Set systemd as Cgroup Driver

Posted on | Edited on | In

Kubernetes version 1.13.2

We want to use systemd as cgroup driver for docker and kubelet, let’s see how to achieve that.

First you need to understand what is systemd and cgroup? You can refer to this article.

systemd is a suite of system management daemons, libraries, and utilities designed as a central management and configuration platform for the GNU/Linux computer operating system. It provides a system and service manager that runs as PID 1 and starts the rest of the system as alternative to the traditional sysVinit.

systemd organizes processes with cgroups, this is a Linux kernel feature to limit, police and account the resource usage of certain processes (actually process groups).

Configure docker

After you install and start docker, by default it will use cgroupfs as the cgroup driver, check by running:

1
2
3
docker info | grep Cgroup

Cgroup Driver: cgroupfs

Edit /usr/lib/systemd/system/docker.service file:

1
ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd

Then reload daemon and restart docker

1
2
systemctl daemon-reload
systemctl restart docker

Verify the change

1
2
3
docker info | grep Cgroup

Cgroup Driver: systemd

Configure kubelet

Currently, the kubelet cannot automatically detects the cgroup driver used by the CRI runtime, but the value of --cgroup-driver must match the cgroup driver used by the CRI runtime to ensure the health of the kubelet.

Note: interesting thing is kubeadm init now can automatically detect and set kubelet with the same cgroup driver as docker (I use version 1.13.x).

There is a file: /var/lib/kubelet/kubeadm-flags.env, that kubeadm init and kubeadm join generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically, in /etc/systemd/system/kubelet.service.d/10-kubeadm.conf you can see it:

you will see systemd resides in /var/lib/kubelet/kubeadm-flags.env:

1
KUBELET_KUBEADM_ARGS=--cgroup-driver=systemd --network-plugin=cni --pod-infra-container-image=k8s.gcr.io/pause:3.1

Anyway let’s see how to do the configuration manually. After install kubelet, go to edit /etc/systemd/system/kubelet.service.d/10-kubeadm.conf file, add this line:

1
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"

Append $KUBELET_CGROUP_ARGS at end of ExecStart=/usr/bin/kubelet statement:

Note: in the file /etc/systemd/system/kubelet.service, it seems you can also configure here: ExecStart=/usr/bin/kubelet --cgroup-driver=systemd, not very clear the difference.

Then when you complete kubeadm init, verify the change:

1
2
3
4
5
6
7
8
9
10
ps aux | grep kubelet

root     19864  4.5  0.6 2326996 104192 ?      Ssl  01:21  32:49 /usr/bin/kubelet
--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf 
--kubeconfig=/etc/kubernetes/kubelet.conf 
--config=/var/lib/kubelet/config.yaml 
--cgroup-driver=systemd 
--network-plugin=cni 
--pod-infra-container-image=k8s.gcr.io/pause:3.1 
--cgroup-driver=systemd

You see, there are 2 --cgroup-driver=systemd options, so I think manually configure kubelet service file is needless.

0%