To avoid noise in sampling CPU usage metrics, we now sample the system
usage closer to the actual response from the underlying runtime. Because
the response from the runtime may be delayed, this makes the sampling
more resilient in loaded conditions. In addition to this, we also
replace the tick with a sleep to avoid situations where ticks can backup
under loaded conditions.
The trade off here is slightly more load reading the system CPU usage
for each container. There may be an optimization required for large
amounts of containers but the cost is on the order of 15 ms per 1000
containers. If this becomes a problem, we can time slot the sampling,
but the complexity may not be worth it unless we can test further.
Unfortunately, there aren't really any good tests for this condition.
Triggering this behavior is highly system dependent. As a matter of
course, we should qualify the fix with the users that are affected.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit fd0e24b7189374e0fe7c55b6d26ee916d3ee1655)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Binary installation was broken after the
hack/dockerfile/install-binaries script was removed.
This remedies that.
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
(cherry picked from commit 59164bedeab571029805a107e8e5a32fc9cd56b3)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Ingress network should not be attachable
Ingress network is a special network used only to expose
ports. For this reason the network cannot be explicitly
attached during service create or service update
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With the inclusion of PR 30897, creating service for host network
fails in 18.02. Modified IsPreDefinedNetwork check and return
NetworkNameError instead of errdefs.Forbidden to address this issue
Signed-off-by: selansen <elango.siva@docker.com>
(cherry picked from commit 7cf8b20762cc9491f52ff3f3d94c880378183696)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fix runc exec on big-endian, causing:
container_linux.go:265: starting container process caused "open /dev/pts/4294967296: no such file or directory"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit aab5eaddccb8cb196fdb1e285890dfa94a071b14)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Release notes: https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc5
Possibly relevant changes included:
- chroot when no mount namespaces is provided
- fix systemd slice expansion so that it could be consumed by cAdvisor
- libcontainer/capabilities_linux: Drop os.Getpid() call
- Update console dependency to fix runc exec on BE (causing: `container_linux.go:265: starting container process caused "open /dev/pts/4294967296: no such file or directory"`)
- libcontainer: setupUserNamespace is always called (fixes: Devices are mounted with wrong uid/gid)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a2f5a1a5b2d77d694c5bd47798be15b3c0bcdf70)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Originally I worked on this for the multi-stage build Dockerfile
changes. Decided to split this out as we are still waiting for
multi-stage to be available on CI and rebasing these is pretty annoying.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit b529d1b0936b90ae14d584c73f7332919f8d76b7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 2b17f4c8a8 fixed the way empty labels
are taken into account (i.e. not interpolated from environment variable),
but it created a regression.
`ValidateLabel` functions doesn't allow empty label value, but it has
always been possible to pass an empty label via the cli (`docker run --label foo`).
This fixes that by not validating the label flag.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 31dc5c0a9a)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 00d409f03ed825f623b6ef8ec5a3a91cd26194c2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Remove TestBuildRenamedDockerfile and TestBuildDockerfileOutsideContext
that are cli-only tests (and already tested in the docker/cli
repository).
Also adds some comments on few tests that could be migrate to
docker/cli.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 894c213b3bd6f4d8f344837b5b5084360a013680)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 847b610620a8b8294d61c717d3c4aa13cb7a8b33)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
