cluster: use systemd cgroup driver for cgroupv2

* Detect if image is using cgroupv2 * Configure both kubelet and containerd to use systemd cgroup driver when running under cgroupv2 Systemd cgroup driver is recommended to be used when running on cgroupv2. It is also the default in moby https://github.com/moby/moby/pull/40846 Signed-off-by: David Porter <david@porter.me>
2022-07-18 16:06:30 -07:00 · 2022-07-18 16:06:30 -07:00 · 304a040a17
commit 304a040a17
parent 2694137bfd
1 changed files with 22 additions and 1 deletions
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -1621,7 +1621,13 @@ function start-kubelet {
  echo "Using kubelet binary at ${kubelet_bin}"

  local -r kubelet_env_file="/etc/default/kubelet"
-  local kubelet_opts="${KUBELET_ARGS} ${KUBELET_CONFIG_FILE_ARG:-}"
+
+  local kubelet_cgroup_driver=""
+  if [[ "${CGROUP_CONFIG-}" == "cgroup2fs" ]]; then
+    kubelet_cgroup_driver="--cgroup-driver=systemd"
+  fi
+
+  local kubelet_opts="${KUBELET_ARGS} ${KUBELET_CONFIG_FILE_ARG:-} ${kubelet_cgroup_driver:-}"
  echo "KUBELET_OPTS=\"${kubelet_opts}\"" > "${kubelet_env_file}"
  echo "KUBE_COVERAGE_FILE=\"/var/log/kubelet.cov\"" >> "${kubelet_env_file}"

@ -2967,6 +2973,11 @@ function override-kubectl {
    fi
 }

+function detect-cgroup-config {
+  CGROUP_CONFIG=$(stat -fc %T /sys/fs/cgroup/)
+  echo "Detected cgroup config as ${CGROUP_CONFIG}"
+}
+
 function override-pv-recycler {
  if [[ -z "${PV_RECYCLER_OVERRIDE_TEMPLATE:-}" ]]; then
    echo "PV_RECYCLER_OVERRIDE_TEMPLATE is not set"
@ -3060,6 +3071,13 @@ EOF
      cni_template_path=""
    fi
  fi
+
+   # Use systemd cgroup driver when running on cgroupv2
+  local systemdCgroup="false"
+  if [[ "${CGROUP_CONFIG-}" == "cgroup2fs" ]]; then
+    systemdCgroup="true"
+  fi
+
  cat > "${config_path}" <<EOF
 version = 2
 # Kubernetes requires the cri plugin.
@ -3089,6 +3107,8 @@ oom_score = -999
 # See: https://github.com/kubernetes/k8s.io/issues/3411
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
  endpoint = ["https://registry.k8s.io", "https://k8s.gcr.io",]
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+  SystemdCgroup = ${systemdCgroup}
 EOF

  if [[ "${CONTAINER_RUNTIME_TEST_HANDLER:-}" == "true" ]]; then
@ -3398,6 +3418,7 @@ function main() {
    fi
  fi

+  log-wrap 'DetectCgroupConfig' detect-cgroup-config
  log-wrap 'OverrideKubectl' override-kubectl
  if docker-installed; then
    # We still need to configure docker so it wouldn't reserver the 172.17.0/16 subnet