etc: change cgroup driver to cgroupfs

With runc 1.0.0-rc2 on Container Linux 1465, kube-spawn init hangs forever with message like: "Created API client, waiting for the control plane to become ready". That's because docker daemon cannot execute runc, which returns error like "no subsystem for mount". See also: opencontainers/runc#1175 (comment) This issue was apparently resolved in runc 1.0.0-rc3, so in theory runc 1.0.0-rc3 should work fine with Docker 17.05. Unfortunately on Container Linux, it's not trivial to replace only the runc binary with a custom one, because Container Linux makes use of torcx to provide docker as well as runc: /run/torcx/unpack is sealed, read-only mounted. It's simply not doable to change those binaries altogether at run-time. As workaround, we should change cgroupdriver for docker and kubelet from systemd to cgroupfs. Then init process will succeed without hanging forever. See also #45
kinvolk · Jul 13, 2017 · 3cb2b69 · 3cb2b69
1 parent 124a45e
commit 3cb2b69
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/etc/docker_20-kubeadm-extra-args.conf b/etc/docker_20-kubeadm-extra-args.conf
@@ -1,2 +1,2 @@
 [Service]
-Environment="DOCKER_OPTS=--exec-opt native.cgroupdriver=systemd"
+Environment="DOCKER_OPTS=--exec-opt native.cgroupdriver=cgroupfs"
diff --git a/etc/kube_20-kubeadm-extra-args.conf b/etc/kube_20-kubeadm-extra-args.conf
@@ -1,6 +1,6 @@
 [Service]
 Environment="KUBELET_EXTRA_ARGS=\
---cgroup-driver=systemd \
+--cgroup-driver=cgroupfs \
 --enforce-node-allocatable= \
 --cgroups-per-qos=false \
 --authentication-token-webhook"