From a4259a9c04b09d87a033c9f433ff5d9d46ea7b01 Mon Sep 17 00:00:00 2001
From: Paco Xu <paco.xu@daocloud.io>
Date: Tue, 21 Mar 2023 17:52:38 +0800
Subject: [PATCH] cgroup v2: add warning message for kernel < 5.8; add error
 message if kernel < 4.15

---
 validators/kernel_validator.go      | 40 ++++++++++++++++++------
 validators/kernel_validator_test.go | 48 ++++++++++++++++++++++++++---
 validators/types.go                 |  4 +++
 validators/types_unix.go            |  7 ++++-
 validators/types_windows.go         | 10 +++---
 5 files changed, 90 insertions(+), 19 deletions(-)

diff --git a/validators/kernel_validator.go b/validators/kernel_validator.go
index 96e0788..f83efde 100644
--- a/validators/kernel_validator.go
+++ b/validators/kernel_validator.go
@@ -67,30 +67,52 @@ func (k *KernelValidator) Validate(spec SysSpec) ([]error, []error) {
 	}
 	k.kernelRelease = release
 	var errs []error
-	if err = k.validateKernelVersion(spec.KernelSpec); err != nil {
+	var warns []error
+	warn, err := k.validateKernelVersion(spec.KernelSpec)
+	if err != nil {
 		errs = append(errs, err)
 	}
+	if warn != nil {
+		warns = append(warns, warn)
+	}
 	// only validate kernel config when necessary (currently no kernel config for windows)
 	if len(spec.KernelSpec.Required) > 0 || len(spec.KernelSpec.Forbidden) > 0 || len(spec.KernelSpec.Optional) > 0 {
 		if err = k.validateKernelConfig(spec.KernelSpec); err != nil {
 			errs = append(errs, err)
 		}
 	}
-	return nil, errs
+	return warns, errs
 }
 
 // validateKernelVersion validates the kernel version.
-func (k *KernelValidator) validateKernelVersion(kSpec KernelSpec) error {
-	versionRegexps := kSpec.Versions
-	for _, versionRegexp := range versionRegexps {
+func (k *KernelValidator) validateKernelVersion(kSpec KernelSpec) (error, error) {
+	var warn, err error
+	var matched bool
+	for _, versionRegexp := range kSpec.Versions {
 		r := regexp.MustCompile(versionRegexp)
 		if r.MatchString(k.kernelRelease) {
-			k.Reporter.Report("KERNEL_VERSION", k.kernelRelease, good)
-			return nil
+			matched = true
+			break
 		}
 	}
-	k.Reporter.Report("KERNEL_VERSION", k.kernelRelease, bad)
-	return fmt.Errorf("unsupported kernel release: %s", k.kernelRelease)
+	if !matched {
+		err = fmt.Errorf("unsupported kernel release: %s", k.kernelRelease)
+		k.Reporter.Report("KERNEL_VERSION", k.kernelRelease, good)
+	}
+
+	matched = false
+	for _, versionRegexp := range kSpec.RecommendedVersions {
+		r := regexp.MustCompile(versionRegexp)
+		if r.MatchString(k.kernelRelease) {
+			matched = true
+			break
+		}
+	}
+	if !matched {
+		warn = fmt.Errorf("kernel release %s is not recommended, and %s", k.kernelRelease, kSpec.RecommendedNote)
+		k.Reporter.Report("KERNEL_VERSION", k.kernelRelease, good)
+	}
+	return warn, err
 }
 
 // validateKernelConfig validates the kernel configurations.
diff --git a/validators/kernel_validator_test.go b/validators/kernel_validator_test.go
index 7c303ae..c941fc9 100644
--- a/validators/kernel_validator_test.go
+++ b/validators/kernel_validator_test.go
@@ -32,54 +32,92 @@ func TestValidateKernelVersion(t *testing.T) {
 	// This is fine, because the test mainly tests the kernel version validation logic,
 	// not the DefaultSysSpec. The DefaultSysSpec should be tested with node e2e.
 	testRegex := []string{`^3\.[1-9][0-9].*$`, `^([4-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}
+	testRecommendedRegex := []string{`^5\.[8-9].*$`, `^5\.[1-9][0-9].*$`, `^([6-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}
 	for _, test := range []struct {
 		name    string
 		version string
 		err     bool
+		warn    bool
 	}{
 		{
-			name:    "3.19.9-99-test first version regex matches",
+			name:    "3.19.9-99-test no version regex matches",
 			version: "3.19.9-99-test",
 			err:     false,
+			warn:    true,
 		},
 		{
-			name:    "4.4.14+ one of version regexes matches",
+			name:    "4.4.14+ no version regex matches",
 			version: "4.4.14+",
 			err:     false,
+			warn:    true,
+		},
+		{
+			name:    "5.7.3  no version regex matches",
+			version: "5.7.3",
+			err:     false,
+			warn:    true,
+		},
+		{
+			name:    "5.8.3-99-test matches",
+			version: "5.8.3",
+			err:     false,
+			warn:    false,
+		},
+		{
+			name:    "5.9.3+ matches",
+			version: "5.9.3",
+			err:     false,
+			warn:    false,
+		},
+		{
+			name:    "5.12.3 matches",
+			version: "5.12.3",
+			err:     false,
+			warn:    false,
 		},
 		{
 			name:    "2.0.0 no version regex matches",
 			version: "2.0.0",
 			err:     true,
+			warn:    true,
 		},
 		{
 			name:    "5.0.0 one of version regexes matches",
 			version: "5.0.0",
 			err:     false,
+			warn:    true,
 		},
 		{
 			name:    "10.21.1 one of version regexes matches",
 			version: "10.21.1",
 			err:     false,
+			warn:    false,
 		},
 		{
 			name:    "99.12.12 one of version regexes matches",
 			version: "99.12.12",
 			err:     false,
+			warn:    false,
 		},
 		{
 			name:    "3.9.0 no version regex matches",
 			version: "3.9.0",
 			err:     true,
+			warn:    true,
 		},
 	} {
 		t.Run(test.name, func(t *testing.T) {
 			v.kernelRelease = test.version
-			err := v.validateKernelVersion(KernelSpec{Versions: testRegex})
+			warn, err := v.validateKernelVersion(KernelSpec{Versions: testRegex, RecommendedVersions: testRecommendedRegex})
 			if !test.err {
 				assert.Nil(t, err, "Expect error not to occur with kernel version %q", test.version)
 			} else {
-				assert.NotNil(t, err, "Expect error to occur with kenrel version %q", test.version)
+				assert.NotNil(t, err, "Expect error to occur with kernel version %q", test.version)
+			}
+			if !test.warn {
+				assert.Nil(t, warn, "Expect warn not to occur with kernel version %q", test.version)
+			} else {
+				assert.NotNil(t, warn, "Expect warn to occur with kernel version %q", test.version)
 			}
 		})
 	}
@@ -189,7 +227,7 @@ func TestValidateCachedKernelConfig(t *testing.T) {
 			if !test.err {
 				assert.Nil(t, err, "Expect error not to occur with kernel config %q", test.config)
 			} else {
-				assert.NotNil(t, err, "Expect error to occur with kenrel config %q", test.config)
+				assert.NotNil(t, err, "Expect error to occur with kernel config %q", test.config)
 			}
 		})
 	}
diff --git a/validators/types.go b/validators/types.go
index d711cdc..9776b94 100644
--- a/validators/types.go
+++ b/validators/types.go
@@ -42,6 +42,10 @@ type KernelConfig struct {
 type KernelSpec struct {
 	// Versions define supported kernel version. It is a group of regexps.
 	Versions []string `json:"versions,omitempty"`
+	// RecommendedVersions define recommended kernel versions. It is a group of regexps.
+	RecommendedVersions []string `json:"recommendedVersions,omitempty"`
+	// RecommendedNote provides a prompt message for user if RecommendedVersions do not match.
+	RecommendedNote string `json:"recommendedNote,omitempty"`
 	// Required contains all kernel configurations required to be enabled
 	// (built in or as module).
 	Required []KernelConfig `json:"required,omitempty"`
diff --git a/validators/types_unix.go b/validators/types_unix.go
index b70947f..2766ffe 100644
--- a/validators/types_unix.go
+++ b/validators/types_unix.go
@@ -28,7 +28,12 @@ import (
 var DefaultSysSpec = SysSpec{
 	OS: "Linux",
 	KernelSpec: KernelSpec{
-		Versions: []string{`^3\.[1-9][0-9].*$`, `^([4-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}, // Requires 3.10+, or newer
+		// runc cgroup v2 https://github.com/opencontainers/runc/blob/3778ae603c706494fd1e2c2faf83b406e38d687d/docs/cgroup-v2.md?plain=1#L24
+		Versions: []string{`^3\.[1-9][0-9].*$`, `^([4-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}, // Requires 4.15+, or newer
+		// cgroup v2: Kubernetes recommended kernel version
+		// https://kubernetes.io/docs/concepts/architecture/cgroups/
+		RecommendedVersions: []string{`^5\.[8-9].*$`, `^5\.[1-9][0-9].*$`, `^([6-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}, // Requires 5.8+, or newer for cgroup v2
+		RecommendedNote:     "kernel version should >= '4.15', and 5.8+ is recommended.",
 		// TODO(random-liu): Add more config
 		// TODO(random-liu): Add description for each kernel configuration:
 		Required: []KernelConfig{
diff --git a/validators/types_windows.go b/validators/types_windows.go
index cce90f6..5a9abd7 100644
--- a/validators/types_windows.go
+++ b/validators/types_windows.go
@@ -28,10 +28,12 @@ import (
 var DefaultSysSpec = SysSpec{
 	OS: "Microsoft Windows Server 2016",
 	KernelSpec: KernelSpec{
-		Versions:  []string{`10\.0\.1439[3-9]`, `10\.0\.14[4-9][0-9]{2}`, `10\.0\.1[5-9][0-9]{3}`, `10\.0\.[2-9][0-9]{4}`, `10\.[1-9]+\.[0-9]+`}, //requires >= '10.0.14393'
-		Required:  []KernelConfig{},
-		Optional:  []KernelConfig{},
-		Forbidden: []KernelConfig{},
+		Versions:            []string{`10\.0\.1439[3-9]`, `10\.0\.14[4-9][0-9]{2}`, `10\.0\.1[5-9][0-9]{3}`, `10\.0\.[2-9][0-9]{4}`, `10\.[1-9]+\.[0-9]+`}, //requires >= '10.0.14393'
+		RecommendedVersions: []string{`10\.0\.1439[3-9]`, `10\.0\.14[4-9][0-9]{2}`, `10\.0\.1[5-9][0-9]{3}`, `10\.0\.[2-9][0-9]{4}`, `10\.[1-9]+\.[0-9]+`}, //requires >= '10.0.14393'
+		RecommendedReason:   "kernel version should>= '10.0.14393'",
+		Required:            []KernelConfig{},
+		Optional:            []KernelConfig{},
+		Forbidden:           []KernelConfig{},
 	},
 	RuntimeSpec: RuntimeSpec{
 		DockerSpec: &DockerSpec{