func generateMemoryIsolator(t *testing.T, request, limit string) appctypes.Isolator { memory, err := appctypes.NewResourceMemoryIsolator(request, limit) if err != nil { t.Fatalf("Error generating memory resource isolator", err) } return memory.AsIsolator() }
func (aml *appMemoryLimit) Set(s string) error { app := (*apps.Apps)(aml).Last() if app == nil { return fmt.Errorf("--memory must follow an image") } isolator, err := types.NewResourceMemoryIsolator(s, s) if err != nil { return err } // Just don't accept anything less than 4Ki. It's not reasonable and // it's most likely a mistake from the user, such as passing // --memory=16m (milli-bytes!) instead of --memory=16M (megabytes). if isolator.Limit().Value() < 4096 { return fmt.Errorf("memory limit of %d bytes too low. Try a reasonable value, such as --memory=16M", isolator.Limit().Value()) } app.MemoryLimit = isolator return nil }
// setIsolators sets the apps' isolators according to the security context and resource spec. func setIsolators(app *appctypes.App, c *api.Container, ctx *api.SecurityContext) error { var isolators []appctypes.Isolator // Capabilities isolators. if ctx != nil { var addCaps, dropCaps []string if ctx.Capabilities != nil { addCaps, dropCaps = securitycontext.MakeCapabilities(ctx.Capabilities.Add, ctx.Capabilities.Drop) } if ctx.Privileged != nil && *ctx.Privileged { addCaps, dropCaps = allCapabilities(), []string{} } if len(addCaps) > 0 { set, err := appctypes.NewLinuxCapabilitiesRetainSet(addCaps...) if err != nil { return err } isolators = append(isolators, set.AsIsolator()) } if len(dropCaps) > 0 { set, err := appctypes.NewLinuxCapabilitiesRevokeSet(dropCaps...) if err != nil { return err } isolators = append(isolators, set.AsIsolator()) } } // Resources isolators. type resource struct { limit string request string } resources := make(map[api.ResourceName]resource) for name, quantity := range c.Resources.Limits { resources[name] = resource{limit: quantity.String()} } for name, quantity := range c.Resources.Requests { r, ok := resources[name] if !ok { r = resource{} } r.request = quantity.String() resources[name] = r } for name, res := range resources { switch name { case api.ResourceCPU: cpu, err := appctypes.NewResourceCPUIsolator(res.request, res.limit) if err != nil { return err } isolators = append(isolators, cpu.AsIsolator()) case api.ResourceMemory: memory, err := appctypes.NewResourceMemoryIsolator(res.request, res.limit) if err != nil { return err } isolators = append(isolators, memory.AsIsolator()) default: return fmt.Errorf("resource type not supported: %v", name) } } mergeIsolators(app, isolators) return nil }