Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

cgroups v2 in the guest #2494

Closed
2 tasks
devimc opened this issue Feb 24, 2020 · 6 comments
Closed
2 tasks

cgroups v2 in the guest #2494

devimc opened this issue Feb 24, 2020 · 6 comments
Labels
enhancement Improvement to an existing feature needs-review Needs to be assessed by the team.

Comments

@devimc
Copy link

devimc commented Feb 24, 2020
edited
Loading

Should kata use cgroups v2 in the guest?

tasks:

  • add systemd.unified_cgroup_hierarchy=1 to the kernel command line
  • patch agent to mount the cgroups using -t cgroup2 when running as init process

cc @fidencio @crobinso @amshinde
@devimc devimc added enhancement Improvement to an existing feature needs-review Needs to be assessed by the team. labels Feb 24, 2020
@fidencio
Copy link
Member

@devimc,

Although I do believe it does make sense, I would not enforce this.

I'd take the follow (conservative) approach:

  • Document how to add cgroups v2 support;
    • Add system.unified_cgroup_hierarchy=1 to the kernel_params, in the config file;
    • (maybe?) Add an option to build the agent using -t cgroup2 when running as init process;
  • Wait till the officially supported (guest) distros have cgroups v2 support;
  • And only then do the change;

Does this make sense?

The reason I'd take the conservative approach is that some distros may not support cgroups v2 yet and we'd face some issues with CI and whatnot.

For instance, do CentOS 7 or Ubuntu 18.04 support cgroups v2 (this is almost a retorical question that I'll try to answer Tomorrow ;-))? Don't we test on both?

@devimc
Copy link
Author

devimc commented Feb 24, 2020

@fidencio thanks for replying,

Document how to add cgroups v2 support;
Add system.unified_cgroup_hierarchy=1 to the kernel_params, in the config file;
(maybe?) Add an option to build the agent using -t cgroup2 when running as init process;

yeah, this makes sense to me, I can start working on the second point.

thanks for the feedback 👍

This was referenced Feb 24, 2020
Closed
Closed
@giuseppe
Copy link 

* Document how to add cgroups v2 support;
  
  * Add `system.unified_cgroup_hierarchy=1` to the kernel_params, in the config file;
  * (maybe?) Add an option to build the agent using `-t cgroup2` when running as init process;

* Wait till the officially supported (guest) distros have cgroups v2 support;

* And only then do the change;

I agree with @fidencio.

It also makes a big use case for kata containers as it allows the container payload to use a different cgroup version than on the host. Other OCI runtimes don't support (due to kernel limitations) mixing the two versions.

@amshinde
Copy link
Member

I am late here, but yeah agree with @fidencio. We need to wait to flip the switch till distros start supporting cgroupsv2. It will be useful to have the ability to use cgroupsv2 in the guest through configuration till then.

@devimc
Copy link
Author

devimc commented Feb 28, 2020

I agree, I raised kata-containers/agent#750 to allow users (like me) to play with v2 in the guest

@devimc
Copy link
Author

devimc commented Sep 22, 2020

fixed kata-containers/agent#750

@devimc devimc closed this as completed Sep 22, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Improvement to an existing feature needs-review Needs to be assessed by the team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@giuseppe @fidencio @amshinde @devimc