Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch cgroup driver, from cgroupfs to systemd #4770

Closed
afbjorklund opened this issue Jul 16, 2019 · 8 comments · Fixed by #6651
Closed

Switch cgroup driver, from cgroupfs to systemd #4770

afbjorklund opened this issue Jul 16, 2019 · 8 comments · Fixed by #6651
Assignees
@afbjorklund
Labels
co/kubelet Kubelet config issues co/runtime/containerd co/runtime/crio CRIO related issues co/runtime/docker Issues specific to a docker runtime help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
v1.8.0 March 5

Comments

@afbjorklund
Copy link
Collaborator

afbjorklund commented Jul 16, 2019
edited
Loading

kubeadm complains about settings:

detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd".

 02:43:03 | ! I0716 02:43:03.032081    3466 utils.go:247] > [init] Using Kubernetes version: v1.15.0
 02:43:03 | ! I0716 02:43:03.043702    3466 utils.go:247] > [preflight] Running pre-flight checks
 02:43:03 | ! I0716 02:43:03.338279    3466 utils.go:247] ! 	[WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service'
 02:43:03 | ! I0716 02:43:03.566271    3466 utils.go:247] ! 	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
 02:43:03 | ! I0716 02:43:03.990579    3466 utils.go:247] > [preflight] Pulling images required for setting up a Kubernetes cluster
 02:43:03 | ! I0716 02:43:03.990626    3466 utils.go:247] > [preflight] This might take a minute or two, depending on the speed of your internet connection
 02:43:03 | ! I0716 02:43:03.990649    3466 utils.go:247] > [preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
 02:43:03 | ! I0716 02:43:03.990706    3466 utils.go:247] ! 	[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'

https://kubernetes.io/docs/setup/production-environment/container-runtimes/#cgroup-drivers

Control groups are used to constrain resources that are allocated to processes. A single cgroup manager will simplify the view of what resources are being allocated and will by default have a more consistent view of the available and in-use resources. When we have two managers we end up with two views of those resources. We have seen cases in the field where nodes that are configured to use cgroupfs for the kubelet and Docker, and systemd for the rest of the processes running on the node becomes unstable under resource pressure.

Changing the settings such that your container runtime and kubelet use systemd as the cgroup driver stabilized the system.

Recommended /etc/docker/daemon.json (storage driver "overlay2" is now the default anyway)

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}

Similar setting for crio:

https://github.com/kubernetes/minikube/blob/master/deploy/iso/minikube-iso/package/crio-bin/crio.conf#L122

# Cgroup management implementation used for the runtime.
cgroup_manager = "cgroupfs"

And for containerd:

https://github.com/kubernetes/minikube/blob/master/deploy/iso/minikube-iso/package/containerd-bin/config.toml#L34

systemd_cgroup = false

https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#configure-cgroup-driver-used-by-kubelet-on-control-plane-node

When using Docker, kubeadm will automatically detect the cgroup driver for the kubelet [...]

The automatic detection of cgroup driver for other container runtimes like CRI-O and containerd is work in progress.
@afbjorklund afbjorklund added the kind/feature Categorizes issue or PR as related to a new feature. label Jul 16, 2019
@afbjorklund
Copy link
Collaborator Author

Related to #4172

@tstromberg
Copy link
Contributor

Possibly related: #4144 #2381

@tstromberg tstromberg added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. co/kubelet Kubelet config issues co/runtime/docker Issues specific to a docker runtime help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Jul 16, 2019
@afbjorklund
Copy link
Collaborator Author

afbjorklund commented Aug 3, 2019
edited
Loading

Here is the current workaround, when using something like the default Docker on CentOS:

sudo minikube start --vm-driver=none --extra-config=kubelet.cgroup-driver=systemd

The "docker" package (1.13.1) already has "systemd" as the default.

Note: also need to set SELinux to permissive (setenforce 0)

@tstromberg
Copy link
Contributor

Marking as dupe of #4172

@tstromberg tstromberg mentioned this issue Aug 20, 2019
Closed
@afbjorklund
Copy link
Collaborator Author

This is not a dupe, this one is about actually changing the setting for the VM (to "systemd").
The other issue is about detecting the current configuration, and setting kubernetes config.

@afbjorklund afbjorklund reopened this Jan 12, 2020
@afbjorklund afbjorklund added this to the v1.8.0 milestone Feb 8, 2020
@medyagh
Copy link
Member

medyagh commented Feb 10, 2020

@afbjorklund could I assign it to you ?

@afbjorklund
Copy link
Collaborator Author

afbjorklund commented Feb 15, 2020
edited
Loading

For Docker:
The other drivers are already the default (overlay2 and json-file)

    "log-opts": {
        "max-size": "100m"
    },

The default max-size is unlimited, guess we can cap it to 100m.
https://docs.docker.com/config/containers/logging/json-file/

It's not really related to cgroup, but recommended by kubeadm...

See kubernetes/kubeadm#1394

@afbjorklund afbjorklund mentioned this issue Feb 15, 2020
Merged
@edigaryev edigaryev mentioned this issue Jun 18, 2020
Closed
@afbjorklund afbjorklund mentioned this issue Jan 13, 2021
Closed
4 tasks
@lunatik13
Copy link

Here is the current workaround, when using something like the default Docker on CentOS:

sudo minikube start --vm-driver=none --extra-config=kubelet.cgroup-driver=systemd

The "docker" package (1.13.1) already has "systemd" as the default.

Note: also need to set SELinux to permissive (setenforce 0)

Working for macos

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afbjorklund afbjorklund

Labels
co/kubelet Kubelet config issues co/runtime/containerd co/runtime/crio CRIO related issues co/runtime/docker Issues specific to a docker runtime help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
v1.8.0 March 5
Development

Successfully merging a pull request may close this issue.

Change cgroup driver from cgroupfs to systemd afbjorklund/minikube
4 participants
@tstromberg @lunatik13 @medyagh @afbjorklund