Page MenuHomePhabricator
Create Task
Maniphest T313473

Switch to cgroup v2 and systemd as cgroup driver for docker and kubelet
Closed, ResolvedPublic
Actions

Description

We're currently running k8s nodes with cgroup v2 disabled (systemd.unified_cgroup_hierarchy=0) as kubelet 1.16 only supports v1. We're also running docker with cgroupfs which is said to cause instability under pressure.

With the k8s 1.23 update we should:

  • Enable cgroup v2: systemd.unified_cgroup_hierarchy=1
  • Docker supports cgroup v2 since Docker 20.10. Running Docker on cgroup v2 also requires the following conditions to be satisfied:
    • containerd: v1.4 or later
    • runc: v1.0.0-rc91 or later
    • Kernel: v4.15 or later (v5.2 or later is recommended)
  • Switch the docker cgroup driver to systemd: native.cgroupdriver=systemd (https://gerrit.wikimedia.org/r/c/operations/puppet/+/524186)
  • Ensure kubelet runs with cgroup driver systemd as well: --cgroup-driver=systemd

https://v1-23.docs.kubernetes.io/docs/setup/production-environment/container-runtimes/#cgroup-drivers
https://v1-23.docs.kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#configuring-a-cgroup-driver

See also: T277876: Reserve resources for system daemons on kubernetes nodes

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+11 -5k8s: Use systemd cgroup (v2) driver with 1.23
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Jul 21 2022, 8:34 AM
Restricted Application added a subscriber: Aklapper. ยท View Herald TranscriptJul 21 2022, 8:34 AM
JMeybohm updated the task description. (Show Details)Aug 14 2022, 1:55 PM
jijiki moved this task from Incoming ๐Ÿซ to ๐Ÿ™ˆ๐Ÿ™‰๐Ÿ™ŠBacklog on the serviceops board.Sep 28 2022, 2:17 PM
jijiki moved this task from ๐Ÿ™ˆ๐Ÿ™‰๐Ÿ™ŠBacklog to Backlog FY22-23 ๐Ÿšœ on the serviceops board.Nov 8 2022, 6:12 PM
JMeybohm claimed this task.Nov 10 2022, 1:26 PM
JMeybohm moved this task from Backlog FY22-23 ๐Ÿšœ to Doing ๐Ÿ˜Ž on the serviceops board.
gerritbot added a comment.Nov 10 2022, 1:27 PM

Change 855567 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] k8s: Use systemd cgroup (v2) driver with 1.23

https://gerrit.wikimedia.org/r/855567

gerritbot added a project: Patch-For-Review.Nov 10 2022, 1:27 PM
gerritbot added a comment.Nov 10 2022, 2:04 PM

Change 855567 merged by JMeybohm:

[operations/puppet@production] k8s: Use systemd cgroup (v2) driver with 1.23

https://gerrit.wikimedia.org/r/855567

Maintenance_bot removed a project: Patch-For-Review.Nov 10 2022, 2:30 PM
JMeybohm closed this task as Resolved.Nov 11 2022, 9:25 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. ยท Wikimedia Foundation ยท Privacy Policy ยท Code of Conduct ยท Terms of Use ยท Disclaimer ยท CC-BY-SA ยท GPL