Add network namespace pool support #3107
Conversation
|
I was also wondering if there should be some kind of orderly shutdown where we release the network namespaces in the pool when buildkitd shuts down (in addition to cleaning up on restart). It doesn't look like there's a mechanism right now to block the shutdown on cleanup activities like this, and I think in some situations it could block shutdown for a long time, so I'm not sure if it makes sense or not. |
aaronlehmann
force-pushed
the
net-ns-pool
branch
from
187a0d4 to
b896cfa
Compare
|
lgtm, should probably add the new config option to the example buildkitd.toml: https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md |
Good point, added. |
aaronlehmann
force-pushed
the
net-ns-pool
branch
from
b896cfa to
31a494a
Compare
Yes, if |
| @@ -208,6 +213,9 @@ func applyContainerdFlags(c *cli.Context, cfg *config.Config) error { | |||
| if c.GlobalIsSet("containerd-cni-config-path") { | |||
| cfg.Workers.Containerd.NetworkConfig.CNIConfigPath = c.GlobalString("containerd-cni-config-path") | |||
| } | |||
| if c.GlobalIsSet("containerd-netns-pool-size") { | |||
There was a problem hiding this comment.
With the current implementation isn't it more like a cni-pool-size?
util/network/cniprovider/cni.go
Outdated
| pool.mu.Lock() | ||
| if pool.actualSize > pool.targetSize && ns.lastUsed.Equal(putTime) { | ||
| for i, poolNS := range pool.available { | ||
| if poolNS == ns { |
There was a problem hiding this comment.
I'm not sure if this is quite correct. You do actualSize > pool.targetSize comparison when deciding to add a cleanup func and also inside the cleanup but I don't think there is a guarantee that these conditions are the same when these places get called for a specific ns.
At least it seems safer if we skip this check end just always call cleanUpToDefaultSize() that is a no-op if available is not greater than size.
There was a problem hiding this comment.
The namespaces are reused in FIFO order, so I think this is correct as written. If we were not above the target size at put time, it will be some other namespace that brings us the target size, and that's the one we'll want to release if it hasn't been reused after 5 minutes.
But thinking about this some more, I don't think we want the FIFO order. It means we'll cycle through the namespaces and it will be hard to shrink back to the target size if there's constant activity. LIFO seems better. So I've rewritten this to use LIFO and align more closely to your suggestion.
I couldn't find a place to put this |
aaronlehmann
force-pushed
the
net-ns-pool
branch
from
702d105 to
d845bc2
Compare
Hmm, this doesn't seem to work well in practice because buildkitd exits before |
|
Yeah, it looks like this requires a bit bigger change. I think we need to pass it through from A quicker patch would be to let the grpc shut down and then just do a hardcoded cleanup, maybe just looking for mountpoints under the state folder and unmount them directory without too much cni specifics. But I think the first solution is better. |
This adds netNSPoolSize pool options which allow setting a target network namespace pool size. buildkitd will create this number of network namespaces at startup (without blocking). When a container execution finishes, the network namespace gets returned to the pool. If the pool goes above the target size, there is a grace period to allow network namespaces to be reused, and if this passes without reuse, the extra namespaces will be released. Signed-off-by: Aaron Lehmann <[email protected]>
Signed-off-by: Aaron Lehmann <[email protected]>
Signed-off-by: Aaron Lehmann <[email protected]>
Signed-off-by: Aaron Lehmann <[email protected]>
aaronlehmann
force-pushed
the
net-ns-pool
branch
from
1e076e4 to
f6b002e
Compare
|
Updated to create these |
| // We can't use the pool for namespaces that need a custom hostname. | ||
| // We also avoid using it on windows because we don't have a cleanup | ||
| // mechanism for Windows yet. | ||
| if hostname == "" || runtime.GOOS == "windows" { |
There was a problem hiding this comment.
isn't this supposed to be && runtime.GOOS != "windows" . If not then I think the comment is confusing.
This adds
netNSPoolSizepool options which allow setting a target network namespace pool size. buildkitd will create this number of network namespaces at startup (without blocking). When a container execution finishes, the network namespace gets returned to the pool. If the pool goes above the target size, there is a grace period to allow network namespaces to be reused, and if this passes without reuse, the extra namespaces will be released.