Ignore sidecar container resource requests - Container Compute Service

Alibaba Cloud Container Compute Service (ACS) allows you to use sidecar containers to achieve a DaemonSet-like effect. To avoid increasing pod resource consumption and enable resource sharing between sidecar containers and application containers, you can configure scheduling policies to ignore the resource requests of specific sidecar containers. This topic describes how to configure scheduling policies to ignore the resource requests of specific containers in an ACS cluster.

Feature description

ACS clusters do not support DaemonSets due to the limits of virtual nodes. To achieve a DaemonSet-like effect, you can add sidecar containers to pods in ACS clusters. In addition, ACS allows you to ignore the resource requests of a sidecar container by adding an environment variable to the configurations of the container. This way, when the ACS cluster adjusts and schedules resources, the system ignores the resource requests of the sidecar container. When the system runs the pod, the system allocates resources to the pod based on the resources.requests and resources.limits parameter of other containers in the pod. This ensures resource sharing and isolation between the sidecar container and other containers in the pod.

Important

If the system ignores the resource requests of a sidecar container, the sidecar container reuses the resources allocated to other containers in the pod. If the resources allocated to other containers in the pod become insufficient, the CPU usage of the sidecar container is reduced and out of memory (OOM) errors may occur in the sidecar container.

Configuration description

To ignore the resource requests of a container, add the __IGNORE_RESOURCE__ environment variable to the container configuration and set the value to true.

Sample configuration

Create a file named test-ignore.yaml and copy the following content to the file:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-ignore
  labels:
    app: test
spec:
  replicas: 1 
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      containers:
      - name: app
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/busybox:1.28
        command: ["/bin/sh", "-c", "sleep 999"]
        resources:
          requests:
            cpu: 1
            memory: 2Gi
      - name: sidecar
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/busybox:1.28
        command: ["/bin/sh", "-c", "sleep 999"]
        resources:
          requests:
            cpu: 0.25
            memory: 0.5Gi

This YAML file is used to create a Deployment that contains one replicated pod. The pod contains two containers, each of which is configured with resource requests.

Run the following command to create the Deployment:
```
kubectl apply -f test-ignore.yaml
```
Run the following command to query information about the pod and view the resource configurations of the pod after adjustment:
```
kubectl get pod <pod-name> -o yaml | grep alibabacloud.com/pod-use-spec
```
Expected output:
```
alibabacloud.com/pod-use-spec: 2-4Gi
```
The output shows that the pod after adjustment occupies 2 vCPUs and 4 GiB of memory when the resource requests of the sidecar container are not ignored.

Modify the sidecar container configurations in the test-ignore.yaml file based on the following code block. The following code block adds an environment variable to ignore the resource requests of the sidecar container.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-ignore
.....
      - name: sidecar
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/busybox:1.28
        command: ["/bin/sh", "-c", "sleep 999"]
        env:
        - name: __IGNORE_RESOURCE__
          value: "true"
        resources:
          requests:
            cpu: 0.25
            memory: 0.5Gi

Run the following command to update the Deployment:
```
kubectl apply -f test-ignore.yaml
```
Run the following command again to query information about the pod and view the resource configurations of the pod after adjustment:
```
kubectl get pod <pod-name> -o yaml | grep alibabacloud.com/pod-use-spec
```
The output shows that the pod after adjustment occupies 1 vCPU and 2 GiB of memory when the resource requests of the sidecar container are ignored.
Check the CPU weights of the running containers.
1. Run the following command to log on to the app container and query the CPU weight of the app container:
```
kubectl exec -ti <pod-name> -c app -- cat /sys/fs/cgroup/cpu/cpu.shares
```
  Expected output:
```
1024
```
2. Run the following command to log on to the sidecar container and query the CPU weight of the sidecar container:
```
kubectl exec -ti <pod-name> -c sidecar -- cat /sys/fs/cgroup/cpu/cpu.shares
```
  Expected output:
```
256
```
  The output shows that the ratio of the CPU shares used by the app container to the CPU shares used by the sidecar container is 4:1.

Note

If you set the resources.requests parameter of the sidecar container to 0, the pod after adjustment occupies 1 vCPU and 2 GiB of memory. However, the CPU share ratio of the running app container to the running sidecar container is much larger than 4:1 and cannot be adjusted to a proper value.

The following table describes the resource adjustment and resource isolation results for different pod resource configurations.

sidecar configuration	app vs sidecar CPU shares	Pod resource
ignore_resource=false CPU request=0.25c	4:1	2c4g
ignore_resource=false CPU request=0c	512:1	1c2g
ignore_resource=true CPU request=0.25c	4:1	1c2g