diff --git a/images/base/files/usr/local/bin/create-kubelet-cgroup-v2 b/images/base/files/usr/local/bin/create-kubelet-cgroup-v2 index 120f60f3b5..8d0d0be8b9 100755 --- a/images/base/files/usr/local/bin/create-kubelet-cgroup-v2 +++ b/images/base/files/usr/local/bin/create-kubelet-cgroup-v2 @@ -44,3 +44,6 @@ ensure_subtree_control() { ensure_subtree_control / mkdir -p /sys/fs/cgroup/kubelet ensure_subtree_control /kubelet +# again for kubelet.slice for systemd cgroup driver +mkdir -p /sys/fs/cgroup/kubelet.slice +ensure_subtree_control /kubelet.slice diff --git a/images/base/files/usr/local/bin/entrypoint b/images/base/files/usr/local/bin/entrypoint index 372535d36a..2fa469cf5f 100755 --- a/images/base/files/usr/local/bin/entrypoint +++ b/images/base/files/usr/local/bin/entrypoint @@ -289,10 +289,12 @@ fix_cgroup() { # "nesting" clusters, unless we instruct it to use a different cgroup root. # We do this, and when doing so we must fixup this alternative root # currently this is hardcoded to be /kubelet + # under systemd cgroup driver, kubelet appends .slice mount --make-rprivate /sys/fs/cgroup echo "${cgroup_subsystems}" | while IFS= read -r subsystem; do mount_kubelet_cgroup_root "/kubelet" "${subsystem}" + mount_kubelet_cgroup_root "/kubelet.slice" "${subsystem}" done }