-
Notifications
You must be signed in to change notification settings - Fork 14.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move cgroup v1 support to maintenance mode
Signed-off-by: Harshal Patil <harpatil@redhat.com>
- Loading branch information
Showing
1 changed file
with
39 additions
and
0 deletions.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
content/en/docs/tasks/administer-cluster/cgroupv1-maintenance-mode.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| --- | ||
| title: Moving cgroup v1 support into maintenance mode | ||
| min-kubernetes-server-version: 1.31 | ||
| content_type: task | ||
| weight: 90 | ||
| --- | ||
|
|
||
| <!-- overview --> | ||
|
|
||
| The Linux kernel community has made cgroup v2 the focus for new features, offering better functionality, a more consistent interface, and improved scalability. As a result, major Linux distributions and projects like systemd are phasing out support for cgroup v1. This trend creates an imperative for Kubernetes to align with these changes. | ||
|
|
||
|
|
||
| <!-- steps --> | ||
|
|
||
|
|
||
| ## Why switch to cgroup v2? | ||
|
|
||
| Switching to cgroup v2 offers enhanced functionality, a more consistent interface, and improved scalability, making it a superior choice for resource management in Kubernetes. The Linux kernel community and major projects like systemd are phasing out cgroup v1 in favor of cgroup v2, which is becoming the industry standard. By aligning with this trend, Kubernetes ensures better compatibility with the broader ecosystem, benefits from increased security and efficiency, and stays current with the latest advancements in Linux kernel resource management. | ||
|
|
||
|
|
||
| ## What Does Maintenance Mode Mean? | ||
|
|
||
| Maintenance mode for cgroup v1 support in Kubernetes implies several key changes and priorities. Firstly, no new features will be introduced to the cgroup v1 support code; its existing functionality will be considered complete and stable. To ensure ongoing validation, a set of end-to-end (e2e) tests will be maintained for the currently supported features of cgroup v1. In terms of security, the Kubernetes community may provide fixes for Critical and Important CVEs related to cgroup v1, as long as the release is not end-of-life. Best-effort bug fixes will address critical security vulnerabilities on a priority basis, and major bugs will be evaluated for potential fixes if feasible solutions exist. However, some bugs in cgroup v1 support may remain unresolved, particularly those requiring substantial changes or fixes in the kernel or other dependencies. | ||
|
|
||
| Importantly, removing cgroup v1 support is not a goal of this phase; deprecation and removal, if required, will be addressed in a future Kubernetes releases. | ||
|
|
||
| ## How to Determine the cgroup Version Used by Your Nodes | ||
|
|
||
| To find out which version of cgroup your cluster nodes are using, refer to the `kubelet_cgroup_version` metric. For nodes running Linux, this metric will return either `1` for cgroup v1 or `2` for cgroup v2. For non-Linux operating systems, it will return `0`. | ||
|
|
||
| Additionally, kubelet logs and events will display a warning message: "Cgroup v1 support is in maintenance mode, please migrate to Cgroup v2." | ||
|
|
||
| ## Failing on cgroup v1 Nodes | ||
|
|
||
| If you want to ensure that your cluster does not use nodes with cgroup v1, you can use the kubelet flag `--fail-cgroup-v1`. This flag will cause the kubelet to exit if it detects that the host is using cgroup v1. Note that this flag is disabled by default. Alternatively, you can set this option in the kubelet configuration by setting `FailCgroupV1` to `true`. | ||
|
|
||
|
|
||
|
|
||
|
|