update deprecation status of --kernel-memory(-tcp)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 14:36:11 +02:00 · 2022-04-07 14:36:11 +02:00 · 41fd1c49b6
parent 49a7d75a22
commit 41fd1c49b6
2 changed files with 31 additions and 4 deletions
--- a/cli/command/container/update.go
+++ b/cli/command/container/update.go
@ -64,7 +64,13 @@ func NewUpdateCommand(dockerCli command.Cli) *cobra.Command {
 	flags.VarP(&options.memory, "memory", "m", "Memory limit")
 	flags.Var(&options.memoryReservation, "memory-reservation", "Memory soft limit")
 	flags.Var(&options.memorySwap, "memory-swap", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
-	flags.Var(&options.kernelMemory, "kernel-memory", "Kernel memory limit")
+	flags.Var(&options.kernelMemory, "kernel-memory", "Kernel memory limit (deprecated)")
+	// --kernel-memory is deprecated on API v1.42 and up, but our current annotations
+	// do not support only showing on < API-version. This option is no longer supported
+	// by runc, so hiding it unconditionally.
+	flags.SetAnnotation("kernel-memory", "deprecated", nil)
+	flags.MarkHidden("kernel-memory")
+
 	flags.StringVar(&options.restartPolicy, "restart", "", "Restart policy to apply when a container exits")
 	flags.Int64Var(&options.pidsLimit, "pids-limit", 0, "Tune container pids limit (set -1 for unlimited)")
 	flags.SetAnnotation("pids-limit", "version", []string{"1.40"})
--- a/docs/deprecated.md
+++ b/docs/deprecated.md
@ -57,7 +57,7 @@ The table below provides an overview of the current status of deprecated feature
 | Deprecated | [Pulling images from non-compliant image registries](#pulling-images-from-non-compliant-image-registries)                          | v20.10     | -      |
 | Removed    | [Linux containers on Windows (LCOW)](#linux-containers-on-windows-lcow-experimental)                                               | v20.10     | v22.04 |
 | Deprecated | [BLKIO weight options with cgroups v1](#blkio-weight-options-with-cgroups-v1)                                                      | v20.10     | -      |
-| Deprecated | [Kernel memory limit](#kernel-memory-limit)                                                                                        | v20.10     | -      |
+| Removed    | [Kernel memory limit](#kernel-memory-limit)                                                                                        | v20.10     | v22.04 |
 | Deprecated | [Classic Swarm and overlay networks using external key/value stores](#classic-swarm-and-overlay-networks-using-cluster-store)      | v20.10     | -      |
 | Removed    | [Support for the legacy `~/.dockercfg` configuration file for authentication](#support-for-legacy-dockercfg-configuration-files)   | v20.10     | v22.04 |
 | Deprecated | [CLI plugins support](#cli-plugins-support)                                                                                        | v20.10     | -      |
@ -281,9 +281,30 @@ When using cgroups v2, the `--blkio-weight` options are implemented using
 ### Kernel memory limit

 **Deprecated in Release: v20.10**
+**Removed in Release: v22.04**

-Specifying kernel memory limit (`docker run --kernel-memory`) is now marked as deprecated,
-as [Linux kernel deprecated `kmem.limit_in_bytes` in v5.4](https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0b5adf44cae99b3ebcc7).
+Specifying kernel memory limit (`docker run --kernel-memory`) is no longer supported
+because the [Linux kernel deprecated `kmem.limit_in_bytes` in v5.4](https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0b5adf44cae99b3ebcc7).
+The OCI runtime specification now marks this option (as well as `--kernel-memory-tcp`)
+as ["NOT RECOMMENDED"](https://github.com/opencontainers/runtime-spec/pull/1093),
+and OCI runtimes such as `runc` no longer support this option.
+
+Docker API v1.42 and up now ignores this option when set. Older versions of the
+API continue to accept the option, but depending on the OCI runtime used, may
+take no effect.
+
+> **Note**
+> 
+> While not deprecated (yet) in Docker, the OCI runtime specification also
+> deprecated the `memory.kmem.tcp.limit_in_bytes` option. When using `runc` as
+> runtime, this option takes no effect. The linux kernel did not explicitly
+> deprecate this feature, and there is a tracking ticket in the `runc` issue
+> tracker to determine if this option should be reinstated or if this was an
+> oversight of the Linux kernel maintainers (see [opencontainers/runc#3174](https://github.com/opencontainers/runc/issues/3174)).
+> 
+> The `memory.kmem.tcp.limit_in_bytes` option is only supported with cgroups v1,
+> and not available on installations running with cgroups v2. This option is
+> only supported by the API, and not exposed on the `docker` command-line.

 ### Classic Swarm and overlay networks using cluster store