intelligence) by jordimassaguerpla

    Project Description

    MONAI is a set of o...


    image-tools: simple tool for mirror/save/load container images & KDM and chart image list generator. by StarryWang

    [comment]: # (Please use the project descriptio...


    Image generation AI in container using Radeon GPU by tjyrinki_suse

    [comment]: # (Please use the project descriptio...


    Man pages in a container by doreilly

    [comment]: # (Please use the project descriptio...


    Generic Wrangler Controllers by kjoiner

    [comment]: # (Please use the project descriptio...


    Run sandboxed Firefox with image and sound inside a container by nguyens

    [comment]: # (Please use the project descriptio...


    K3S Control Planes as a service by ademicev0

    [comment]: # (Please use the project descriptio...


    Rancher Token Revoker by mbolot

    [comment]: # (Please use the project descriptio...


    A CLI for Harvester by mohamed.belgaied

    [comment]: # Harvester does not officially come...


    Vai: a Kubernetes API accelerator/cache by moio

    ![Kubernetes API caching layer according to Sta...


    Hack on project MONAI (Medical Open Network for Artificial Intelligence) by jordimassaguerpla

    Project Description

    MONAI is a set of o...


    K3S Control Planes as a service by ademicev0

    [comment]: # (Please use the project descriptio...


    Learn about kubernetes by creating a k3s HA setup by rsimai

    This is mostly a learning activity for myself, ...


    Humidity sensors with dashboard by joachimwerner

    Build a network of ("edge") humidity sensors...