| title | expires_at | tags | |
|---|---|---|---|
BOSH’s BPM Support within the Garden-runc-release |
never |
|
BOSH’s workload isolation BPM presents additional complexities to Garden’s workload isolation and should be approached with full knowledge of the caveats involved.
Since BPM isolates workloads, having an additional level of isolation via Garden requires some thought in order to have a successful deployment. By default, the Garden-runc-release does not enable BOSH’s BPM.
Garden-runc-release’s BPM support is implemented primarily through two flags bpm.enabled and garden.additional_bpm_volumes.
The primary flag bpm.enabled within the Garden spec will allow Garden-runc-release to use BPM. When enabling this flag, use a measure of caution: The containers won't survive a restart of the garden job. This is why garden.destroy_containers_on_start should be set to avoid leaking container state.
It’s default value is “false”
A secondary property garden.additional_bpm_volumes, requires bpm.enabled to be enabled. This property allows an array of shared writable volumes which will be mounted into the BPM container. Submounts from all mount namespaces in a volume are visible in all containers that have the volume mounted in.
Its default value is left blank.
In addition to the above primary properties, there are some secondary properties that have caveats when enabling BPM:
When enabling garden.experimental_use_containerd_mode_for_processes, please ensure you do NOT have bpm.enabled enabled. The two properties are incompatible with one another. The purpose of the property is to use Containerd for container process management. Must be used with containerd_mode also set to true. NOTE: cannot be used in combination with bpm
By default it is disabled(set to false).
The property garden.destroy_containers_on_start is recommended when enabling bpm via bpm.enabled. This is recommend so that container state is not leaked and all containers managed by Garden-runc-release, are destroyed, recreated and managed within the confines of BPM’s isolation.
By default it is disabled(set to false).
Here are a few key locations where the afformentioned properties get implmented within the release.
garden-runc-release/jobs/garden/monit
Lines 1 to 22 in 833f960
garden-runc-release/jobs/garden/templates/bin/garden_start.erb
Lines 85 to 87 in 833f960
garden-runc-release/jobs/garden/templates/bin/garden_stop.erb
Lines 7 to 10 in 833f960
garden-runc-release/jobs/garden/templates/bin/bpm-pre-start.erb
Lines 12 to 16 in 833f960