云主机>> critest-rootless-cgroup2>> 返回
项目作者: AkihiroSuda

项目描述 :
critest example (rootless+cgroup2)
高级语言: Shell
项目地址: git://github.com/AkihiroSuda/critest-rootless-cgroup2.git
创建时间: 2020-06-01T08:26:19Z
项目社区:https://github.com/AkihiroSuda/critest-rootless-cgroup2
开源协议:Apache License 2.0
下载


critest-rootless-cgroup2

critest example (rootless+cgroup2)

Usage

Boot Ubuntu 20.04 (systemd 245, kernel 5.4) with systemd.unified_cgroup_hierarchy=1.

Download binaries:

  1. $ ./bin-download.sh
  2. Downloading crictl
  3. Downloading rootlesskit
  4. Downloading slirp4netns
  5. Downloading containerd
  6. NOTE: CRI-O is not supported yet
  7. Downloading crun
  8. NOTE: If you want to try runc, compile it by yourself and place the binary under ./bin .

Start containerd:

  1. $ ./containerd.sh

Run a pod, an Alpine container, and execute a shell within it (using crun):

  1. $ ./run.sh
  2. ...
  3. + ./crictl.sh exec -it d214040f8023a6938ffac05ff6db2aa0f884e86778d5f40a9a3171d2d1e8fc7c sh
  4. / # cat /sys/fs/cgroup/cpu.weight
  5. 5
  6. / # cat /sys/fs/cgroup/memory.max
  7. 67108864

The shell is executed in a cgroup like /user.slice/user-1001.slice/user@1001.service/user.slice/cri-containerd-d214040f8023a6938ffac05ff6db2aa0f884e86778d5f40a9a3171d2d1e8fc7c.scope. Note that cat /proc/1/cgroup in the container shows / as the cgroup because cgroup namespaces are enabled for non-privileged pods on cgroup v2.

To use runc (runc binary need to be installed under ./bin):

  1. $ ./run.sh runc
  2. ...

Clean up:

  1. $ ./kill.sh