From 79d910821d6c64dfb6e256033337a8f3c4e0ff36 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 11 Jun 2019 23:24:01 -0700 Subject: [PATCH] Configure Kubelet cgroup-driver for Flatcar Linux Edge * For Container Linux or Flatcar Linux alpha/beta/stable, continue using the `cgroupfs` driver * For Fedora Atomic, continue using the `systemd` driver * For Flatcar Linux Edge, use the `systemd` driver --- aws/container-linux/kubernetes/cl/controller.yaml.tmpl | 2 ++ aws/container-linux/kubernetes/controllers.tf | 1 + aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl | 2 ++ aws/container-linux/kubernetes/workers/workers.tf | 1 + .../container-linux/kubernetes/cl/controller.yaml.tmpl | 2 ++ bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl | 2 ++ bare-metal/container-linux/kubernetes/profiles.tf | 2 ++ docs/architecture/operating-systems.md | 6 +++--- 8 files changed, 15 insertions(+), 3 deletions(-) diff --git a/aws/container-linux/kubernetes/cl/controller.yaml.tmpl b/aws/container-linux/kubernetes/cl/controller.yaml.tmpl index e83b1675..7b7b2630 100644 --- a/aws/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/aws/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -63,6 +63,7 @@ systemd: --volume var-log,kind=host,source=/var/log \ --mount volume=var-log,target=/var/log \ --insecure-options=image" + Environment=KUBELET_CGROUP_DRIVER=${cgroup_driver} ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -77,6 +78,7 @@ systemd: --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ + --cgroup-driver=$${KUBELET_CGROUP_DRIVER} \ --client-ca-file=/etc/kubernetes/ca.crt \ --cluster_dns=${cluster_dns_service_ip} \ --cluster_domain=${cluster_domain_suffix} \ diff --git a/aws/container-linux/kubernetes/controllers.tf b/aws/container-linux/kubernetes/controllers.tf index 98e7d002..c0553eb9 100644 --- a/aws/container-linux/kubernetes/controllers.tf +++ b/aws/container-linux/kubernetes/controllers.tf @@ -69,6 +69,7 @@ data "template_file" "controller-configs" { etcd_domain = "${var.cluster_name}-etcd${count.index}.${var.dns_zone}" # etcd0=https://cluster-etcd0.example.com,etcd1=https://cluster-etcd1.example.com,... etcd_initial_cluster = join(",", data.template_file.etcds.*.rendered) + cgroup_driver = local.flavor == "flatcar" && local.channel == "edge" ? "systemd" : "cgroupfs" kubeconfig = indent(10, module.bootkube.kubeconfig-kubelet) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) diff --git a/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl b/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl index 9ed6ebfb..f618476f 100644 --- a/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -38,6 +38,7 @@ systemd: --volume var-log,kind=host,source=/var/log \ --mount volume=var-log,target=/var/log \ --insecure-options=image" + Environment=KUBELET_CGROUP_DRIVER=${cgroup_driver} ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -50,6 +51,7 @@ systemd: --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ + --cgroup-driver=$${KUBELET_CGROUP_DRIVER} \ --client-ca-file=/etc/kubernetes/ca.crt \ --cluster_dns=${cluster_dns_service_ip} \ --cluster_domain=${cluster_domain_suffix} \ diff --git a/aws/container-linux/kubernetes/workers/workers.tf b/aws/container-linux/kubernetes/workers/workers.tf index 26f9eab3..d470b540 100644 --- a/aws/container-linux/kubernetes/workers/workers.tf +++ b/aws/container-linux/kubernetes/workers/workers.tf @@ -84,6 +84,7 @@ data "template_file" "worker-config" { ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) cluster_domain_suffix = var.cluster_domain_suffix + cgroup_driver = local.flavor == "flatcar" && local.channel == "edge" ? "systemd" : "cgroupfs" } } diff --git a/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl index 13befbc9..b6b2939e 100644 --- a/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -75,6 +75,7 @@ systemd: --volume iscsiadm,kind=host,source=/usr/sbin/iscsiadm \ --mount volume=iscsiadm,target=/sbin/iscsiadm \ --insecure-options=image" + Environment=KUBELET_CGROUP_DRIVER=${cgroup_driver} ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -89,6 +90,7 @@ systemd: --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ + --cgroup-driver=$${KUBELET_CGROUP_DRIVER} \ --client-ca-file=/etc/kubernetes/ca.crt \ --cluster_dns=${cluster_dns_service_ip} \ --cluster_domain=${cluster_domain_suffix} \ diff --git a/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl index c2be5268..750f328e 100644 --- a/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl @@ -50,6 +50,7 @@ systemd: --volume iscsiadm,kind=host,source=/usr/sbin/iscsiadm \ --mount volume=iscsiadm,target=/sbin/iscsiadm \ --insecure-options=image" + Environment=KUBELET_CGROUP_DRIVER=${cgroup_driver} ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -62,6 +63,7 @@ systemd: --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ + --cgroup-driver=$${KUBELET_CGROUP_DRIVER} \ --client-ca-file=/etc/kubernetes/ca.crt \ --cluster_dns=${cluster_dns_service_ip} \ --cluster_domain=${cluster_domain_suffix} \ diff --git a/bare-metal/container-linux/kubernetes/profiles.tf b/bare-metal/container-linux/kubernetes/profiles.tf index 20f8ec2f..400ef6ed 100644 --- a/bare-metal/container-linux/kubernetes/profiles.tf +++ b/bare-metal/container-linux/kubernetes/profiles.tf @@ -159,6 +159,7 @@ data "template_file" "controller-configs" { domain_name = element(var.controller_domains, count.index) etcd_name = element(var.controller_names, count.index) etcd_initial_cluster = join(",", formatlist("%s=https://%s:2380", var.controller_names, var.controller_domains)) + cgroup_driver = var.os_channel == "flatcar-edge" ? "systemd" : "cgroupfs" cluster_dns_service_ip = module.bootkube.cluster_dns_service_ip cluster_domain_suffix = var.cluster_domain_suffix ssh_authorized_key = var.ssh_authorized_key @@ -186,6 +187,7 @@ data "template_file" "worker-configs" { vars = { domain_name = element(var.worker_domains, count.index) + cgroup_driver = var.os_channel == "flatcar-edge" ? "systemd" : "cgroupfs" cluster_dns_service_ip = module.bootkube.cluster_dns_service_ip cluster_domain_suffix = var.cluster_domain_suffix ssh_authorized_key = var.ssh_authorized_key diff --git a/docs/architecture/operating-systems.md b/docs/architecture/operating-systems.md index 4c57898a..804f70c1 100644 --- a/docs/architecture/operating-systems.md +++ b/docs/architecture/operating-systems.md @@ -14,12 +14,12 @@ Together, they diversify Typhoon to support a range of container technologies. ## Host Properties -| Property | Container Linux | Fedora Atomic | -|-------------------|-----------------|---------------| +| Property | Container Linux / Flatcar Linux | Fedora Atomic | +|-------------------|-----------------|---------------|---------------| | host spec (bare-metal) | Container Linux Config | kickstart, cloud-init | | host spec (cloud) | Container Linux Config | cloud-init | | container runtime | docker | docker (CRIO planned) | -| cgroup driver | cgroupfs | systemd | +| cgroup driver | cgroupfs (except Flatcar edge) | systemd | | logging driver | json-file | journald | | storage driver | overlay2 | overlay2 |