Skip to content

Commit

Permalink
chore: add PidLimit option
Browse files Browse the repository at this point in the history
Signed-off-by: Arjun Raja Yogidas <[email protected]>
  • Loading branch information
coderbirju committed Dec 12, 2024
1 parent 9bdd9b8 commit f078306
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 4 deletions.
8 changes: 6 additions & 2 deletions api/handlers/container/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {

// devices:
// devices are passed in as a map of DeviceMapping,
// but nerdctl expects an array of strings with format [devices1:VALUE1, devices2:VALUE2, ...].
// but nerdctl expects an array of strings with format [PathOnHost1:PathInContainer1:CgroupPermissions1, PathOnHost2:PathInContainer2:CgroupPermissions2, ...].
devices := []string{}
if req.HostConfig.Devices != nil {
for _, deviceMap := range req.HostConfig.Devices {
Expand Down Expand Up @@ -220,6 +220,10 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
securityOpt = req.HostConfig.SecurityOpt
}

pidLimit := int64(-1)
if req.HostConfig.PidsLimit > 0 {
pidLimit = req.HostConfig.PidsLimit
}
globalOpt := ncTypes.GlobalCommandOptions(*h.Config)
createOpt := ncTypes.ContainerCreateOptions{
Stdout: nil,
Expand Down Expand Up @@ -254,7 +258,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
Memory: memory, // memory limit (in bytes)
CPUQuota: CpuQuota, // nerdctl default.
MemorySwappiness64: memorySwappiness, // Tuning container memory swappiness behaviour
PidsLimit: -1, // nerdctl default.
PidsLimit: pidLimit, // PidsLimit specifies the tune container pids limit
Cgroupns: defaults.CgroupnsMode(), // nerdctl default.
BlkioWeight: req.HostConfig.BlkioWeight, // block IO weight (relative)
CPUPeriod: uint64(req.HostConfig.CPUPeriod), // CPU CFS (Completely Fair Scheduler) period
Expand Down
6 changes: 4 additions & 2 deletions api/handlers/container/create_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -744,17 +744,19 @@ var _ = Describe("Container Create API ", func() {
Expect(rr.Body).Should(MatchJSON(jsonResponse))
})

It("should set Devices option", func() {
It("should set Devices and PidLimit option", func() {
body := []byte(`{
"Image": "test-image",
"HostConfig": {
"Devices": [{"PathOnHost": "/dev/null", "PathInContainer": "/dev/null", "CgroupPermissions": "rwm"},{"PathOnHost": "/var/lib", "CgroupPermissions": "ro"}]
"Devices": [{"PathOnHost": "/dev/null", "PathInContainer": "/dev/null", "CgroupPermissions": "rwm"},{"PathOnHost": "/var/lib", "CgroupPermissions": "ro"}],
"PidsLimit": 200
}
}`)
req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))

// expected create options
createOpt.Device = []string{"/dev/null:/dev/null:rwm", "/var/lib:ro"}
createOpt.PidsLimit = 200

service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return(
cid, nil)
Expand Down
1 change: 1 addition & 0 deletions api/types/container_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ type ContainerHostConfig struct {
Ulimits []*Ulimit // List of ulimits to be set in the container
BlkioWeight uint16 // Block IO weight (relative weight vs. other containers)
Devices []DeviceMapping // List of devices to map inside the container
PidsLimit int64 // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change.
// Mounts specs used by the container
// TODO: Mounts []mount.Mount `json:",omitempty"`

Expand Down

0 comments on commit f078306

Please sign in to comment.