Resource isolation between hyper-created VMs.

[erictune]

In a multi-tenant environment, there should be resource isolation between VMs created by hyper.

The most obvious way to do this, to me at least, is to run each VM that is created by hyper within a different host-OS cgroup.

One way to do this is to give the hyper run command an argument like --into_cgroup=path, and then when hyperd starts the process(es) that are the VM, it puts those into --into_cgroup. I think this works for KVM. I don't know the other hypervisors well enough to know how well it works for them: if they have a single shared support process for multiple VMs, then resource charging won't work right.

[gnawux]

Hi @erictune ,

Yes, there is some resource limit, quota, and QoS issue to solve, and cgroup is one of the frequently used methods. We are preparing to integrate Hyper with kubernetes and other DCOS, and will introduce those resource restriction methods then.

Thank you.

[halacs]

Hi @gnawux ,

Are there any progress on this resource isolation issue? I am gathering info about the resource management of HyperContainer.

You mentioned Kubernetes as well. Does Kubernetes already have these capabilities? hyperctl seems don't have similar command line argument than the above mentioned.

Thanks for your answer!

[gnawux]

Hi @halacs

The when use libvirt as a hypervisor driver, we could use the functionalities of it. However, we have not integrated such codes in the current code.