After years of development and experimentation, we finally have comprehensive OS-level work-conserving resource isolation working and are now in the process of deploying for various applications including workload protection and container stacking. This talk examines the project and the resulting resource control methods.
FB has been actively experimenting with cgroup2 resource control for years. In the process, we developed several kernel and userland mechanisms, fixed numerous isolation issues, and discovered a number of surprising interactions.
We finally have comprehensive OS-level work-conserving resource isolation working and are now in the process of refining and deploying the developed comprehensive resource isolation mechanism for various applications such as workload protection and container stacking.
Let's take a look at the mistakes, the lessons, the result, and discuss how best this can be integrated into the whole operating system.