From 7b0bf57f4c9b87a7b0c9362bdfbb5c0add2094d7 Mon Sep 17 00:00:00 2001 From: hetong07 Date: Thu, 18 Feb 2021 15:43:26 -0800 Subject: [PATCH 1/3] Stop using --memory for cgroup v2. --- pkg/drivers/kic/oci/oci.go | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/pkg/drivers/kic/oci/oci.go b/pkg/drivers/kic/oci/oci.go index 4993ddcd4c67..7007e50a2490 100644 --- a/pkg/drivers/kic/oci/oci.go +++ b/pkg/drivers/kic/oci/oci.go @@ -107,14 +107,27 @@ func PrepareContainerNode(p CreateParams) error { return nil } +func hasMemoryCgroup() bool { + memcg := true + if runtime.GOOS == "linux" { + var memory string + if cgroup2, err := IsCgroup2UnifiedMode(); err == nil && cgroup2 { + memory = "/sys/fs/cgroup/memory/memsw.limit_in_bytes" + } + if _, err := os.Stat(memory); os.IsNotExist(err) { + klog.Warning("Your kernel does not support memory limit capabilities or the cgroup is not mounted.") + memcg = false + } + } + return memcg +} + func hasMemorySwapCgroup() bool { memcgSwap := true if runtime.GOOS == "linux" { var memoryswap string if cgroup2, err := IsCgroup2UnifiedMode(); err == nil && cgroup2 { memoryswap = "/sys/fs/cgroup/memory/memory.swap.max" - } else { - memoryswap = "/sys/fs/cgroup/memory/memsw.limit_in_bytes" } if _, err := os.Stat(memoryswap); os.IsNotExist(err) { // requires CONFIG_MEMCG_SWAP_ENABLED or cgroup_enable=memory in grub @@ -171,6 +184,7 @@ func CreateContainerNode(p CreateParams) error { } memcgSwap := hasMemorySwapCgroup() + memcg := hasMemoryCgroup() // https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ var virtualization string @@ -179,11 +193,13 @@ func CreateContainerNode(p CreateParams) error { runArgs = append(runArgs, "--volume", fmt.Sprintf("%s:/var:exec", p.Name)) if memcgSwap { - runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory)) - // Disable swap by setting the value to match runArgs = append(runArgs, fmt.Sprintf("--memory-swap=%s", p.Memory)) } + if memcg { + runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory)) + } + virtualization = "podman" // VIRTUALIZATION_PODMAN } if p.OCIBinary == Docker { @@ -191,7 +207,9 @@ func CreateContainerNode(p CreateParams) error { // ignore apparmore github actions docker: https://github.com/kubernetes/minikube/issues/7624 runArgs = append(runArgs, "--security-opt", "apparmor=unconfined") - runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory)) + if memcg { + runArgs = append(runArgs, fmt.Sprintf("--memory=%s", p.Memory)) + } if memcgSwap { // Disable swap by setting the value to match runArgs = append(runArgs, fmt.Sprintf("--memory-swap=%s", p.Memory)) From e8c2a233982215ca4f73bd4fb990dc5770070586 Mon Sep 17 00:00:00 2001 From: hetong07 Date: Thu, 18 Feb 2021 16:09:51 -0800 Subject: [PATCH 2/3] Provide an advice for users on how to modify Grub setting. --- pkg/drivers/kic/oci/oci.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/drivers/kic/oci/oci.go b/pkg/drivers/kic/oci/oci.go index 7007e50a2490..cbf3188ea61c 100644 --- a/pkg/drivers/kic/oci/oci.go +++ b/pkg/drivers/kic/oci/oci.go @@ -186,6 +186,10 @@ func CreateContainerNode(p CreateParams) error { memcgSwap := hasMemorySwapCgroup() memcg := hasMemoryCgroup() + if !memcgSwap || !memcg { + out.WarningT("Cgroup v2 does not allow setting memory, if you want to set memory, please modify your Grub as instructed in https://docs.docker.com/engine/install/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities") + } + // https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ var virtualization string if p.OCIBinary == Podman { // enable execing in /var From 556a8d793040f97927e1ea177ca92d1402ce8250 Mon Sep 17 00:00:00 2001 From: hetong07 Date: Thu, 18 Feb 2021 16:43:19 -0800 Subject: [PATCH 3/3] Move the user facing warning inside hasMemoryCgroup(). --- pkg/drivers/kic/oci/oci.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkg/drivers/kic/oci/oci.go b/pkg/drivers/kic/oci/oci.go index cbf3188ea61c..4fa94113b9e1 100644 --- a/pkg/drivers/kic/oci/oci.go +++ b/pkg/drivers/kic/oci/oci.go @@ -116,6 +116,7 @@ func hasMemoryCgroup() bool { } if _, err := os.Stat(memory); os.IsNotExist(err) { klog.Warning("Your kernel does not support memory limit capabilities or the cgroup is not mounted.") + out.WarningT("Cgroup v2 does not allow setting memory, if you want to set memory, please modify your Grub as instructed in https://docs.docker.com/engine/install/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities") memcg = false } } @@ -186,10 +187,6 @@ func CreateContainerNode(p CreateParams) error { memcgSwap := hasMemorySwapCgroup() memcg := hasMemoryCgroup() - if !memcgSwap || !memcg { - out.WarningT("Cgroup v2 does not allow setting memory, if you want to set memory, please modify your Grub as instructed in https://docs.docker.com/engine/install/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities") - } - // https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ var virtualization string if p.OCIBinary == Podman { // enable execing in /var