runtime: introduce static sandbox resource management

There are software and hardware architectures which do not support
dynamically adjusting the CPU and memory resources associated with a
sandbox. For these, today, they rely on "default CPU" and "default
memory" configuration options for the runtime, either set by annotation
or by the configuration toml on disk.

In the case of a single container (launched by ctr, or something like
"docker run"), we could allow for sizing the VM correctly, since all of
the information is already available to us at creation time.

In the sandbox / pod container case, it is possible for the upper layer
container runtime (ie, containerd or crio) could send a specific
annotation indicating the total workload resource requirements
associated with the sandbox creation request.

In the case of sizing information not being provided, we will follow
same behavior as today: start the VM with (just) the default CPU/memory.

If this information is provided, we'll track this as Workload specific
resources, and track default sizing information as Base resources. We
will update the hypervisor configuration to utilize Base+Workload
resources, thus starting the VM with the appropriate amount of CPU and
memory.

In this scenario (we start the VM with the "right" amount of
CPU/Memory), we do not want to update the VM resources when containers
are added, or adjusted in size.

This functionality is introduced behind a configuration flag,
`static_sandbox_resource_mgmt`. This is defaulted to false for all
configurations except Firecracker, which is set to true.

This'll greatly improve UX for folks who are utilizing
Kata with a VMM or hardware architecture that doesn't support hotplug.

Note, users will still be unable to do in place vertical pod autoscaling
or other dynamic container/pod sizing with this enabled.

Fixes: #3264

Signed-off-by: Eric Ernst <eric_ernst@apple.com>

src/runtime/virtcontainers/sandbox.go

@@ -99,6 +99,17 @@ type SandboxStats struct {
 	Cpus        int
 }
 
+type SandboxResourceSizing struct {
+	// The number of CPUs required for the sandbox workload(s)
+	WorkloadCPUs uint32
+	// The base number of CPUs for the VM that are assigned as overhead
+	BaseCPUs uint32
+	// The amount of memory required for the sandbox workload(s)
+	WorkloadMemMB uint32
+	// The base amount of memory required for that VM that is assigned as overhead
+	BaseMemMB uint32
+}
+
 // SandboxConfig is a Sandbox configuration.
 type SandboxConfig struct {
 	// Volumes is a list of shared volumes between the host and the Sandbox.
@@ -132,6 +143,11 @@ type SandboxConfig struct {
 
 	HypervisorConfig HypervisorConfig
 
+	SandboxResources SandboxResourceSizing
+
+	// StaticResourceMgmt indicates if the shim should rely on statically sizing the sandbox (VM)
+	StaticResourceMgmt bool
+
 	ShmSize uint64
 
 	VfioMode config.VFIOModeType
@@ -1573,7 +1589,7 @@ func (s *Sandbox) createContainers(ctx context.Context) error {
 	}
 
 	// Update resources after having added containers to the sandbox, since
-	// container status is requiered to know if more resources should be added.
+	// container status is required to know if more resources should be added.
 	if err := s.updateResources(ctx); err != nil {
 		return err
 	}
@@ -1909,6 +1925,10 @@ func (s *Sandbox) updateResources(ctx context.Context) error {
 		return fmt.Errorf("sandbox config is nil")
 	}
 
+	if s.config.StaticResourceMgmt {
+		s.Logger().Debug("no resources updated: static resource management is set")
+		return nil
+	}
 	sandboxVCPUs, err := s.calculateSandboxCPUs()
 	if err != nil {
 		return err