Epic Goal

• The goal of this epic is to rewrite conmon so there is one conmon per-pod, rather than one per-container (and per-exec request).

Why is this important?

• The main motivating factor is to reduce overhead of exec sync requests, as every exec sync request spawns a conmon instance, and the memory is charged against CRI-O, making CRI-O's memory usage seem higher than it is.
• A consequence is also to rewrite in a more modern language (rust) and to rearchitect to be more extendable in the future.

Scenarios

1. As an openshift admin, I'd like the overhead from exec sync requests to be correctly accounted for, so CRI-O uses less memory in the system reserved.
2. As an openshift developer, I'd like to be able to add new features to conmon (log rate limiting, ipv6 port forwarding, managed namespaces) easier than I can with the current implementation.

Acceptance Criteria

• CI - Both CRI-O upstream and Openshift downstream should have the new conmon running and all tests passing
• Resulting conmon-rs should use no more than 4MB of memory, but ideally even lower.
• Resulting CRI-O should reduce in steady state memory usage from exec sync requests.

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. Some stories have been completed in https://issues.redhat.com/projects/OCPNODE/issues/OCPNODE-774 which began this work

Open questions::

1. …

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>