+
Skip to content

Make ContainerCreateTimeout configurable at runtime handler level #9499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Make ContainerCreateTimeout configurable at runtime handler level #9499

wants to merge 6 commits into from
+176 −32

Conversation

snir911
Copy link
Contributor

@snir911 snir911 commented Oct 5, 2025
edited by bitoku
Loading

This allows different runtime handlers to have different container creation timeouts,
useful for VM-based runtimes that may need longer timeouts than OCI runtimes.

What type of PR is this?

/kind feature

What this PR does / why we need it:

Fixes #9151 and additional minor fixes

Which issue(s) this PR fixes:

Fixes #9151

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Added `container_create_timeout` option to control timeout duration of container creation

@openshift-ci openshift-ci bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Oct 5, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 5, 2025

Hi @snir911. Thanks for your PR.

I'm waiting for a cri-o member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Oct 5, 2025
@codecov Codecov
Copy link

codecov bot commented Oct 5, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 37.20930% with 27 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.97%. Comparing base (7a2820a) to head (a0408f0).
⚠️ Report is 18 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9499      +/-   ##
==========================================
- Coverage   67.04%   66.97%   -0.08%     
==========================================
  Files         202      202              
  Lines       28159    28255      +96     
==========================================
+ Hits        18880    18924      +44     
- Misses       7702     7739      +37     
- Partials     1577     1592      +15
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

snir911 added 6 commits October 9, 2025 12:11
@snir911
Make ContainerCreateTimeout configurable at runtime handler level
9b9e019 
This allows different runtime handlers to have different container creation timeouts,
useful for VM-based runtimes that may need longer timeouts than OCI runtimes.

Signed-off-by: Snir Schreiber <ssheribe@redhat.com>
Fixes: cri-o#9151
@snir911
Add context timeout to task.Create in runtime_vm.go
67d7e39 
Previously, r.task.Create() used r.ctx (background context) which had no timeout,
this may cause the goroutine to continue running even after the select timeout was reached.

Signed-off-by: Snir Schreiber <ssheribe@redhat.com>
@snir911
Improve returned error text at CreateContainer failure
28a8ad5 
Signed-off-by: Snir Schreiber <ssheribe@redhat.com>
@snir911
Simplify runtimeVM struct by removing redundant fields
d727fb6 
This eliminates duplication and makes the struct cleaner with a single
source of truth for configuration values from the handler.

Signed-off-by: Snir Schreiber <ssheribe@redhat.com>
@snir911
Add documentation for container_create_timeout configuration option
b932a5b 
- Add container_create_timeout to crio.conf.5.md man page documentation
- Add container_create_timeout to configuration template in template.go

Signed-off-by: Snir Schreiber <ssheribe@redhat.com>
@snir911
test: add tests for ContainerCreateTimeout configurability
a0408f0 
- Add ValidateContainerCreateTimeout unit tests covering:
  * Default timeout when not configured (240s)
  * Valid configured timeout values
  * Minimum timeout enforcement (30s)
  * Zero and negative value handling
  * Large timeout values
  * Different timeouts per runtime handler

Fixes: cri-o#9151
Signed-off-by: Snir Schreiber <ssheribe@redhat.com>
@snir911 snir911 marked this pull request as ready for review October 9, 2025 10:33
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 9, 2025
@openshift-ci openshift-ci bot requested review from QiWang19 and hasan4791 October 9, 2025 10:33
@fidencio
Copy link
Contributor

fidencio commented Oct 9, 2025

@snir911, what happens when the ContainerCreateTimeout is set to, let's say, 600 (10 minutes), but kubelet's runtimeRequestTimeout is lower than that?

What I think that would happen is that kubelet's runtimeRequestTimeout would be the value respected in this case, which makes me think it's at least worth it adding to the documentation that the value set here depends also on the kubelet's value.

@snir911
Copy link
Contributor Author

snir911 commented Oct 9, 2025

That's right, I'll mention it, thanks @fidencio !

littlejawa
littlejawa approved these changes Oct 9, 2025
View reviewed changes
Copy link
Contributor

@littlejawa littlejawa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @snir911 !

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 9, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 9, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: littlejawa, snir911
Once this PR has been reviewed and has the lgtm label, please assign mrunalp for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@bitoku
Copy link
Contributor

bitoku commented Oct 10, 2025

/ok-to-test

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 10, 2025
bitoku
bitoku reviewed Oct 10, 2025
View reviewed changes
docs/crio.conf.5.md
If that is also not specified, then the internal default seccomp profile will be used.

**container_create_timeout**=240
The timeout for container creation operations in seconds. If not set, defaults to 240 seconds. If set to a value less than 30 seconds, it will be automatically adjusted to 30 seconds (the minimum allowed value). This allows different runtime handlers to have different container creation timeouts, which is useful for VM-based runtimes that may need longer timeouts than OCI runtimes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want it to mention about runtimeRequestTimeout in kubelet, and its document link if any.

internal/oci/runtime_vm.go
}

containerIO, err := r.createContainerIO(ctx, c, cio.WithNewFIFOs(r.fifoDir, c.terminal, c.stdin))
containerIO, err := r.createContainerIO(ctx, c, cio.WithNewFIFOs(filepath.Join(r.handler.RuntimeRoot, "crio", "fifo"), c.terminal, c.stdin))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make a function to create this fifo path.

@bitoku
Copy link
Contributor

bitoku commented Oct 10, 2025

/release-note-edit

Added `container_create_timeout` option to control timeout duration of container creation

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 10, 2025

@bitoku: /release-note-edit must be used with a single release note block.

In response to this:

/release-note-edit

Added `container_create_timeout` option to control timeout duration of container creation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Oct 10, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 10, 2025

@snir911: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ci-e2e a0408f0 link true /test ci-e2e
ci/prow/e2e-gcp-ovn a0408f0 link true /test e2e-gcp-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bitoku bitoku bitoku left review comments

@fidencio fidencio Awaiting requested review from fidencio fidencio is a code owner

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@hasan4791 hasan4791 Awaiting requested review from hasan4791

@QiWang19 QiWang19 Awaiting requested review from QiWang19

+1 more reviewer

@littlejawa littlejawa littlejawa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@littlejawa littlejawa

Labels

dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make ContainerCreateTimeout configurable

4 participants

@snir911 @fidencio @bitoku @littlejawa
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载