Merge pull request #1747 from jbarrick-mesosphere/master

Support configuring a cgroup root for kubelet
kubernetes-sigs · Dec 4, 2020 · 381ddab · 381ddab
2 parents 9f6a12b + 08b6148
commit 381ddab
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/images/base/files/etc/systemd/system/kubelet.service.d/10-kubeadm.conf b/images/base/files/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
@@ -9,4 +9,4 @@ EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
 # the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
 EnvironmentFile=-/etc/default/kubelet
 ExecStart=
-ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --cgroup-root=/kubelet
diff --git a/images/base/files/usr/local/bin/entrypoint b/images/base/files/usr/local/bin/entrypoint
@@ -62,6 +62,30 @@ fix_mount() {
   mount --make-rshared /
 }
 
+mount_kubelet_cgroup_root() {
+  cgroup_root=$1
+  subsystem=$2
+
+  if [ -n "${cgroup_root}" ]; then
+    # This is because we set Kubelet's cgroup-root to `/kubelet` by
+    # default. We have to do that because otherwise, it'll collide
+    # with the cgroups used by the Kubelet running on the host if we
+    # run kind cluster within a Kubernetes pod, resulting in random
+    # processes to be killed.
+    mkdir -p "${subsystem}/${cgroup_root}"
+    if [ "${subsystem}" == "/sys/fs/cgroup/cpuset" ]; then
+      # This is needed. Otherwise, assigning process to the cgroup
+      # (or any nested cgroup) would result in ENOSPC.
+      cat "${subsystem}/cpuset.cpus" > "${subsystem}/${cgroup_root}/cpuset.cpus"
+      cat "${subsystem}/cpuset.mems" > "${subsystem}/${cgroup_root}/cpuset.mems"
+    fi
+    # We need to perform a self bind mount here because otherwise,
+    # systemd might delete the cgroup unintentionally before the
+    # kubelet starts.
+    mount --bind "${subsystem}/${cgroup_root}" "${subsystem}/${cgroup_root}"
+  fi
+}
+
 fix_cgroup() {
   echo 'INFO: fix cgroup mounts for all subsystems'
   # For each cgroup subsystem, Docker does a bind mount from the current
@@ -85,10 +109,11 @@ fix_cgroup() {
     while IFS= read -r subsystem; do
       mkdir -p "${subsystem}${docker_cgroup}"
       mount --bind "${subsystem}" "${subsystem}${docker_cgroup}"
+      mount_kubelet_cgroup_root "/kubelet" "${subsystem}"
     done
   fi
   local podman_cgroup_mounts
-  podman_cgroup_mounts=$(grep /sys/fs/cgroup /proc/self/mountinfo | grep libpod_parent || true)
+  podman_cgroup_mounts=$(grep /sys/fs/cgroup /proc/self/mountinfo | grep libpod || true)
   if [[ -n "${podman_cgroup_mounts}" ]]; then
     local podman_cgroup cgroup_subsystems subsystem
     podman_cgroup=$(echo "${podman_cgroup_mounts}" | head -n 1 | cut -d' ' -f 4)
@@ -97,6 +122,7 @@ fix_cgroup() {
     while IFS= read -r subsystem; do
       mkdir -p "${subsystem}${podman_cgroup}"
       mount --bind "${subsystem}" "${subsystem}${podman_cgroup}"
+      mount_kubelet_cgroup_root "/kubelet" "${subsystem}"
     done
   fi
 }

diff --git a/pkg/build/nodeimage/defaults.go b/pkg/build/nodeimage/defaults.go
@@ -20,7 +20,7 @@ package nodeimage
 const DefaultImage = "kindest/node:latest"
 
 // DefaultBaseImage is the default base image used
-const DefaultBaseImage = "kindest/base:v20201112-cc74d297"
+const DefaultBaseImage = "kindest/base:v20201130-23777eca"
 
 // DefaultMode is the default kubernetes build mode for the built image
 // see pkg/build/kube.Bits