fix: Configure containerd runc plugin options with systemd cgroup driver #493
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
konvoy-image-builder installs kubelet as a systemd service, and kubelet therefore uses the systemd cgroup driver. The container runtime must use the same cgroup driver. > Note: In v1.22, if the user is not setting the cgroupDriver field > under KubeletConfiguration, kubeadm will default it to systemd. > -- https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/
|
Minimum allowed coverage is Generated by 🐒 cobertura-action against c890621 |
dkoshkin
reviewed
Sep 12, 2022
| @@ -96,6 +95,8 @@ imports = ["/etc/containerd/conf.d/*.toml"] | |||
| runtime_engine = "" | |||
| runtime_root = "" | |||
| privileged_without_host_devices = false | |||
| [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] | |||
| systemd_cgroup = true | |||
There was a problem hiding this comment.
Is this value dependent on the Kubernetes version?
There was a problem hiding this comment.
Yes, but as of v1.21, kubeadm init configures kubelet to use the systemd cgroup driver, and as of v1.22, all kubeadm commands configure kubelet to use it.
Please see kubernetes/kubeadm#2376 (comment)
|
@faiq raised a good question about where in the containerd configuration this PR sets the cgroup driver. The "global" setting has been deprecated for a while: https://github.com/containerd/containerd/blob/f4095a6876c62dd4cd5e3749d2435b2daa9eaff8/pkg/cri/config/config.go#L259-L262 So the right place to set it appears to be in the CRI runtime plugin |
|
Looks like setting the configuration here only works for runtime type |
The 'io.containerd.runc.v1' runtime type was deprecated in containerd 1.4, and does not support the systemd cgroup driver.
The option should work, because the nvidia runtime is just a repackaged runc runtime.
faiq
reviewed
Sep 12, 2022
Using snake case has no effect. Confirmed independently by both @faiq and @dlipovetsky.
Only "io.containerd.runc.v2" supports the SystemdCgroup option we need. I have seen multiple examples of this configuration in the wild, and since nvidia-container-runtime is a wrapper around runc, there should be no issues with using v2 of the containerd wrapper to runc.
faiq
changed the title
|
There's some flatcar specific changes I'd like to take a look at before merging as well |
faiq
changed the title
faiq
approved these changes
Oct 6, 2022
faiq
added a commit
that referenced
this pull request
Nov 17, 2022
…ver (#493) * fix: Configure containerd runc plugin to use systemd cgroup driver konvoy-image-builder installs kubelet as a systemd service, and kubelet therefore uses the systemd cgroup driver. The container runtime must use the same cgroup driver. > Note: In v1.22, if the user is not setting the cgroupDriver field > under KubeletConfiguration, kubeadm will default it to systemd. > -- https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/ * Use runtime type 'io.containerd.runc.v2' The 'io.containerd.runc.v1' runtime type was deprecated in containerd 1.4, and does not support the systemd cgroup driver. * Use systemd cgroup driver with the nvidia runtime The option should work, because the nvidia runtime is just a repackaged runc runtime. * Use SystemdCgroup instead of systemd_cgroup Using snake case has no effect. Confirmed independently by both @faiq and @dlipovetsky. * Use "io.containerd.runc.v2" for nvidia container runtime Only "io.containerd.runc.v2" supports the SystemdCgroup option we need. I have seen multiple examples of this configuration in the wild, and since nvidia-container-runtime is a wrapper around runc, there should be no issues with using v2 of the containerd wrapper to runc. * fix: from poor merge * fix: allows cgroups v2 by default for flatcar Co-authored-by: Faiq <faiq@users.noreply.github.com> Co-authored-by: faiq <faiqrazarizvi@gmail.com>
faiq
added a commit
that referenced
this pull request
Nov 17, 2022
…ver (#493) Co-authored-by: Faiq <faiq@users.noreply.github.com> Co-authored-by: faiq <faiqrazarizvi@gmail.com>
faiq
added a commit
that referenced
this pull request
Nov 17, 2022
…ver (#493) (#584) * fix: Configure containerd runc plugin to use systemd cgroup driver konvoy-image-builder installs kubelet as a systemd service, and kubelet therefore uses the systemd cgroup driver. The container runtime must use the same cgroup driver. > Note: In v1.22, if the user is not setting the cgroupDriver field > under KubeletConfiguration, kubeadm will default it to systemd. > -- https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/ * Use runtime type 'io.containerd.runc.v2' The 'io.containerd.runc.v1' runtime type was deprecated in containerd 1.4, and does not support the systemd cgroup driver. * Use systemd cgroup driver with the nvidia runtime The option should work, because the nvidia runtime is just a repackaged runc runtime. * Use SystemdCgroup instead of systemd_cgroup Using snake case has no effect. Confirmed independently by both @faiq and @dlipovetsky. * Use "io.containerd.runc.v2" for nvidia container runtime Only "io.containerd.runc.v2" supports the SystemdCgroup option we need. I have seen multiple examples of this configuration in the wild, and since nvidia-container-runtime is a wrapper around runc, there should be no issues with using v2 of the containerd wrapper to runc. * fix: from poor merge * fix: allows cgroups v2 by default for flatcar Co-authored-by: Faiq <faiq@users.noreply.github.com> Co-authored-by: faiq <faiqrazarizvi@gmail.com> Co-authored-by: Daniel Lipovetsky <3445370+dlipovetsky@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?:
konvoy-image-builder installs kubelet as a systemd service, and kubelet therefore uses the systemd cgroup driver.
The container runtime must use the same cgroup driver.
Which issue(s) does this PR fix?:
Special notes for your reviewer:
Does this PR introduce a user-facing change?: