Remove the deprecated '--kernel-memory' option

[aiordache]

Ignore the kernel memory option if set in HostConfig on container create.
We keep the option in the API ( for the containers/create and /info endpoints) until the next API version release but ignore any value it is set to.

root@80b7d3e03521:~# curl --unix-socket /var/run/docker.sock -H "Content-Type: application/json" -d '{"Image": "alpine", "Cmd": ["echo", "hello world"], "HostConfig": {"KernelMemory": 299900}}' -X POST http://localhost/v1.41/containers/create
{"Id":"4d8537d9cee548938492d489b7d8394b46ae75992d89875fbf2b33971762a552","Warnings":["Specifying a kernel memory limit is not supported anymore."]}

root@80b7d3e03521:~# docker inspect 4d8537d9cee5
[
    {
        "Id": "4d8537d9cee548938492d489b7d8394b46ae75992d89875fbf2b33971762a552",
....
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
....

root@80b7d3e03521:~# curl -s --unix-socket /var/run/docker.sock http://localhost/info | jq .| grep KernelMemory
  "KernelMemory": false,
  "KernelMemoryTCP": false,

[tianon]

This message seems inaccurate here -- to give this warning, shouldn't it check sysInfo.KernelMemory first like it did previously? Alternatively, perhaps we don't warn about kernel support at all, given we're going to ignore the container setting entirely?

[tianon]

Just to thread the needle a little bit, this is related to opencontainers/runtime-spec#1093 and opencontainers/runc#2840.

[thaJeztah]

Just to thread the needle a little bit, this is related to opencontainers/runtime-spec#1093 and opencontainers/runc#2840.

Yes; also related to opencontainers/runc#3174 (which makes things more complicated)

FWIW; I discussed with @aiordache to change this implementation to

• ignore the option in the API for API 1.42 and up (instead of removing it everywhere)
• remove the"your host does not support ..." warnings (which this PR also does)
• update the API documentation (swagger) for 1.42 to remove mention of the field, and to warn users that the "kernel-memory-tcp" is supported by the API but won't take effect (depending on the version of runc and/or OCI runtime being used, see below).

I had a draft branch where I started working on this, (master...thaJeztah:remove_kmem_options) which is when I found out that kmem.tcp was not deprecated in the kernel, so runc (and the spec to an extend) had been a bit too optimistic deprecating the options.

So now we're in a situation where;

• we deprecated the --kernel-memory option, but did NOT (yet?) deprecate --kernel-memory-tcp
• runc v1.0.0 removed both (so even if we would set them, they would take no effect)
• other runtimes MAY still support them (as well as older versions of runc)
• the runtime spec "discourages" both

So what's the best approach here?

1. Fully remove the --kernel-memory option (current implementation in this PR); technically "incorrect" as we'd be modifying older API versions (which should be considered "frozen")
2. Ignore the --kernel-memory option for API 1.42 and up (proposed change), knowing that current runc versions will ignore it (but other runtimes may still support it, so keeping that use-case)
3. same as 1. or 2. but for both --kernel-memory and --kernel-memory-tcp (problem: we didn't announce the latter one to be deprecated)
4. do 1. or 2., but un-deprecate the --kernel-memory-tcp in runc (TBD: Should memory.kmem.tcp.limit_in_bytes still be supported? opencontainers/runc#3174 - it's not 100% clear to me if re-introducing that option also brings back the problems with the broken 3.10 RHEL kernels)

[thaJeztah]

Arf; of course it helps if I actually submit my review 😂

Looks good; some minor nits:

• the first commit message has a typo (s/KernelMemeory/KernelMemory/)
• perhaps you can squash at least the first two commits (I think those should go together)
• could you add a bullet to https://github.com/moby/moby/blob/master/docs/api/version-history.md to mention the field has been removed from the API and will be ignored for API v1.42 and above?

[thaJeztah]

LGTM

[thaJeztah]

@tianon ptal

[tianon]

Given runc is now ignoring this value, I'm not sure I understand why we're working so hard to pretend it really is still supported on the older API levels? Wouldn't it be more useful for users to bubble up that it's not going to do anything, even retroactively?

[tianon]

Isn't the change over in pkg/sysinfo/sysinfo_linux.go deleting the code that sets this value? (So this will never be invoked?)

[thaJeztah]

Ahm, yes, you're right; I mistook that one for the /info endpoint (which uses that information)

I guess instead, the systemInfo() endpoint would have to be updated to reset the field in the response for API >= 1.42 (and the field to have omitempty)

moby/api/server/router/system/system_routes.go

Lines 46 to 47 in 0fdd23b

	func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
	info := s.backend.SystemInfo()

[thaJeztah]

Given runc is now ignoring this value, I'm not sure I understand why we're working so hard to pretend it really is still supported on the older API levels? Wouldn't it be more useful for users to bubble up that it's not going to do anything, even retroactively?

The main train of thought here was that;

• we (at least so far tried to) don't change existing APIs
• runtimes other than runc may still support it (although admittedly, they'd be living on borrowed time as the kernel removed support for this)

[tianon]

Discussed in maintainers meeting -- approach seems fair enough to me. 👍

[thaJeztah]

Need to double check #42854 (comment) - let me do so tomorrow and let you know 😅

[thaJeztah]

Looks like this should check if resources.KernelMemory > 0, otherwise this will produce an error if it's reset above (line 468)

[thaJeztah]

For those arriving here; this was carried, and merged through #43214