Set the kubelet --cgroup-driver flag conditionally at kubeadm init time for Docker
#844
Comments
luxas
added
kind/enhancement
priority/important-soon
|
i really wanted to see a solution where they make the default kubelet this would avoid kubeadm setting the driver explicitly, given the kubelet knows what driver to use. |
|
WDYT @kubernetes/sig-node-feature-requests about the suggestion above? cc @mtaufen |
k8s-ci-robot
added
sig/node
|
/cc @filbranden |
|
@neolit123 I meant to work on something like that... But talking to @Random-Liu we noticed it was hard to support that since the Runtime (CRI) doesn't need to be up when kubelet starts and we would like to avoid blocking on the Runtime for kubelet startup... We discussed a few alternative proposals, but we have nothing to show yet. One possible alternative is to make the CRI the slave and kubelet the master for that attribute. (If kubelet sends the Runtime a systemd cgroup path, then Runtime also uses the systemd cgroup driver and vice-versa.) We might need some changes in libcontainer to do that... It should be feasible. |
it's a complicated change and a long-term one, but i guess it would work!
you have probably considered this already, but wouldn't the following be the easiest short-term solution that doesn't modify the current kubelet / CRI (master-on-slave) setup:
|
|
The current way the code is laid out makes it tricky... Even with docker-shim, it turns out there is code that depends on the cgroup driver setting that runs before the first connection to docker-shim is made... So it's actually quite a big refactor. That's when I started talking to @Random-Liu about this and we looked at the other shortcomings of the approach. Agreed, having CRI runtimes do both cgroup drivers (and have the request from kubelet decide) is a long term project, it's gonna take a while... |
|
@filbranden |
|
@neolit123 let's go with this approach for the moment then |
|
@luxas what do you have in mind for the detection of the CRI driver at kubeadm runtime? something like this would fetch it: but it's a command line and only for docker... |
|
We expect the CRI to be running at the time kubeadm is running. Can you query the CRI runtime for that information for the general case or just query |
should that be done with
could you elaborate on |
No I don't, I never really filed one, I was trying to get a commit at least to a prototype stage before doing that, and given I found it wasn't really feasible, I didn't move forward...
That's also part of the problem... CRI doesn't really have an official way to expose that either... IIRC, for When I checked So if you want to query it, you might need to add some more support in CRI to export that... (Perhaps the |
|
You might find this interesting too! Cheers, |
|
thanks for the details! i will have a look at this tomorrow:
oh, well. i'm not exactly sure how we can proceed with this for 1.11. |
|
hmm, let's do this only for docker then. So if the CRISocket is dockershim, check |
|
available since 1.13 $ docker system info --format '{{.CgroupDriver}}'
cgroupfs |
|
@luxas @stealthybox |
luxas
added
the
lifecycle/active
|
NOTE: keeping this issue for the rest of the CRI. |
neolit123
added
priority/important-longterm
|
@neolit123 Would you be okay with keeping this in the v1.11 milestone to track what's needed for v1.11 and then open a new to track the rest of the CRI work in order to not change purpose midterm? |
|
@luxas ok! |
neolit123
added
priority/important-soon
neolit123
changed the title
--cgroup-driver flag conditionally at kubeadm init time--cgroup-driver flag conditionally at kubeadm init time for Docker
Automatic merge from submit-queue (batch tested with PRs 64338, 64219, 64486, 64495, 64347). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: conditionally set the kubelet cgroup driver for Docker **What this PR does / why we need it**: Add a new utility file - util/cgroupdriver.go. Currently it only contains the public function GetCgroupDriverDocker(). The function uses 'docker info' to obtain the cgroup driver for Docker. On a later stage this file can contain more methods for different CRI. Use GetCgroupDriverDocker() in phases/kubelet/flags.go to conditionally set the 'cgroup-driver' argument. On error print a warning and don't set the argument value. Add unit tests in cgroupdriver_test.go. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes kubernetes/kubeadm#844 **Special notes for your reviewer**: NONE **Release note**: ```release-note kubeadm: conditionally set the kubelet cgroup driver for Docker ``` /area kubeadm /kind enhancement @kubernetes/sig-cluster-lifecycle-pr-reviews @luxas
When kubernetes/kubernetes#63887 merges, we should set the kubelet's
--cgroup-driverflag to eithersystemdorcgroupfsconditionally at kubeadm init time, incmd/kubeadm/app/phases/kubelet/flags.go.This instead of doing it statically in the deb/rpm packages.
xref related issue: #822
PR:
kubernetes/kubernetes#64347
The text was updated successfully, but these errors were encountered: