Allocate zero disk to privileged containers

[derek-assurity]

Current behavior

The allocation of volumes between privileged and unprivileged containers cannot be controlled. We are not using privileged containers but the grootfs is still allocating 50% of the available volumes per diego cell to privileged container storage.

Filesystem     1K-blocks     Used Available Use% Mounted on
tmpfs            3233124   108320   3124804   4% /run
/dev/nvme0n1p1   5077232  3197240   1608420  67% /
tmpfs           16165616        0  16165616   0% /dev/shm
tmpfs               5120        0      5120   0% /run/lock
tmpfs               4096        0      4096   0% /sys/fs/cgroup
/dev/nvme1n1p2  70807720 24118380  43046716  36% /var/vcap/data
tmpfs              16384      948     15436   6% /var/vcap/data/sys/run
/dev/loop0      50176344 14227740  35948604  29% /var/vcap/data/grootfs/store/unprivileged
/dev/loop1      50176224    83104  50093120   1% /var/vcap/data/grootfs/store/privileged
tmpfs            3233120        0   3233120   0% /run/user/1001

The config.ini.erb controls adding the privilege config, but there doesn't appear to be a way to set the size to a minimum

Config.ini.erb

  <% if use_default_privileged_image_plugin -%>
    privileged-image-plugin = /var/vcap/packages/grootfs/bin/grootfs
    privileged-image-plugin-extra-arg = "--config"
    privileged-image-plugin-extra-arg = <%= groot_config_dir %>/privileged_grootfs_config.yml
  <% end -%>

Desired behavior

Ideally, be able to set the Privileged container storage to a minimum and allocate the resources to the non-privileged containers.

Affected Version

2.104.0