forked from Azure/AKS
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b48768a
commit 3fd4b84
Showing
2 changed files
with
83 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Revert Kubernetes 1.25 to cgroup v1 | ||
|
|
||
| JDK 10 introduced ```UseContainerSupport``` which provided support for running Java applications within containers. | ||
|
|
||
| The Java runtime will use the cgroup filesystem to understand the memory and cpu availability. | ||
|
|
||
| With the introduction of cgroup v2, the location of these files has changed and Java applications prior to JDK 15 will exhibit significant memory consumption which may make your environments unstable. | ||
|
|
||
| As cgroup v2 is GA in 1.25, and is also the default on Ubuntu 22.04, customers should migrate their applications to JDK 15+. | ||
|
|
||
| An alternative temporary solution is to revert the cgroup version on your nodes using this [Daemonset](./revert-cgroup-v1.yaml). | ||
|
|
||
|
|
||
|
|
||
| ## IMPORTANT NOTE | ||
|
|
||
| The Daemonset by default will apply to all nodes in your cluster and will reboot them to apply the cgroup change. Please set a nodeSelector to control how this gets applied. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| apiVersion: apps/v1 | ||
| kind: DaemonSet | ||
| metadata: | ||
| name: revert-cgroups | ||
| namespace: kube-system | ||
| spec: | ||
| selector: | ||
| matchLabels: | ||
| name: revert-cgroups | ||
| template: | ||
| metadata: | ||
| labels: | ||
| name: revert-cgroups | ||
| spec: | ||
| affinity: | ||
| nodeAffinity: | ||
| requiredDuringSchedulingIgnoredDuringExecution: | ||
| nodeSelectorTerms: | ||
| - matchExpressions: | ||
| - key: cgroup-version | ||
| operator: NotIn | ||
| values: | ||
| - v1 | ||
| tolerations: | ||
| - operator: Exists | ||
| effect: NoSchedule | ||
| containers: | ||
| - name: revert-cgroups | ||
| image: mcr.microsoft.com/cbl-mariner/base/core:1.0 | ||
| command: | ||
| - nsenter | ||
| - --target | ||
| - "1" | ||
| - --mount | ||
| - --uts | ||
| - --ipc | ||
| - --net | ||
| - --pid | ||
| - -- | ||
| - bash | ||
| - -exc | ||
| - | | ||
| CGROUP_VERSION=`stat -fc %T /sys/fs/cgroup/` | ||
| if [ "$CGROUP_VERSION" == "cgroup2fs" ]; then | ||
| echo "Using v2, reverting..." | ||
| sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=0"/' /etc/default/grub | ||
| update-grub | ||
| kubectl --kubeconfig=/var/lib/kubelet/kubeconfig label node ${HOSTNAME,,} cgroup-version=v1 | ||
| reboot | ||
| else | ||
| kubectl --kubeconfig=/var/lib/kubelet/kubeconfig label node ${HOSTNAME,,} cgroup-version=v1 | ||
| fi | ||
| sleep infinity | ||
| resources: | ||
| limits: | ||
| memory: 200Mi | ||
| requests: | ||
| cpu: 100m | ||
| memory: 16Mi | ||
| securityContext: | ||
| privileged: true | ||
| hostNetwork: true | ||
| hostPID: true | ||
| hostIPC: true | ||
| terminationGracePeriodSeconds: 0 |