Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: set the kubelet cgroup driver to "systemd" during "init" #99471

Merged
merged 1 commit into from Mar 4, 2021
Merged

kubeadm: set the kubelet cgroup driver to "systemd" during "init" #99471

merged 1 commit into from Mar 4, 2021

Conversation

neolit123
Copy link
Member

@neolit123 neolit123 commented Feb 25, 2021
edited

What this PR does / why we need it:

The kubeadm documentation instructs users to set the container
runtime driver to "systemd", since kubeadm manages a kubelet via
the systemd init system. The kubelet default however is "cgroupfs".
For new clusters set the driver to "systemd" unless the user
is explicit about it. The same defaulting would not happen
during "upgrade".

Which issue(s) this PR fixes:

xref kubernetes/kubeadm#2376

Special notes for your reviewer:

Does this PR introduce a user-facing change?

ACTION REQUIRED: kubeadm: during "init" an empty cgroupDriver value in the KubeletConfiguration is now always set to "systemd" unless the user is explicit about it. This requires existing machine setups to configure the container runtime to use the "systemd" driver. Documentation on this topic can be found here: https://kubernetes.io/docs/setup/production-environment/container-runtimes/. When upgrading existing clusters / nodes using "kubeadm upgrade" the old cgroupDriver value is preserved, but in 1.22 this change will also apply to "upgrade". For more information on migrating to the "systemd" driver or remaining on the "cgroupfs" driver see: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Feb 25, 2021
@neolit123
Copy link
Member Author

/triage accepted
/milestone v1.21
/kind feature
/priority important-soon

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. kind/feature Categorizes issue or PR as related to a new feature. labels Feb 25, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Feb 25, 2021
@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Feb 25, 2021
@neolit123
Copy link
Member Author

/assign @SataQiu @fabriziopandini
/hold for review

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Feb 25, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 25, 2021
@neolit123 neolit123 mentioned this pull request Feb 25, 2021
Closed
This was referenced Feb 25, 2021
Closed
Closed
@BenTheElder
Copy link
Member

/cc
I've been meaning to actually switch kind over and/or explicitly set this. Will do that shortly.

@BenTheElder BenTheElder mentioned this pull request Feb 25, 2021
Merged
fabriziopandini
fabriziopandini reviewed Mar 1, 2021
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@neolit123 thanks for working on this!
Few nits, but overall lgtm

cmd/kubeadm/app/componentconfigs/kubelet.go Outdated Show resolved Hide resolved
cmd/kubeadm/app/cmd/init.go Show resolved Hide resolved
cmd/kubeadm/app/componentconfigs/kubelet.go Outdated Show resolved Hide resolved
cmd/kubeadm/app/componentconfigs/kubelet.go

// MutateCgroupDriver can be called to set the KubeletConfiguration cgroup driver to systemd
// Currently this cannot be as part of Default() because the function is called for
// upgrades too, which can break existing nodes after a kubelet restart.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we plan to move this back to default in next releases or do we think that a different upgrade path will be always required given that we are seeing users upgrading very old clusters?
Also, for sake of future memory, what about adding a note on Default about this field being defaulted out of band?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as i've mentioned, the defaulting being the same for all commands is problematic.
we have a similar case for the "docker cgroup driver detection" code, that i like to move to dockershim.

since i really don't like keeping MutateCgroupDriver() forever i wonder what is best here...

i don't wish to do add this change in Default() for this release because it would break upgrading users in just one release, but we could say that in 1 more release kubeadm will start doing that in all of its commands, which means we are going to merge the code in Default() and users have 1 release to adapt their nodes / CRs (move to the systemd driver).

i like this approach better, because this code separation is not ideal.

if you agree to that i can add a comment over Default() about MutateCgroupDriver().
..and update the release note too.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that this could be potentially disruptive, I think we should:

  • advertise the change through usual channels
  • have a warning in upgrade plan for at least one cycle (you are running with two cgroup drivers, see the doc to migrate)
  • (finally) make this our default

Copy link
Member Author

@neolit123 neolit123 Mar 2, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

advertise the change through usual channels

i can send a notification to k-dev and #kubeadm

have a warning in upgrade plan for at least one cycle (you are running with two cgroup drivers, see the doc to migrate)

i can see where in upgrade plan this can be added for this PR.
the migration docs are waiting for review and i will like to them from the release note too.
kubernetes/website#26786

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fabriziopandini added a warning during "plan".

cmd/kubeadm/app/componentconfigs/kubelet.go Outdated Show resolved Hide resolved
@neolit123 neolit123 force-pushed the 1.21-default-systemd-cgroup-driver branch from 5200c55 to 74da3dc Compare March 1, 2021 20:18
@neolit123
Copy link
Member Author

neolit123 commented Mar 1, 2021
edited

@fabriziopandini
updated based on your comments:

ACTION REQUIRED: kubeadm: during "init" the cgroupDriver value in the KubeletConfiguration is now always set to "systemd" unless the user is explicit about its value. This requires existing machine setups to configure the container runtime to use the "systemd" driver. Documentation on this topic can be found here: https://kubernetes.io/docs/setup/production-environment/container-runtimes/. When upgrading existing clusters / nodes using "kubeadm upgrade" the old cgroupDriver value is preserved, but in 1.22 this change will also apply to "upgrade". To migrate to the "systemd" driver you must change the value in "kubelet-config-x.yy" under "kube-system", drain the node, stop the kubelet on the node, stop the CR on the node and change its driver, start the CR and kubelet again, and finally uncordon the node. If you don't wish to migrate to the "systemd" driver, set the value in "kubelet-config-x.yy" to "cgroupfs".

appreciate comments on the wording of the release note too.

@neolit123 neolit123 mentioned this pull request Mar 1, 2021
Merged
SataQiu
SataQiu reviewed Mar 2, 2021
View reviewed changes
cmd/kubeadm/app/componentconfigs/kubelet.go Outdated
// upgrades too, which can break existing nodes after a kubelet restart.
// TODO: https://github.com/kubernetes/kubeadm/issues/2376
func MutateCgroupDriver(cfg *kubeadmapi.ClusterConfiguration) {
const driver = "systemd"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we consider using global constant instead of redefining the driver?

kubernetes/cmd/kubeadm/app/util/cgroupdriver.go

Line 29 in be2a298

CgroupDriverSystemd = "systemd"

Copy link
Member Author

@neolit123 neolit123 Mar 2, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i prefer to contain it here.
actually there is already a constant in preflight for the driver:
https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/preflight/checks_linux.go#L35

but i'd like to remove that preflight and docker detection code, if we get this in 1.21:
#98222

@SataQiu
Copy link
Member

SataQiu commented Mar 2, 2021

@neolit123 Few nits, but overall LGTM!

@neolit123
Copy link
Member Author

updated release note to:

ACTION REQUIRED: kubeadm: during "init" the cgroupDriver value in the KubeletConfiguration is now always set to "systemd" unless the user is explicit about its value. This requires existing machine setups to configure the container runtime to use the "systemd" driver. Documentation on this topic can be found here: https://kubernetes.io/docs/setup/production-environment/container-runtimes/. When upgrading existing clusters / nodes using "kubeadm upgrade" the old cgroupDriver value is preserved, but in 1.22 this change will also apply to "upgrade". For more information on migrating to the "systemd" driver or remaining on the "cgroupfs" driver see: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/.

after i prepared the new documentation page:
kubernetes/website#26786

@neolit123
kubeadm: set the kubelet cgroup driver to "systemd" during "init"
b6ff320 
The kubeadm documentation instructs users to set the container
runtime driver to "systemd", since kubeadm manages a kubelet via
the systemd init system. The kubelet default however is "cgroupfs".
For new clusters set the driver to "systemd" unless the user
is explicit about it. The same defaulting would not happen
during "upgrade".
@neolit123 neolit123 force-pushed the 1.21-default-systemd-cgroup-driver branch from 74da3dc to b6ff320 Compare March 2, 2021 16:39
@fabriziopandini
Copy link
Member

/lgtm
/retest

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 4, 2021
@neolit123
Copy link
Member Author

/hold cancel
will send notification to k-dev.

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 4, 2021
@k8s-ci-robot k8s-ci-robot merged commit 504b86c into kubernetes:master Mar 4, 2021
@pacoxu pacoxu mentioned this pull request Jan 7, 2022
Closed
luisico added a commit to luisico/ansible-kubernetes that referenced this pull request Mar 3, 2022
@luisico
Explicitly set cgroup driver
7f8a3ef 
See kubernetes/kubernetes#99471
@chrischdi chrischdi mentioned this pull request May 17, 2022
Merged
3 tasks
@pacoxu pacoxu mentioned this pull request Aug 26, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabriziopandini fabriziopandini fabriziopandini left review comments

@SataQiu SataQiu SataQiu left review comments

@BenTheElder BenTheElder Awaiting requested review from BenTheElder

Assignees

@fabriziopandini fabriziopandini

@SataQiu SataQiu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-action-required Denotes a PR that introduces potentially breaking changes that require user action. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@neolit123 @k8s-ci-robot @BenTheElder @SataQiu @fabriziopandini