By Xining Wang
Kubernetes uses cgroups to isolate container resources. cgroup have two versions: v1 and v2. cgroup v2 offers a more consistent user experience and a broader range of features. For example, it supports extended Berkeley Packet Filter (eBPF) programs attached to cgroups, enabling resource monitoring and pod-based request redirects. Additionally, it serves as a dependency for eBPF-based network optimization. This article describes how to enable cgroup v2 on Alibaba Cloud Container Service for Kubernetes.
1) Only Alibaba Cloud Linux 3.2104 and later versions support cgroup v2.
2) Ensure that the kernel version supports the cgroup v2 mechanism. You can check the version by running the following command:
grep cgroup /proc/filesystemsIf the output includes the line "cgroup2", it means that the kernel version supports cgroup v2.
3) Enabling cgroup v2 requires configuration and adjustment in multiple aspects, so it needs to be handled with caution. In practical applications, it is recommended to conduct thorough testing first to ensure the stability and reliability of the application and system.
1) Log on to each node and run the following command:
grubby --update-kernel=ALL --args=systemd.unified_cgroup_hierarchy=12) Confirm with the following command:
cat /etc/default/grub |grep systemd.unified_cgroup_hierarchyIt can be seen that the GRUB_CMDLINE_LINUX values include systemd.unified_cgroup_hierarchy=1.
3) You must restart the node.
4) After logging on to the node again, modify the kubelet startup configuration file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf, manually disable a featuregate (--feature-gates=LocalStorageCapacityIsolation=false), and confirm that the parameters are modified as follows:
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS $KUBELET_CUSTOMIZED_ARGS --feature-gates=LocalStorageCapacityIsolation=false --container-runtime=remote --container-runtime-endpoint=/var/run/containerd/containerd.sock5) Reload the kubelet service configuration:
systemctl daemon-reload6) Restart the kubelet service:
systemctl restart kubelet1) After you log on to the node again, determine whether to enable cgroupv2. Run the following command to view the cgroup controller list:
cat /sys/fs/cgroup/cgroup.controllersShould return similar results:
cpuset cpu io memory hugetlb pids rdma2) Run the following command to view the cgroup2 file system that is mounted on the current system:
mount |grep cgroup2Should return similar results:
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)3) Verify whether cgroup v2 is normal. You can use the following command to check whether cgroup v2 is running properly:
cat /sys/fs/cgroup/kubepods.slice/kubepods-besteffort.slice/cpu.maxIf you can see a number that indicates CPU usage, it means that cgroup v2 has been enabled.
Check the kubelet running log to make sure that it is normal:
journalctl -u kubelet –fThe above steps outline the basic process of enabling cgroup v2 in Alibaba Cloud Container Service for Kubernetes (ACK). However, in real-world applications, additional configurations and adjustments may be required.
To summarize, enabling cgroup v2 involves configuring and adjusting multiple aspects, which should be approached with caution. It is recommended to conduct thorough testing in practical applications to ensure the stability and reliability of both the application and the system.
Traffic Labeling and Routing of ASM (4): Implement an End-to-end Canary Release Based on ASM
56 posts | 8 followers
FollowAlibaba Cloud Native Community - March 29, 2023
Marketplace - October 5, 2020
Alibaba Cloud Native Community - May 8, 2023
Alibaba Developer - June 12, 2020
Alibaba Cloud Native Community - July 26, 2022
Alibaba Container Service - April 28, 2020
56 posts | 8 followers
Follow
ACK One
Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn More
Container Service for Kubernetes
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn More
Function Compute
Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.
Learn More
Cloud-Native Applications Management Solution
Accelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn MoreMore Posts by Xi Ning Wang(王夕宁)