Skip to content

Commit f7ac0ba

Browse files
ijcijc
authored
Merge pull request #49 from ijc/cgroups-improvements
Improved cgroup configuration
2 parents b0bc704 + 0f39604 commit f7ac0ba

File tree

6 files changed

+32
-31
lines changed

6 files changed

+32
-31
lines changed

pkg/cri-containerd/build.yml

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,10 @@ config:
1616
- /run/containerd/containerd.sock:/run/containerd/containerd.sock
1717
- /var/lib/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins:rshared,rbind
1818
mounts:
19-
- type: cgroup
20-
options:
21-
- rw
22-
- nosuid
23-
- noexec
24-
- nodev
25-
- relatime
19+
- type: bind
20+
source: /sys/fs/cgroup
21+
destination: /sys/fs/cgroup
22+
options: ["rw","rbind","rshared","nosuid","noexec","nodev","relatime"]
2623
capabilities:
2724
- all
2825
rootfsPropagation: shared

pkg/kubelet/build.yml

Lines changed: 10 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -17,18 +17,19 @@ config:
1717
- /var/lib/cni/conf:/etc/cni/net.d:rshared,rbind
1818
- /var/lib/cni/bin:/opt/cni/bin:rshared,rbind
1919
mounts:
20-
- type: cgroup
21-
options:
22-
- rw
23-
- nosuid
24-
- noexec
25-
- nodev
26-
- relatime
20+
- type: bind
21+
source: /sys/fs/cgroup
22+
destination: /sys/fs/cgroup
23+
options: ["rw","rbind","rshared","nosuid","noexec","nodev","relatime"]
2724
capabilities:
2825
- all
2926
rootfsPropagation: shared
3027
pid: host
3128
runtime:
29+
cgroups:
30+
- systemreserved
31+
- podruntime
32+
- kubepods
3233
mkdir:
3334
- /var/lib/kubeadm
3435
- /var/lib/cni/conf
@@ -38,12 +39,8 @@ config:
3839
- type: bind
3940
source: /var/lib/cni/bin
4041
destination: /opt/cni/bin
41-
options:
42-
- rw
43-
- bind
42+
options: ["rw","bind"]
4443
- type: bind
4544
source: /var/lib/cni/conf
4645
destination: /etc/cni/net.d
47-
options:
48-
- rw
49-
- bind
46+
options: ["rw","bind"]

pkg/kubelet/kubelet.sh

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,14 @@ echo "kubelet.sh: ${await} has arrived" 2>&1
6363

6464
mkdir -p /etc/kubernetes/manifests
6565

66+
# If using --cgroups-per-qos then need to use --cgroup-root=/ and not
67+
# the --cgroup-root=kubepods from below. This can be done at image
68+
# build time by adding to the service definition:
69+
#
70+
# command:
71+
# - /usr/bin/kubelet.sh
72+
# - --cgroup-root=/
73+
# - --cgroups-per-qos
6674
exec kubelet --kubeconfig=/etc/kubernetes/kubelet.conf \
6775
--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
6876
--pod-manifest-path=/etc/kubernetes/manifests \
@@ -77,4 +85,5 @@ exec kubelet --kubeconfig=/etc/kubernetes/kubelet.conf \
7785
--cadvisor-port=0 \
7886
--kube-reserved-cgroup=podruntime \
7987
--system-reserved-cgroup=systemreserved \
88+
--cgroup-root=kubepods \
8089
$KUBELET_ARGS $@

yml/cri-containerd.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
services:
22
- name: cri-containerd
3-
image: linuxkit/cri-containerd:6d7a253f3e69c506c76f0a0dfa32b7c307b0c9ee
3+
image: linuxkit/cri-containerd:b16c1a3f11b986d8f818d2797920db411ff51ac1
44
cgroupsPath: podruntime/cri-containerd
55
files:
66
- path: /etc/kubelet.sh.conf

yml/docker.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,10 @@ services:
55
- all
66
pid: host
77
mounts:
8-
- type: cgroup
9-
options: ["rw","nosuid","noexec","nodev","relatime"]
8+
- type: bind
9+
source: /sys/fs/cgroup
10+
destination: /sys/fs/cgroup
11+
options: ["rw","rbind","rshared","nosuid","noexec","nodev","relatime"]
1012
binds:
1113
- /dev:/dev
1214
- /etc/resolv.conf:/etc/resolv.conf

yml/kube.yml

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
kernel:
2-
image: linuxkit/kernel:4.9.75
2+
image: linuxkit/kernel:4.9.76
33
cmdline: "console=tty0 console=ttyS0"
44
init:
5-
- linuxkit/init:26def2174c74efa0ea8006ebd63ebb5d02e9513e
5+
- linuxkit/init:6992bd1308bdfd8af5a74aba293bb53e99b482bd
66
- linuxkit/runc:abc3f292653e64a2fd488e9675ace19a55ec7023
77
- linuxkit/containerd:e58a382c33bb509ba3e0e8170dfaa5a100504c5b
88
- linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0
@@ -20,7 +20,7 @@ onboot:
2020
- name: metadata
2121
image: linuxkit/metadata:2af15c9f4b0e73515c219b7cc14e6e65e1d4fd6d
2222
- name: format
23-
image: linuxkit/format:e945016ec780a788a71dcddc81497d54d3b14bc7
23+
image: linuxkit/format:5a1140cb65e733f26de727fa684fef1326e9d5ab
2424
- name: mounts
2525
image: linuxkit/mount:b346ec277b7074e5c9986128a879c10a1d18742b
2626
command: ["/usr/bin/mountie", "/var/lib/"]
@@ -40,12 +40,8 @@ services:
4040
image: linuxkit/sshd:ac5e8364e2e9aa8717a3295c51eb60b8c57373d5
4141
cgroupsPath: systemreserved/sshd
4242
- name: kubelet
43-
image: linuxkit/kubelet:0e6902fbb878f592b8be03605e18d917e622ce31
43+
image: linuxkit/kubelet:bf10112fabce0f713ea1eea2a8798d350b25fe98
4444
cgroupsPath: podruntime/kubelet
45-
runtime:
46-
cgroups:
47-
- systemreserved
48-
- podruntime
4945
files:
5046
- path: etc/linuxkit.yml
5147
metadata: yaml

0 commit comments

Comments
 (0)