---
title: 配置 cgroup 驱动
content_type: task
weight: 10
---
<!-- 
---
title: Configuring a cgroup driver
content_type: task
weight: 10
---
-->

<!-- overview -->

<!-- 
This page explains how to configure the kubelet cgroup driver to match the container
runtime cgroup driver for kubeadm clusters.
-->
本页阐述如何配置 kubelet 的 cgroup 驱动以匹配 kubeadm 集群中的容器运行时的 cgroup 驱动。

## {{% heading "prerequisites" %}}

<!-- 
You should be familiar with the Kubernetes
[container runtime requirements](/docs/setup/production-environment/container-runtimes).
-->
你应该熟悉 Kubernetes 的[容器运行时需求](/zh/docs/setup/production-environment/container-runtimes)。
<!-- steps -->

<!-- 
## Configuring the container runtime cgroup driver
-->
## 配置容器运行时 cgroup 驱动 {#configuring-the-container-runtime-cgroup-driver}

<!-- 
The [Container runtimes](/docs/setup/production-environment/container-runtimes) page
explains that the `systemd` driver is recommended for kubeadm based setups instead
of the `cgroupfs` driver, because kubeadm manages the kubelet as a systemd service.
-->
[容器运行时](/zh/docs/setup/production-environment/container-runtimes)页面提到：
由于 kubeadm 把 kubelet 视为一个系统服务来管理，所以对基于 kubeadm 的安装，
我们推荐使用 `systemd` 驱动，不推荐 `cgroupfs` 驱动。

<!-- 
The page also provides details on how to setup a number of different container runtimes with the
`systemd` driver by default.
-->
此页还详述了如何安装若干不同的容器运行时，并将 `systemd` 设为其默认驱动。

<!-- 
## Configuring the kubelet cgroup driver
-->
## 配置 kubelet 的 cgroup 驱动

<!-- 
kubeadm allows you to pass a `KubeletConfiguration` structure during `kubeadm init`.
This `KubeletConfiguration` can include the `cgroupDriver` field which controls the cgroup
driver of the kubelet.
-->
kubeadm 支持在执行 `kubeadm init` 时，传递一个 `KubeletConfiguration` 结构体。
`KubeletConfiguration` 包含 `cgroupDriver` 字段，可用于控制 kubelet 的 cgroup 驱动。

<!-- 
In v1.22, if the user is not setting the `cgroupDriver` field under `KubeletConfiguration`,
`kubeadm init` will default it to `systemd`.
-->

{{< note >}}
在版本 1.22 中，如果用户没有在 `KubeletConfiguration` 中设置 `cgroupDriver` 字段，
`kubeadm init` 会将它设置为默认值 `systemd`。
{{< /note >}}

<!-- 
A minimal example of configuring the field explicitly:
-->
这是一个最小化的示例，其中显式的配置了此字段：

```yaml
# kubeadm-config.yaml
kind: ClusterConfiguration
apiVersion: kubeadm.k8s.io/v1beta3
kubernetesVersion: v1.21.0
---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
```

<!-- 
Such a configuration file can then be passed to the kubeadm command:
-->
这样一个配置文件就可以传递给 kubeadm 命令了：

```shell
kubeadm init --config kubeadm-config.yaml
```

<!-- 
Kubeadm uses the same `KubeletConfiguration` for all nodes in the cluster.
The `KubeletConfiguration` is stored in a [ConfigMap](/docs/concepts/configuration/configmap)
object under the `kube-system` namespace.

Executing the sub commands `init`, `join` and `upgrade` would result in kubeadm
writing the `KubeletConfiguration` as a file under `/var/lib/kubelet/config.yaml`
and passing it to the local node kubelet.
-->
{{< note >}}
Kubeadm 对集群所有的节点，使用相同的 `KubeletConfiguration`。
`KubeletConfiguration` 存放于 `kube-system` 命名空间下的某个 
[ConfigMap](/zh/docs/concepts/configuration/configmap) 对象中。

执行 `init`、`join` 和 `upgrade` 等子命令会促使 kubeadm 
将 `KubeletConfiguration` 写入到文件 `/var/lib/kubelet/config.yaml` 中，
继而把它传递给本地节点的 kubelet。

{{< /note >}}

<!-- 
## Using the `cgroupfs` driver
-->
# 使用 `cgroupfs` 驱动

<!-- 
As this guide explains using the `cgroupfs` driver with kubeadm is not recommended.

To continue using `cgroupfs` and to prevent `kubeadm upgrade` from modifying the
`KubeletConfiguration` cgroup driver on existing setups, you must be explicit
about its value. This applies to a case where you do not wish future versions
of kubeadm to apply the `systemd` driver by default.
-->
正如本指南阐述的：不推荐与 kubeadm 一起使用 `cgroupfs` 驱动。

如仍需使用 `cgroupfs`，
且要防止 `kubeadm upgrade` 修改现有系统中 `KubeletConfiguration` 的 cgroup 驱动，
你必须显式声明它的值。
此方法应对的场景为：在将来某个版本的 kubeadm 中，你不想使用默认的 `systemd` 驱动。

<!-- 
See the below section on "Modify the kubelet ConfigMap" for details on
how to be explicit about the value.

If you wish to configure a container runtime to use the `cgroupfs` driver,
you must refer to the documentation of the container runtime of your choice.
-->
参阅以下章节“修改 kubelet 的 ConfigMap”，了解显式设置该值的方法。

如果你希望配置容器运行时来使用 `cgroupfs` 驱动，
则必须参考所选容器运行时的文档。

<!-- 
## Migrating to the `systemd` driver
-->
## 迁移到 `systemd` 驱动

<!-- 
To change the cgroup driver of an existing kubeadm cluster to `systemd` in-place,
a similar procedure to a kubelet upgrade is required. This must include both
steps outlined below.
-->
要将现有 kubeadm 集群的 cgroup 驱动就地升级为 `systemd`，
需要执行一个与 kubelet 升级类似的过程。
该过程必须包含下面两个步骤：

<!-- 
Alternatively, it is possible to replace the old nodes in the cluster with new ones
that use the `systemd` driver. This requires executing only the first step below
before joining the new nodes and ensuring the workloads can safely move to the new
nodes before deleting the old nodes.
-->
{{< note >}}
还有一种方法，可以用已配置了 `systemd` 的新节点替换掉集群中的老节点。
按这种方法，在加入新节点、确保工作负载可以安全迁移到新节点、及至删除旧节点这一系列操作之前，
只需执行以下第一个步骤。
{{< /note >}}

<!-- 
### Modify the kubelet ConfigMap
-->
### 修改 kubelet 的 ConfigMap

<!-- 
- Find the kubelet ConfigMap name using `kubectl get cm -n kube-system | grep kubelet-config`.
- Call `kubectl edit cm kubelet-config-x.yy -n kube-system` (replace `x.yy` with
the Kubernetes version).
- Either modify the existing `cgroupDriver` value or add a new field that looks like this:
-->
- 用命令 `kubectl get cm -n kube-system | grep kubelet-config` 找到 kubelet 的 ConfigMap 名称。
- 运行 `kubectl edit cm kubelet-config-x.yy -n kube-system` （把 `x.yy` 替换为 Kubernetes 版本）。
- 修改现有 `cgroupDriver` 的值，或者新增如下式样的字段：

  ```yaml
  cgroupDriver: systemd
  ```
  <!-- 
  This field must be present under the `kubelet:` section of the ConfigMap.
  -->
  该字段必须出现在 ConfigMap 的 `kubelet:` 小节下。

<!-- 
### Update the cgroup driver on all nodes
-->
### 更新所有节点的 cgroup 驱动

<!-- 
For each node in the cluster:

- [Drain the node](/docs/tasks/administer-cluster/safely-drain-node) using `kubectl drain <node-name> --ignore-daemonsets`
- Stop the kubelet using `systemctl stop kubelet`
- Stop the container runtime
- Modify the container runtime cgroup driver to `systemd`
- Set `cgroupDriver: systemd` in `/var/lib/kubelet/config.yaml`
- Start the container runtime
- Start the kubelet using `systemctl start kubelet`
- [Uncordon the node](/docs/tasks/administer-cluster/safely-drain-node) using `kubectl uncordon <node-name>`
-->
对于集群中的每一个节点：

- 执行命令 `kubectl drain <node-name> --ignore-daemonsets`，以
  [腾空节点](/zh/docs/tasks/administer-cluster/safely-drain-node)
- 执行命令 `systemctl stop kubelet`，以停止 kubelet
- 停止容器运行时
- 修改容器运行时 cgroup 驱动为 `systemd`
- 在文件 `/var/lib/kubelet/config.yaml` 中添加设置 `cgroupDriver: systemd`
- 启动容器运行时
- 执行命令 `systemctl start kubelet`，以启动 kubelet
- 执行命令 `kubectl uncordon <node-name>`，以
  [取消节点隔离](/zh/docs/tasks/administer-cluster/safely-drain-node)

<!-- 
Execute these steps on nodes one at a time to ensure workloads
have sufficient time to schedule on different nodes.

Once the process is complete ensure that all nodes and workloads are healthy.
-->
在节点上依次执行上述步骤，确保工作负载有充足的时间被调度到其他节点。

流程完成后，确认所有节点和工作负载均健康如常。