Merge pull request #704 from Random-Liu/use-systemd

Use systemd service cgroup and oom score adj.

cluster/gce/cloud-init/master.yaml

@@ -30,12 +30,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -61,6 +55,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.

cluster/gce/cloud-init/node.yaml

@@ -28,12 +28,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -59,6 +53,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.

cluster/gce/env

@@ -15,5 +15,5 @@ export KUBE_CONTAINER_RUNTIME_ENDPOINT="/run/containerd/containerd.sock"
 export KUBE_LOAD_IMAGE_COMMAND="/home/containerd/usr/local/bin/ctr cri load"
 export NETWORK_POLICY_PROVIDER="calico"
 export NON_MASQUERADE_CIDR="0.0.0.0/0"
-export KUBE_KUBELET_EXTRA_ARGS="--runtime-cgroups=/runtime"
+export KUBE_KUBELET_EXTRA_ARGS="--runtime-cgroups=/system.slice/containerd.service"
 export KUBE_FEATURE_GATES="ExperimentalCriticalPodAnnotation=true,CRIContainerLogRotation=true"

contrib/ansible/cri-containerd.yaml

@@ -13,14 +13,6 @@
     - name: "Create a directory for containerd config"
       file: path=/etc/containerd state=directory
 
-    - name: "Add containerd config file"
-      blockinfile:
-        path: /etc/containerd/config.toml
-        create: yes
-        block: |
-          [cgroup]
-            path = "/runtime"
-
     - name: "Start Containerd"
       systemd: name=containerd daemon_reload=yes state=started enabled=yes
 
@@ -46,7 +38,7 @@
     - name: "Add runtime args in kubelet conf"
       lineinfile:
         dest: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
-        line: "Environment=\"KUBELET_EXTRA_ARGS= --runtime-cgroups=/runtime --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=/run/containerd/containerd.sock\""
+        line: "Environment=\"KUBELET_EXTRA_ARGS= --runtime-cgroups=/system.slice/containerd.service --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=/run/containerd/containerd.sock\""
         insertafter: '\[Service\]'
       when: check_args.stdout == ""
     

test/e2e_node/init.yaml

@@ -27,12 +27,6 @@ write_files:
     permissions: 0644
     owner: root
     content: |
-      # installed by cloud-init
-      oom_score = -999
-
-      [cgroup]
-        path = "/runtime"
-
       [plugins.linux]
         shim = "/home/containerd/usr/local/bin/containerd-shim"
         runtime = "/home/containerd/usr/local/sbin/runc"
@@ -58,6 +52,7 @@ write_files:
       RestartSec=5
       Delegate=yes
       KillMode=process
+      OOMScoreAdjust=-999
       LimitNOFILE=1048576
       # Having non-zero Limit*s causes performance problems due to accounting overhead
       # in the kernel. We recommend using cgroups to do container-local accounting.