virtcontainers: Add support for ephemeral volumes

[harche]

Ephemeral volumes should not be passed at 9pfs mounts.
They should be created inside the VM.

This patch disables ephemeral volumes from getting
mounted as 9pfs from the host and instead a corresponding
tmpfs is created inside the VM.

Fixes : #61

Signed-off-by: Harshal Patil harshal.patil@in.ibm.com

[katacontainersbot]

PSS Measurement:
Qemu: 170751 KB
Proxy: 4692 KB
Shim: 8828 KB

Memory inside container:
Total Memory: 2045968 KB
Free Memory: 2007096 KB

[harche]

This PR implements the discussion #443 to avoid using devices at sandbox level.

[WeiZhang555]

The design looks good to me, but need changes from kata-agent before we can merge this.

[bergwolf]

@harche It seems that the PR works w/o agent change, right? The missing piece in kata agent is just the ref counting part but tmpfs handling is already there.

[harche]

@bergwolf @WeiZhang555 This PR works w/o agent change.

[harche]

@WeiZhang555 Since this PR works without any changes in kata-agent, I think once I fix the CI issues around cyclomatic complexities it can be merged.

Also, I think I can close #307, as we aren't going to pursue that path anymore. What do you guys think? @WeiZhang555 @bergwolf

[sboeuf]

Thanks for reworking this @harche.
This looks good to me, I have only one comment but this could be addressed in a separate PR as part of some refactoring.

[sboeuf]

I think we need to define the type ephemeral (as other types) inside a separate package that can be imported both from the agent and the runtime. This can be done in a follow up PR, but this would be better than simply hardcode the type at each end of the chain (runtime on one side, and the agent on the other side.)

[katacontainersbot]

PSS Measurement:
Qemu: 162611 KB
Proxy: 5103 KB
Shim: 8848 KB

Memory inside container:
Total Memory: 2045968 KB
Free Memory: 2007384 KB

[codecov]

Codecov Report

Merging #458 into master will increase coverage by 0.08%.
The diff coverage is 39.13%.

@@            Coverage Diff             @@
##           master     #458      +/-   ##
==========================================
+ Coverage   64.16%   64.25%   +0.08%     
==========================================
  Files          87       87              
  Lines        8942     8969      +27     
==========================================
+ Hits         5738     5763      +25     
- Misses       2584     2586       +2     
  Partials      620      620

Impacted Files	Coverage Δ
virtcontainers/kata_agent.go	31.86% <0%> (+1.09%)	⬆️
cli/utils.go	100% <100%> (ø)	⬆️
cli/create.go	80.45% <50%> (+0.69%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 545fe0c...b821a5d. Read the comment docs.

[WeiZhang555]

@harche It seems that the PR works w/o agent change, right? The missing piece in kata agent is just the ref counting part but tmpfs handling is already there.

I believe it can work w/o agent change, as @bergwolf described, we need a reference counter in kata-agent to mark when the "ephemeral" volume can be unmounted, without this, the exit of any container could lead to umount of the tmpfs which will break the "ephemeral volume", this could happen when one container in POD failed to start and has to be restarted several times.

[bergwolf]

@harche Could you please fix UT coverage and remove the wip tag? Then the PR is ready to get merged.

[katacontainersbot]

PSS Measurement:
Qemu: 160254 KB
Proxy: 5072 KB
Shim: 8781 KB

Memory inside container:
Total Memory: 2045968 KB
Free Memory: 2007236 KB

[opendev-zuul]

Build succeeded (third-party-check pipeline).

• kata-runsh : SUCCESS in 47m 11s

[katacontainersbot]

PSS Measurement:
Qemu: 162602 KB
Proxy: 4910 KB
Shim: 8850 KB

Memory inside container:
Total Memory: 2045968 KB
Free Memory: 2007212 KB

[opendev-zuul]

Build succeeded (third-party-check pipeline).

• kata-runsh : SUCCESS in 52m 41s

[katacontainersbot]

PSS Measurement:
Qemu: 160507 KB
Proxy: 5022 KB
Shim: 8907 KB

Memory inside container:
Total Memory: 2045968 KB
Free Memory: 2007400 KB

[opendev-zuul]

Build succeeded (third-party-check pipeline).

• kata-runsh : SUCCESS in 52m 25s

[katacontainersbot]

PSS Measurement:
Qemu: 160822 KB
Proxy: 4831 KB
Shim: 8809 KB

Memory inside container:
Total Memory: 2045968 KB
Free Memory: 2007212 KB

[opendev-zuul]

Build succeeded (third-party-check pipeline).

• kata-runsh : SUCCESS in 51m 54s

[bergwolf]

The codecov failure codecov/patch — 39.13% of diff hit (target 64.16%) looks bogus since clearly the patch is already properly tested with UT.

I think we can safely merge this but I want to understand why codecov/patch fails. Looking at https://codecov.io/gh/kata-containers/runtime/commit/b821a5df4c1adb154613b80f981ba16684ed8b80, the change in kata_agent.go is clearly tested by UT but diff coverage reports 0%.

In that case, I would suggest we either remove codecov/patch, or always ignore it during reviewing.

@egernst @sboeuf @jodh-intel @grahamwhaley @WeiZhang555 @gnawux WDYT?

[bergwolf]

Moving codecov/patch discussion to kata-containers/tests/issues/508 so this PR can be merged.