[Kubernetes] Remove cgroup driver cgroupfs config#25719
[Kubernetes] Remove cgroup driver cgroupfs config#25719yxieca merged 4 commits intosonic-net:masterfrom
Conversation
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
Pull request overview
This PR removes the explicit --cgroup-driver=cgroupfs configuration from kubelet to support Debian 13 (trixie) migration in SONiC 202511. Debian 13 expects the systemd cgroup driver, which is the default in Kubernetes v1.22.2+, making the explicit cgroupfs configuration unnecessary and incompatible.
Changes:
- Remove
--cgroup-driver=cgroupfsfrom KUBELET_EXTRA_ARGS in kubelet configuration - Maintain
--resolv-conf=/etc/resolv.conf --node-ip=::flags for proper kubelet operation
Comments suppressed due to low confidence (1)
files/build_templates/sonic_debian_extension.j2:569
- This change removes the explicit cgroupfs cgroup driver configuration unconditionally. While the PR description correctly states this is for Debian 13 migration in 202511+, the code itself has no version conditional.
This approach relies on branch-based version management (only merging to master and 202511, which are on Debian 13/trixie) rather than runtime conditionals. This is acceptable, but please ensure this PR is NEVER backported to branches still on Debian 12 (bookworm), such as 202505, 202411, or earlier, as Debian 12's systemd expects cgroupfs for kubelet compatibility. Backporting to those branches would break Kubernetes functionality.
Consider adding a comment in the code explaining that this configuration is appropriate for Debian 13+ (trixie) where systemd cgroup driver is the default, to prevent accidental backports to Debian 12 branches.
echo 'KUBELET_EXTRA_ARGS="--resolv-conf=/etc/resolv.conf --node-ip=::"' | sudo tee -a $FILESYSTEM_ROOT/etc/default/kubelet
isabelmsft
force-pushed
the
dev/isl/update_img_cgroupfs
branch
from
6daa47e to
ad059bc
Compare
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: isabel <[email protected]> Signed-off-by: isabel <[email protected]>
isabelmsft
force-pushed
the
dev/isl/update_img_cgroupfs
branch
from
ad059bc to
574b63d
Compare
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
hdwhdw
left a comment
hdwhdw
left a comment
There was a problem hiding this comment.
LGTM. Debian 13 expects systemd cgroup driver, which is already kubelet's default — the explicit cgroupfs override was causing the mismatch.
| {% if include_kubernetes == "y" %} | ||
| # Point to kubelet to /etc/resolv.conf | ||
| # | ||
| echo 'KUBELET_EXTRA_ARGS="--resolv-conf=/etc/resolv.conf --cgroup-driver=cgroupfs --node-ip=::"' | sudo tee -a $FILESYSTEM_ROOT/etc/default/kubelet |
There was a problem hiding this comment.
after removing cgroup driver settings, then what's the exact driver kubelet uses now ?
There was a problem hiding this comment.
Kubernetes v1.22.2 uses systemd by default:
admin@str5-sn5640-1:~$ sudo cat /var/lib/kubelet/config.yaml | grep cgroupDriver
cgroupDriver: systemd
|
Commenter does not have sufficient privileges for PR 25719 in repo sonic-net/sonic-buildimage |
|
/azp run Azure.sonic-buildimage |
|
Commenter does not have sufficient privileges for PR 25719 in repo sonic-net/sonic-buildimage |
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
isabelmsft
force-pushed
the
dev/isl/update_img_cgroupfs
branch
from
2b13db5 to
574b63d
Compare
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: isabel <[email protected]>
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: isabel <[email protected]>
Signed-off-by: isabel <[email protected]>
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azpw ms_conflict |
1 similar comment
|
/azpw ms_conflict |
|
Cherry-pick PR to 202511: #26205 |
@liushilongbuaa could you check why it is not included when the cherrpick PR was merged? I noticed several PRs like this. |
|
@StormLiangMS , it is not merged by automation. Vineet merged the PR only 9 minutes after PR checker passed. |
liushilongbuaa
added
Included in 202511 Branch
and removed
Created PR to 202511 Branch
labels
Why I did it
202511 includes migration to Debian 13 from Debian 12. Previous kubelet cgroupdriver configuration was set to cgroupfs for compatibility with Debian 12. Debian 13 expects systemd cgroupdriver, which is the default configuration of kubelet in Kubernetes v1.22.2- so we should remove the explicit cgroupfs cgroupdriver configuration in SONiC OSVersion >= 202511.
Work item tracking
How I did it
remove the explicit cgroupfs cgroupdriver configuration in SONiC OSVersion >= 202511
How to verify it
Build image and join node to cluster
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)