From ddda05211b6c8ab9de0261596006e4456d5ccfc0 Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Wed, 28 Mar 2018 00:28:05 +0000
Subject: [PATCH] Use systemd service cgroup and oom score adj.

Signed-off-by: Lantao Liu <lantaol@google.com>
---
 cluster/gce/cloud-init/master.yaml  |  7 +------
 cluster/gce/cloud-init/node.yaml    |  7 +------
 cluster/gce/env                     |  2 +-
 contrib/ansible/cri-containerd.yaml | 10 +---------
 test/e2e_node/init.yaml             |  7 +------
 5 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/cluster/gce/cloud-init/master.yaml b/cluster/gce/cloud-init/master.yaml
index c2a2c9704..63d2ebcd0 100644
--- a/cluster/gce/cloud-init/master.yaml
+++ b/cluster/gce/cloud-init/master.yaml
@@ -30,12 +30,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -61,6 +55,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.
diff --git a/cluster/gce/cloud-init/node.yaml b/cluster/gce/cloud-init/node.yaml
index 6504861fd..61c8143d8 100644
--- a/cluster/gce/cloud-init/node.yaml
+++ b/cluster/gce/cloud-init/node.yaml
@@ -28,12 +28,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -59,6 +53,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.
diff --git a/cluster/gce/env b/cluster/gce/env
index 5c7c40428..3d197933a 100644
--- a/cluster/gce/env
+++ b/cluster/gce/env
@@ -15,5 +15,5 @@ export KUBE_CONTAINER_RUNTIME_ENDPOINT="/run/containerd/containerd.sock"
 export KUBE_LOAD_IMAGE_COMMAND="/home/containerd/usr/local/bin/ctr cri load"
 export NETWORK_POLICY_PROVIDER="calico"
 export NON_MASQUERADE_CIDR="0.0.0.0/0"
-export KUBE_KUBELET_EXTRA_ARGS="--runtime-cgroups=/runtime"
+export KUBE_KUBELET_EXTRA_ARGS="--runtime-cgroups=/system.slice/containerd.service"
 export KUBE_FEATURE_GATES="ExperimentalCriticalPodAnnotation=true,CRIContainerLogRotation=true"
diff --git a/contrib/ansible/cri-containerd.yaml b/contrib/ansible/cri-containerd.yaml
index d6475fa14..c8bf4a3dc 100644
--- a/contrib/ansible/cri-containerd.yaml
+++ b/contrib/ansible/cri-containerd.yaml
@@ -13,14 +13,6 @@
     - name: "Create a directory for containerd config"
       file: path=/etc/containerd state=directory
 
-    - name: "Add containerd config file"
-      blockinfile:
-        path: /etc/containerd/config.toml
-        create: yes
-        block: |
-          [cgroup]
-            path = "/runtime"
-
     - name: "Start Containerd"
       systemd: name=containerd daemon_reload=yes state=started enabled=yes
 
@@ -46,7 +38,7 @@
     - name: "Add runtime args in kubelet conf"
       lineinfile:
         dest: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
-        line: "Environment=\"KUBELET_EXTRA_ARGS= --runtime-cgroups=/runtime --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=/run/containerd/containerd.sock\""
+        line: "Environment=\"KUBELET_EXTRA_ARGS= --runtime-cgroups=/system.slice/containerd.service --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=/run/containerd/containerd.sock\""
         insertafter: '\[Service\]'
       when: check_args.stdout == ""
     
diff --git a/test/e2e_node/init.yaml b/test/e2e_node/init.yaml
index 08369e478..730461eb9 100644
--- a/test/e2e_node/init.yaml
+++ b/test/e2e_node/init.yaml
@@ -27,12 +27,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -58,6 +52,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.