guest: unify pod model for V1, virtual pod, and V2 shim support

Replace VirtualPod with a generic uvmPod struct that serves all three
sandbox modes (V1 shim, virtual pod annotation, V2 native Sandbox API).

Key changes:
- VirtualPod (exported, complex) -> uvmPod (unexported, simpler)
- Host.virtualPods/containerToVirtualPod/virtualPodsCgroupParent -> Host.pods
- createPodInUVM: unified pod creation under /pods/<sandboxID> cgroup
- Container.sandboxID: every container tracks its sandbox for cleanup
- RemoveContainer: uses sandboxID + pod lookup instead of annotation checks
- Cgroup layout: /pods/<sandboxID>/<containerID> for all CRI containers
- cmd/gcs/main.go: /containers/virtual-pods cgroup -> /pods cgroup
- Remove InitializeVirtualPodSupport and all VirtualPod management methods

Signed-off-by: Shreyansh Sancheti <shsancheti@microsoft.com>

Author: Shreyansh Sancheti

cmd/gcs/main.go

@@ -362,17 +362,16 @@ func main() {
 	}
 	defer containersControl.Delete() //nolint:errcheck
 
-	// Create virtual-pods cgroup hierarchy for multi-pod support
-	// This will be the parent for all virtual pod cgroups: /containers/virtual-pods/{virtualSandboxID}
-	virtualPodsControl, err := cgroup.NewManager("/containers/virtual-pods", &oci.LinuxResources{
+	// Create /pods cgroup hierarchy for all pods (sandbox, virtual pod, and v2).
+	podsControl, err := cgroup.NewManager("/pods", &oci.LinuxResources{
 		Memory: &oci.LinuxMemory{
-			Limit: &containersLimit, // Share the same limit as containers
+			Limit: &containersLimit,
 		},
 	})
 	if err != nil {
-		logrus.WithError(err).Fatal("failed to create containers/virtual-pods cgroup")
+		logrus.WithError(err).Fatal("failed to create pods cgroup")
 	}
-	defer virtualPodsControl.Delete() //nolint:errcheck
+	defer podsControl.Delete() //nolint:errcheck
 
 	gcsControl, err := cgroup.NewManager("/gcs", &oci.LinuxResources{})
 	if err != nil {
@@ -394,10 +393,6 @@ func main() {
 		EnableV4: *v4,
 	}
 	h := hcsv2.NewHost(rtime, tport, initialEnforcer, logWriter)
-	// Initialize virtual pod support in the host
-	if err := h.InitializeVirtualPodSupport(virtualPodsControl); err != nil {
-		logrus.WithError(err).Warn("Virtual pod support initialization failed")
-	}
 	b.AssignHandlers(mux, h)
 
 	var bridgeIn io.ReadCloser
@@ -433,13 +428,13 @@ func main() {
 	oomFile := os.NewFile(oom, "cefd")
 	defer oomFile.Close()
 
-	// Setup OOM monitoring for virtual-pods cgroup
-	virtualPodsOom, err := virtualPodsControl.OOMEventFD()
+	// Setup OOM monitoring for pods cgroup
+	podsOom, err := podsControl.OOMEventFD()
 	if err != nil {
-		logrus.WithError(err).Fatal("failed to retrieve the virtual-pods cgroups oom eventfd")
+		logrus.WithError(err).Fatal("failed to retrieve the pods cgroups oom eventfd")
 	}
-	virtualPodsOomFile := os.NewFile(virtualPodsOom, "vp-oomfd")
-	defer virtualPodsOomFile.Close()
+	podsOomFile := os.NewFile(podsOom, "pods-oomfd")
+	defer podsOomFile.Close()
 
 	// time synchronization service
 	if !(*disableTimeSync) {
@@ -450,7 +445,7 @@ func main() {
 
 	go readMemoryEvents(startTime, gefdFile, "/gcs", int64(*gcsMemLimitBytes), gcsControl)
 	go readMemoryEvents(startTime, oomFile, "/containers", containersLimit, containersControl)
-	go readMemoryEvents(startTime, virtualPodsOomFile, "/containers/virtual-pods", containersLimit, virtualPodsControl)
+	go readMemoryEvents(startTime, podsOomFile, "/pods", containersLimit, podsControl)
 	err = b.ListenAndServe(bridgeIn, bridgeOut)
 	if err != nil {
 		logrus.WithFields(logrus.Fields{

internal/guest/runtime/hcsv2/container.go

@@ -52,6 +52,7 @@ type Container struct {
 
 	spec          *oci.Spec
 	ociBundlePath string
+	sandboxID     string // ID of the sandbox/pod this container belongs to
 	isSandbox     bool
 
 	container   runtime.Container

internal/guest/runtime/hcsv2/container_stats_test.go

@@ -494,16 +494,3 @@ func TestConvertV2StatsToV1_NilInput(t *testing.T) {
 		t.Error("ConvertV2StatsToV1(nil) should return empty metrics with all nil fields")
 	}
 }
-
-func TestHost_InitializeVirtualPodSupport_ErrorCases(t *testing.T) {
-	host := &Host{}
-
-	// Test with nil input
-	err := host.InitializeVirtualPodSupport(nil)
-	if err == nil {
-		t.Error("Expected error for nil input")
-	}
-	if err != nil && err.Error() != "no valid cgroup manager provided for virtual pod support" {
-		t.Errorf("Unexpected error message: %s", err.Error())
-	}
-}

internal/guest/runtime/hcsv2/sandbox_container.go

@@ -119,12 +119,8 @@ func setupSandboxContainerSpec(ctx context.Context, id, sandboxRoot string, spec
 	// also has a concept of a sandbox/shm file when the IPC NamespaceMode !=
 	// NODE.
 
-	// Set cgroup path - check if this is a virtual pod
-	if virtualSandboxID != "" {
-		spec.Linux.CgroupsPath = "/containers/virtual-pods/" + virtualSandboxID
-	} else {
-		spec.Linux.CgroupsPath = "/containers/" + id
-	}
+	// Set cgroup path under the pod's cgroup.
+	spec.Linux.CgroupsPath = "/pods/" + id
 
 	// Clear the windows section as we dont want to forward to runc
 	spec.Windows = nil

internal/guest/runtime/hcsv2/standalone_container.go

@@ -15,7 +15,6 @@ import (
 	"github.com/Microsoft/hcsshim/internal/guest/network"
 	specGuest "github.com/Microsoft/hcsshim/internal/guest/spec"
 	"github.com/Microsoft/hcsshim/internal/oc"
-	"github.com/Microsoft/hcsshim/pkg/annotations"
 )
 
 func getStandaloneHostnamePath(rootDir string) string {
@@ -118,13 +117,8 @@ func setupStandaloneContainerSpec(ctx context.Context, id, rootDir string, spec
 		spec.Mounts = append(spec.Mounts, mt)
 	}
 
-	// Set cgroup path
-	virtualSandboxID := spec.Annotations[annotations.VirtualPodID]
-	if virtualSandboxID != "" {
-		spec.Linux.CgroupsPath = "/containers/virtual-pods/" + virtualSandboxID + "/" + id
-	} else {
-		spec.Linux.CgroupsPath = "/containers/" + id
-	}
+	// Set cgroup path. Standalone containers go under /containers.
+	spec.Linux.CgroupsPath = "/containers/" + id
 
 	// Clear the windows section as we dont want to forward to runc
 	spec.Windows = nil