Container Service for Kubernetes:Differences between runC containers and Sandboxed-Container (runV) containers

Pod overhead in runV

Every runV pod carries a memory overhead to run the lightweight VM and its guest components.

The formula is: pod overhead memory = 64 MiB + pod memory request × 2%, capped at 512 MiB and floored at 64 MiB.

The total memory visible inside a runV pod equals the pod memory request plus the pod overhead, minus a small amount consumed by the system. The CPU count inside the pod also differs from the host.

Limitations of runV

The following features are not supported when using runV:

• RootFS I/O throttling: cgroup-based I/O throttling is not available for the rootfs.

• Disk mounting: Persistent disk volumes cannot be directly mounted.

• Direct log collection: Logtail cannot collect logs directly from the node. Use Logtail Sidecar instead.

Prerequisites

Before you begin, ensure that you have:

• Connected to the cluster using kubectl

Create the pod

1. Run the following command to create a pod that uses runC:

   Note

   Setting runtimeClassName: runc is optional. runC is the default container runtime.

   cat <<EOF | kubectl create -f -
   apiVersion: v1
   kind: Pod
   metadata:
     name: busybox-runc
     labels:
       app: busybox-runc
   spec:
     containers:
     - name: busybox
       image: registry.cn-hangzhou.aliyuncs.com/acs/busybox:v1.29.2
       command:
       - tail
       - -f
       - /dev/null
       resources:
         limits:
           cpu: 1000m
           memory: 512Mi
         requests:
           cpu: 1000m
           memory: 512Mi
   EOF

Prerequisites

Before you begin, ensure that you have:

• Connected to the cluster using kubectl

Create the pod

1. (Optional) Verify that a RuntimeClass object named runv exists in the cluster:

   kubectl get runtimeclass runv -o yaml

   Note

   A RuntimeClass object named runv is automatically created in any ACK cluster that uses Sandboxed-Container.

2. Run the following command to create a pod that uses runV:

   Important

   For Kubernetes versions earlier than 1.16, the nodeSelector field is required. For version 1.16 and later, it is not required.

   cat <<EOF | kubectl create -f -
   apiVersion: v1
   kind: Pod
   metadata:
     name: busybox-runv
     labels:
       app: busybox-runv
   spec:
     runtimeClassName: runv
     nodeSelector:
       alibabacloud.com/container-runtime: Sandboxed-Container.runv
     containers:
     - name: busybox
       image: registry.cn-hangzhou.aliyuncs.com/acs/busybox:v1.29.2
       command:
       - tail
       - -f
       - /dev/null
       resources:
         limits:
           cpu: 1000m
           memory: 512Mi
         requests:
           cpu: 1000m
           memory: 512Mi
   EOF

3. Verify that the pod is running in a sandbox:

   kubectl get pod busybox-runv -o jsonpath={.spec.runtimeClassName}

   If the output includes runv, the pod is running in a sandbox.

4. Log in to the pod and check its CPU and memory configuration:

   kubectl exec -ti pod busybox-runv /bin/sh
   / # cat /proc/meminfo | head -n1
   MemTotal:        1130692 kB
   / # cat /proc/cpuinfo | grep processor
   processor    : 0

   The CPU count inside the pod differs from the host. The total memory equals the pod memory plus the pod overhead, and is slightly smaller because the system uses some memory.