Support direct editing of the intelRdt config

Makefile

@@ -51,7 +51,8 @@ PLUGINS := \
 	$(BIN_PATH)/template \
 	$(BIN_PATH)/wasm \
 	$(BIN_PATH)/network-device-injector \
-	$(BIN_PATH)/network-logger
+	$(BIN_PATH)/network-logger \
+	$(BIN_PATH)/rdt
 
 ifneq ($(V),1)
   Q := @
@@ -122,9 +123,9 @@ $(BIN_PATH)/wasm build/bin/wasm: FORCE
 # test targets
 #
 
-test-gopkgs: ginkgo-tests test-ulimits
+test-gopkgs: ginkgo-tests test-ulimits test-rdt
 
-SKIPPED_PKGS="ulimit-adjuster,device-injector"
+SKIPPED_PKGS="ulimit-adjuster,device-injector,rdt"
 
 ginkgo-tests:
 	$(Q)$(GINKGO) run \
@@ -146,6 +147,9 @@ test-ulimits:
 test-device-injector:
 	$(Q)cd ./plugins/device-injector && $(GO_TEST) -v
 
+test-rdt:
+	$(Q)cd ./plugins/rdt && $(GO_TEST) -v
+
 codecov: SHELL := $(shell which bash)
 codecov:
 	bash <(curl -s https://codecov.io/bash) -f $(COVERAGE_PATH)/coverprofile

README.md

@@ -419,6 +419,7 @@ The following sample plugins exist for NRI:
   - [ulimit adjuster](plugins/ulimit-adjuster)
   - [NRI v0.1.0 plugin adapter](plugins/v010-adapter)
   - [WebAssembly plugin](plugins/wasm)
+  - [RDT](plugins/rdt)
   - [template](plugins/template)
 
 Please see the documentation of these plugins for further details

contrib/kustomize/rdt/base/daemonset.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: nri-plugin-rdt
+spec:
+  template:
+    spec:
+      containers:
+        - name: plugin
+          image: plugin:latest
+          args:
+            - "-idx"
+            - "10"
+          resources:
+            requests:
+              cpu: "2m"
+              memory: "5Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+          volumeMounts:
+            - name: nri-socket
+              mountPath: /var/run/nri/nri.sock
+      volumes:
+        - name: nri-socket
+          hostPath:
+            path: /var/run/nri/nri.sock
+            type: Socket

contrib/kustomize/rdt/base/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+  - daemonset.yaml
+images:
+  - name: plugin
+    newName: ghcr.io/containerd/nri/plugins/rdt
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/name: nri-plugin-rdt

contrib/kustomize/rdt/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - base/
+components:
+  - ../components/image-stable

contrib/kustomize/rdt/unstable/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base/
+components:
+  - ../../components/image-unstable

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/moby/sys/mountinfo v0.6.2
 	github.com/onsi/ginkgo/v2 v2.19.1
 	github.com/onsi/gomega v1.34.0
-	github.com/opencontainers/runtime-spec v1.1.0
+	github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0
 	github.com/opencontainers/runtime-tools v0.9.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.8.4

go.sum

@@ -43,8 +43,8 @@ github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdr
 github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os=
 github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo=
 github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
-github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 h1:RLn0YfUWkiqPGtgUANvJrcjIkCHGRl3jcz/c557M28M=
+github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20221026201742-946c877fa809 h1:WSwkWIIS4s+E/dPF6HuVZ/hnq1WfXN371eESjREnU8k=
 github.com/opencontainers/runtime-tools v0.0.0-20221026201742-946c877fa809/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
 github.com/opencontainers/selinux v1.9.1 h1:b4VPEF3O5JLZgdTDBmGepaaIbAo0GqoF6EBRq5f/g3Y=

pkg/adaptation/adaptation_suite_test.go

@@ -583,6 +583,13 @@ var _ = Describe("Plugin container creation adjustments", func() {
 					return api.FromOCILinuxSeccomp(&seccomp)
 				}(),
 			)
+		case "rdt":
+			if overwrite {
+				a.RemoveLinuxRDT()
+			}
+			a.SetLinuxRDTClosID(p.name)
+			a.SetLinuxRDTSchemata([]string{"L3:0=ff", "MB:0=50"})
+			a.SetLinuxRDTEnableMonitoring(true)
 		}
 
 		return a, nil, nil
@@ -868,6 +875,17 @@ var _ = Describe("Plugin container creation adjustments", func() {
 					},
 				},
 			),
+			Entry("adjust RDT", "rdt",
+				&api.ContainerAdjustment{
+					Linux: &api.LinuxContainerAdjustment{
+						Rdt: &api.LinuxRdt{
+							ClosId:           api.String("test"),
+							Schemata:         api.RepeatedString([]string{"L3:0=ff", "MB:0=50"}),
+							EnableMonitoring: api.Bool(true),
+						},
+					},
+				},
+			),
 		)
 	})
 
@@ -1008,6 +1026,18 @@ var _ = Describe("Plugin container creation adjustments", func() {
 			),
 			Entry("adjust resources", "resources/classes", false, true, nil),
 			Entry("adjust I/O priority (conflicts)", "I/O priority", false, true, nil),
+			Entry("adjust RDT (conflicts)", "rdt", false, true, nil),
+			Entry("adjust RDT", "rdt", true, false,
+				&api.ContainerAdjustment{
+					Linux: &api.LinuxContainerAdjustment{
+						Rdt: &api.LinuxRdt{
+							ClosId:           api.String("foo"),
+							Schemata:         api.RepeatedString([]string{"L3:0=ff", "MB:0=50"}),
+							EnableMonitoring: api.Bool(true),
+						},
+					},
+				},
+			),
 		)
 	})
 

pkg/adaptation/api.go

@@ -91,6 +91,7 @@ type (
 	LinuxDeviceCgroup        = api.LinuxDeviceCgroup
 	LinuxIOPriority          = api.LinuxIOPriority
 	LinuxSeccomp             = api.LinuxSeccomp
+	LinuxRdt                 = api.LinuxRdt
 	CDIDevice                = api.CDIDevice
 	HugepageLimit            = api.HugepageLimit
 	Hooks                    = api.Hooks
@@ -149,14 +150,15 @@ type (
 // Aliased functions for api/optional.go.
 // nolint
 var (
-	String   = api.String
-	Int      = api.Int
-	Int32    = api.Int32
-	UInt32   = api.UInt32
-	Int64    = api.Int64
-	UInt64   = api.UInt64
-	Bool     = api.Bool
-	FileMode = api.FileMode
+	String         = api.String
+	RepeatedString = api.RepeatedString
+	Int            = api.Int
+	Int32          = api.Int32
+	UInt32         = api.UInt32
+	Int64          = api.Int64
+	UInt64         = api.UInt64
+	Bool           = api.Bool
+	FileMode       = api.FileMode
 )
 
 // Aliased functions for api/types.go.

pkg/adaptation/result.go

@@ -235,7 +235,11 @@ func (r *result) adjust(rpl *ContainerAdjustment, plugin string) error {
 		if err := r.adjustNamespaces(rpl.Linux.Namespaces, plugin); err != nil {
 			return err
 		}
+		if err := r.adjustRdt(rpl.Linux.Rdt, plugin); err != nil {
+			return err
+		}
 	}
+
 	if err := r.adjustRlimits(rpl.Rlimits, plugin); err != nil {
 		return err
 	}
@@ -451,6 +455,42 @@ func (r *result) adjustNamespaces(namespaces []*LinuxNamespace, plugin string) e
 	return nil
 }
 
+func (r *result) adjustRdt(rdt *LinuxRdt, plugin string) error {
+	if r == nil {
+		return nil
+	}
+
+	r.initAdjustRdt()
+
+	id := r.request.create.Container.Id
+
+	if rdt.GetRemove() {
+		r.owners.ClearRdt(id, plugin)
+		r.reply.adjust.Linux.Rdt = &LinuxRdt{}
+	}
+
+	if v := rdt.GetClosId(); v != nil {
+		if err := r.owners.ClaimRdtClosID(id, plugin); err != nil {
+			return err
+		}
+		r.reply.adjust.Linux.Rdt.ClosId = String(v.GetValue())
+	}
+	if v := rdt.GetSchemata(); v != nil {
+		if err := r.owners.ClaimRdtSchemata(id, plugin); err != nil {
+			return err
+		}
+		r.reply.adjust.Linux.Rdt.Schemata = RepeatedString(v.GetValue())
+	}
+	if v := rdt.GetEnableMonitoring(); v != nil {
+		if err := r.owners.ClaimRdtEnableMonitoring(id, plugin); err != nil {
+			return err
+		}
+		r.reply.adjust.Linux.Rdt.EnableMonitoring = Bool(v.GetValue())
+	}
+
+	return nil
+}
+
 func (r *result) adjustCDIDevices(devices []*CDIDevice, plugin string) error {
 	if len(devices) == 0 {
 		return nil
@@ -1067,3 +1107,23 @@ func (r *result) getContainerUpdate(u *ContainerUpdate, plugin string) (*Contain
 
 	return update, nil
 }
+
+func (r *result) initAdjust() {
+	if r.reply.adjust == nil {
+		r.reply.adjust = &ContainerAdjustment{}
+	}
+}
+
+func (r *result) initAdjustLinux() {
+	r.initAdjust()
+	if r.reply.adjust.Linux == nil {
+		r.reply.adjust.Linux = &LinuxContainerAdjustment{}
+	}
+}
+
+func (r *result) initAdjustRdt() {
+	r.initAdjustLinux()
+	if r.reply.adjust.Linux.Rdt == nil {
+		r.reply.adjust.Linux.Rdt = &LinuxRdt{}
+	}
+}

pkg/api/adjustment.go

@@ -279,6 +279,30 @@ func (a *ContainerAdjustment) SetLinuxRDTClass(value string) {
 	a.Linux.Resources.RdtClass = String(value)
 }
 
+// SetLinuxRDTClosID records setting the RDT CLOS id for a container.
+func (a *ContainerAdjustment) SetLinuxRDTClosID(value string) {
+	a.initLinuxRdt()
+	a.Linux.Rdt.ClosId = String(value)
+}
+
+// SetLinuxRDTSchemata records setting the RDT schemata for a container.
+func (a *ContainerAdjustment) SetLinuxRDTSchemata(value []string) {
+	a.initLinuxRdt()
+	a.Linux.Rdt.Schemata = RepeatedString(value)
+}
+
+// SetLinuxRDTEnableMonitoring records enabling RDT monitoring for a container.
+func (a *ContainerAdjustment) SetLinuxRDTEnableMonitoring(value bool) {
+	a.initLinuxRdt()
+	a.Linux.Rdt.EnableMonitoring = Bool(value)
+}
+
+// RemoveLinuxRdt records the removal of the RDT configuration.
+func (a *ContainerAdjustment) RemoveLinuxRDT() {
+	a.initLinuxRdt()
+	a.Linux.Rdt.Remove = true
+}
+
 // AddLinuxUnified sets a cgroupv2 unified resource.
 func (a *ContainerAdjustment) AddLinuxUnified(key, value string) {
 	a.initLinuxResourcesUnified()
@@ -378,3 +402,9 @@ func (a *ContainerAdjustment) initLinuxResourcesUnified() {
 		a.Linux.Resources.Unified = make(map[string]string)
 	}
 }
+func (a *ContainerAdjustment) initLinuxRdt() {
+	a.initLinux()
+	if a.Linux.Rdt == nil {
+		a.Linux.Rdt = &LinuxRdt{}
+	}
+}