1

Stats found in cgroup files on the host, are they reliable if the container does not share the kernel with the host?

I'm asking this because while it was reliable with docker, with multiple runtimes being supported by K8s - some that offer containers with their own kernels, should I rely on the runtime daemons for stats or can I bypass them and still look at cgroup files.

Rico
  • 58,485
  • 12
  • 111
  • 141
Sam Thomas
  • 647
  • 7
  • 25

1 Answers1

1

If you are referring to Kata Containers with Docker and Kubernetes the short answer is yes. Make sure you configure sandbox_cgroup_only=true to get the accurate stats.

Also, make sure you use Kata Containers 1.11.0 or later as the cgroups implementation fix went into that version. Kata Containers creates its own cgroups in the Kernel running in the VM but that matches what's created at the host level. The resources for these cgroups created at the host level are not used, but rather the resources allocated by the VMM. Some more info here.

Rico
  • 58,485
  • 12
  • 111
  • 141
  • Yes to using daemon or can parse cgroups - but conditionally? – Sam Thomas Jun 24 '20 at 04:24
  • Can you elaborate what you mean by conditionally? – Rico Jun 24 '20 at 04:31
  • Sorry, jumped the gun. So the host cgroup would only show the vm limits like i thought and inside that vm. So to get info about all of it from one place - daemons are the best bet. am I right? The sandbox_cgroup_only=true kinda made me think that it you could see it on the host somehow – Sam Thomas Jun 24 '20 at 05:03
  • > So to get info about all of it from one place - daemons are the best bet. am I right? -- Correct – Rico Jun 24 '20 at 14:35