kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

setup/cri: add a section about cgroup drivers (#12638) 

* setup/cri: add a section about cgroup drivers

A cgroup driver is an important setting for the CRI and the kubelet.
Add a section that explains why "systemd" is the suggested value
for a driver when installing a CRI.

In the case of Docker the kubelet will receive this value automatically.
For the other CRIs, the users should tackle this manually.

* Update cri.md
pull/12570/head
Lubomir I. Ivanov 2019-02-18 03:20:21 +02:00 committed by Kubernetes Prow Robot
parent 5e4b2e21a5
commit 43764bd6fb
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
content/en/docs/setup/cri.md
View File

@ -26,6 +26,24 @@ Please refer to this link for more information about this issue
[cve-2019-5736 : runc vulnerability ] (https://access.redhat.com/security/cve/cve-2019-5736)
{{< /caution >}}
## Cgroup drivers
When systemd is chosen as the init system for a Linux distribution, the init process generates
and consumes a root cgroup and acts as a cgroup manager. Systemd has a tight integration with
cgroups and will allocate cgroups per process. It's possible to configure your container
runtime and the kubelet to use `cgroupfs`. This means that there will then be two different
cgroup managers.
Cgroups are used to constrain resources that are allocated to processes.
A single cgroup manager will simplify the view of what resources are being allocated
and will by default have a more consistent view of the available and in-use resources. When we have
two managers we end up with two views of those resources. We have seen cases in the field
where nodes that are configured to use `cgroupfs` for the kubelet and Docker, and `systemd`
for the rest of the processes running on the node becomes unstable under resource pressure.
Changing the settings such that your container runtime and kubelet use `systemd` as the cgroup driver
stabilized the system. Please note the `native.cgroupdriver=systemd` option in the Docker setup below.
## Docker
On each of your machines, install Docker.
@ -59,7 +77,7 @@ apt-get update && apt-get install docker-ce=18.06.2~ce~3-0~ubuntu
# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=cgroupfs"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"