runtime-rs: port patches from go shim to rust shim#54
Closed
TheRayquaza wants to merge 3 commits into
Closed
Conversation
TheRayquaza
force-pushed
the
mateo.lelong/datadog-rust-ports
branch
from
b46e687 to
bca9f07
Compare
Author
🧪 Tests - Rust Shim PatchNodes tested:
|
Author
Test B1 - Netkit endpoint (pod starts + routing check)
apiVersion: v1
kind: Pod
metadata:
name: kata-val-b2
namespace: default
spec:
nodeName: us3-staging-dog-arbok-90eec5c94014646d000003
runtimeClassName: kata-qemu-runtime-rs
containers:
- name: test
image: registry.ddbuild.io/images/base/gbi-ubuntu_2204:release
command: ["sleep", "3600"] Verify: kubectl apply -f kata-val-b2-netkit.yaml
kubectl wait --for=condition=Ready pod/kata-val-b2 --timeout=120s
# Check routing table inside VM
kubectl exec kata-val-b2 -- cat /proc/net/route
# Check kata shim logs on node for netkit detection
ssh us3-staging-dog-arbok-90eec5c94014646d000003 \
"journalctl -u containerd --since '5 minutes ago' | grep -i netkit | tail -10"
kubectl delete pod kata-val-b2 --ignore-not-found Pass signals:
root@us3-staging-dog-arbok-90eec5c94014646d000003:/home/ddeng# journalctl -u containerd --since '5 minutes ago' | grep -i netkit | tail -10
Apr 09 12:25:53 us3-staging-dog-arbok-90eec5c94014646d000003 kata[51438]: netkit network interface found: eth0
Apr 09 12:25:53 us3-staging-dog-arbok-90eec5c94014646d000003 kata[51438]: network info NetworkInfoFromLink { interface: Interface { device: "eth0", name: "eth0", ip_addresses: [IPAddress { family: V4, address: "10.192.210.50", mask: "32" }], mtu: 1500, hw_addr: "00:00:00:00:00:00", device_path: "", field_type: "netkit", raw_flags: 128 }, neighs: [], routes: [Route { dest: "", gateway: "10.192.210.41", device: "eth0", source: "", scope: 0, family: V4, flags: 0, mtu: 1500 }, Route { dest: "10.192.210.41", gateway: "", device: "eth0", source: "", scope: 253, family: V4, flags: 0, mtu: 0 }, Route { dest: "", gateway: "10.192.210.41", device: "eth0", source: "", scope: 0, family: V4, flags: 0, mtu: 1500 }, Route { dest: "10.192.210.41", gateway: "", device: "eth0", source: "", scope: 253, family: V4, flags: 0, mtu: 0 }] }
|
Author
Test A1 - CPU shares fallback (shares→2 vCPU)
apiVersion: v1
kind: Pod
metadata:
name: kata-val-a2
namespace: default
spec:
nodeName: us3-staging-dog-arbok-90eec5c94014646d000003
runtimeClassName: kata-qemu-runtime-rs
containers:
- name: test
image: registry.ddbuild.io/images/base/gbi-ubuntu_2204:release
command: ["sleep", "3600"]
resources:
requests:
cpu: "2" Pass signals:
root@kata-val-a2:/# nproc
2Some logs from containerd: |
Author
Test A2 - CPU shares fallback (with limits set)
apiVersion: v1
kind: Pod
metadata:
name: kata-val-a2
namespace: default
spec:
nodeName: us3-staging-dog-arbok-90eec5c94014646d000003
runtimeClassName: kata-qemu-runtime-rs
containers:
- name: test
image: registry.ddbuild.io/images/base/gbi-ubuntu_2204:release
command: ["sleep", "3600"]
resources:
requests:
cpu: "2"
limits:
cpu: "4" Pass signals:
root@kata-val-a3:/# nproc
2 |
Author
Test C2 - Invalid annotation JSONapiVersion: v1
kind: Pod
metadata:
name: kata-val-e3
namespace: default
annotations:
io.katacontainers.volume.block-mounts: "not valid json {"
spec:
nodeName: us3-staging-dog-arbok-90eec5c94014646d000003
runtimeClassName: kata-qemu-runtime-rs
containers:
- name: test
image: registry.ddbuild.io/images/base/gbi-ubuntu_2204:release
command: ["sleep", "3600"] Pass signals:
|
Author
Test C1 - Block annotation mounts
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kata-val-e1-pvc-2
namespace: default
spec:
accessModes: [ReadWriteOnce]
volumeMode: Block
storageClassName: ephemeral-premium-v2-lrs
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Pod
metadata:
name: kata-val-e1-2
namespace: default
annotations:
io.katacontainers.volume.block-mounts: |
{"/dev/block-vol": {"mount": "/data", "fstype": "ext4", "options": ["rw"]}}
spec:
nodeName: us3-staging-dog-arbok-90eec5c94014646d000003
runtimeClassName: kata-qemu-runtime-rs
containers:
- name: test
image: registry.ddbuild.io/images/base/gbi-ubuntu_2204:release
command: ["sleep", "3600"]
volumeDevices:
- name: block-storage
devicePath: /dev/block-vol
volumes:
- name: block-storage
persistentVolumeClaim:
claimName: kata-val-e1-pvc-2 Pass signals:
After formatting a block device using another pod in root with dog@kata-val-e1-2:/$ ls /data/
lost+found |
TheRayquaza
changed the title
Port the Go runtime netkit endpoint to runtime-rs. Add NetkitEndpoint modeled after VethEndpoint with L3-mode detection. Handle InfoKind::Netkit and InfoData::Netkit in link_info() to avoid "unsupported link type: device" errors on netkit interfaces (kernel sends [Kind, Data] in LIFO order via pop(), Data arm must be handled before Kind fires). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When sandbox-cpu-quota/period annotations are zero (CFS disabled or no limits set), fall back to sandbox-cpu-shares/1024 to size the microVM vCPUs, mirroring Go's CalculateCPUsF(quota, period, shares). Also wire the computed vCPU count into hv.cpu_info.default_vcpus in setup_config so it is actually applied to the hypervisor (previously only logged). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Parse io.katacontainers.volume.block-mounts annotation and convert matching volumeDevices into agent Storage objects, enabling block device annotation mounts in the Rust shim, mirroring the Go runtime behavior. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
TheRayquaza
force-pushed
the
mateo.lelong/datadog-rust-ports
branch
from
bca9f07 to
f790c54
Compare
TheRayquaza
changed the title
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
NetkitEndpointmodeled afterVethEndpointwith L3-mode detection (missing MAC address → clear error).shares / 1024), mirroring Go'sCalculateCPUsF().io.katacontainers.volume.block-mountsannotation and convert matchingvolumeDevicesinto agentStorageobjects, enabling block device passthrough via annotation.Motivation
These are direct ports of existing Go runtime patches to keep the Rust shim at feature parity with the Go runtime for Datadog's use cases.
Test plan
resources.requests.cpu(no limit) gets correct vCPU countio.katacontainers.volume.block-mountsannotation correctly provisions block storage